<#

.SYNOPSIS

CheckRLB.ps1 - Checks a list servers against a list of RBL and reports any occurrences.

.DESCRIPTION

Checks a list servers or IP against a list of RBL and reports any occurrences.

.INPUTS

.OUTPUTS

Results are emailed

.PARAMETER MXRecord

One or more servers or IP, separated by commas, to be checked against the RLB list.

.PARAMETER Verbose

Detailed output from the script.

.EXAMPLE

To check the host mx1.hotmail.com and aspmx.l.google.com against the blacklist:

CheckRLB.ps1 -MXRecord mx1.hotmail.com, aspmx.l.google.com

.NOTES

Make sure to change the MX records and SMTP settings to fit your needs.

#>

##### VARIABLES TO MODIFY BELOW #####

$smtpServer = "smtp.domain.com"

$smtpTo = "HelpDesk@domain.com"

$smtpFrom = "EmailBlacklistCheck@domain.com"

[ CmdletBinding ( ) ]

Param (

[ Parameter ( Mandatory = $false ) ]

#List of MX records to monitor if the parameter is not changed

[ string [ ] ] $MXRecord = @ (

'mx1.hotmail.com'

'mx2.hotmail.com'

'mx3.hotmail.com'

'mx4.hotmail.com'

)

)

##### VARIABLES TO MODIFY ABOVE #####

#List of RLB's to check against

$blacklistServers = @ (

'b.barracudacentral.org'

'spam.rbl.msrbl.net'

'zen.spamhaus.org'

'bl.deadbeef.com'

'bl.emailbasura.org'

'bl.spamcannibal.org'

'bl.spamcop.net'

'blackholes.five-ten-sg.com'

'blacklist.woody.ch'

'bogons.cymru.com'

'cbl.abuseat.org'

'cdl.anti-spam.org.cn'

'combined.abuse.ch'

'combined.rbl.msrbl.net'

'db.wpbl.info'

'dnsbl-1.uceprotect.net'

'dnsbl-2.uceprotect.net'

'dnsbl-3.uceprotect.net'

'dnsbl.ahbl.org'

'dnsbl.cyberlogic.net'

'dnsbl.inps.de'

'dnsbl.njabl.org'

'dnsbl.sorbs.net'

'drone.abuse.ch'

'drone.abuse.ch'

'duinv.aupads.org'

'dul.dnsbl.sorbs.net'

'dul.ru'

'dyna.spamrats.com'

'dynip.rothen.com'

'http.dnsbl.sorbs.net'

'images.rbl.msrbl.net'

'ips.backscatterer.org'

'ix.dnsbl.manitu.net'

'korea.services.net'

'misc.dnsbl.sorbs.net'

'noptr.spamrats.com'

'ohps.dnsbl.net.au'

'omrs.dnsbl.net.au'

'orvedb.aupads.org'

'osps.dnsbl.net.au'

'osrs.dnsbl.net.au'

'owfs.dnsbl.net.au'

'owps.dnsbl.net.au'

'pbl.spamhaus.org'

'phishing.rbl.msrbl.net'

'probes.dnsbl.net.au'

'proxy.bl.gweep.ca'

'proxy.block.transip.nl'

'psbl.surriel.com'

'rbl.interserver.net'

'rdts.dnsbl.net.au'

'relays.bl.gweep.ca'

'relays.bl.kundenserver.de'

'relays.nether.net'

'residential.block.transip.nl'

'ricn.dnsbl.net.au'

'rmst.dnsbl.net.au'

'sbl.spamhaus.org'

'short.rbl.jp'

'smtp.dnsbl.sorbs.net'

'socks.dnsbl.sorbs.net'

'spam.abuse.ch'

'spam.dnsbl.sorbs.net'

'spam.spamrats.com'

'spamlist.or.kr'

'spamrbl.imp.ch'

't3direct.dnsbl.net.au'

'tor.ahbl.org'

'tor.dnsbl.sectoor.de'

'torserver.tor.dnsbl.sectoor.de'

'ubl.lashback.com'

'ubl.unsubscore.com'

'virbl.bit.nl'

'virus.rbl.jp'

'virus.rbl.msrbl.net'

'web.dnsbl.sorbs.net'

'wormrbl.imp.ch'

'xbl.spamhaus.org'

'zombie.dnsbl.sorbs.net'

)

$arrAttributes = @ ( ) #Array to store failed checks on

$IPs = @ ( ) #Array to store IP addresses

$count1 = 1 #Counter for the first progress bar

foreach ( $mx in $mxrecord ) {

#Main progress bar

$ActivityMessage = "Gathering the IP's for all of the MX records. Please wait..."

$StatusMessage = ( "Processing {0} of {1}: {2}" -f $count1 , @ ( $mxrecord ) .count , $mx )

$PercentComplete = ( $count1 / @ ( $mxrecord ) .count * 100 )

Write-Progress -ID 1 -Activity $ActivityMessage -Status $StatusMessage -PercentComplete $PercentComplete

Write-Verbose "Getting IP addresses for the $mx"

$mxips = [ System.Net.Dns ] ::GetHostAddresses ( "$mx" )

$IPAddress = $mxips | select $_ .IPAddressToString

$IPs += $IPAddress .IPAddressToString

$count1 ++

}

#Filter the list of IPs down to only unigue entries

if ( $IPs .count -gt 1 ) {

$IPs += $IPs | select -Unique

}

$count2 = 1 #Counter for the second progress bar

foreach ( $IP in $ips ) {

#Secondary progress bar

$ActivityMessage = "Processing IP's. Please wait..."

$StatusMessage = ( "Processing {0} of {1}: {2}" -f $count2 , @ ( $ips ) .count , $ip )

$PercentComplete = ( $count2 / @ ( $ips ) .count * 100 )

Write-Progress -ID 2 -Activity $ActivityMessage -Status $StatusMessage -PercentComplete $PercentComplete

Write-Verbose "Forming reverse IP for $IP"

$reversedIP = ( $IP - split '\.' ) [ 3 .. 0 ] - join '.'

Write-Verbose "Reverse IP is $reversedIP"

$count3 = 1 #Counter for the third progress bar

foreach ( $server in $blacklistServers ) {

#Third progress bar

$ActivityMessage = "Checking RLB. Please wait..."

$StatusMessage = ( "Processing {0} of {1}: {2}" -f $count3 , @ ( $blacklistServers ) .count , $server )

$PercentComplete = ( $count3 / @ ( $blacklistServers ) .count * 100 )

Write-Progress -ID 3 -ParentId 2 -Activity $ActivityMessage -Status $StatusMessage -PercentComplete $PercentComplete

$objAttributes = New-Object PSObject

#Combine the reverse IP with the server checking

$fqdn = "$reversedIP.$server"

try {

Write-Verbose "Checking $IP against $server"

$null = [ System.Net.Dns ] ::GetHostEntry ( $fqdn )

$helplink = "http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a" + $IP

Add-Member -InputObject $objAttributes -MemberType NoteProperty -Name IP -Value $IP

Add-Member -InputObject $objAttributes -MemberType NoteProperty -Name "Blacklisted On" -Value $server

Add-Member -InputObject $objAttributes -MemberType NoteProperty -Name "MX Record" -Value $MX

Add-Member -InputObject $objAttributes -MemberType NoteProperty -Name "MXToolbox Link" -Value $helplink

$arrAttributes += $objAttributes

}

catch { }

$count3 ++

}

$count2 ++

}

#Email Settings

$date = Get-Date -Format g

$messageSubject = "An IP Has Been Listed On An Email Blacklist - $date"

#CSS style for the HTML message

$emailhead = "<html>

<style>

BODY{font-family: Calibri; font-size: 11pt;}

H1{font-size: 18px;}

H2{font-size: 16px;}

H3{font-size: 14px;}

TABLE{border: 1px solid black; border-collapse: collapse; font-size: 11pt;}

TH{border: 1px solid black; background: #dddddd; padding: 5px; color: #000000;}

TD{border: 1px solid black; padding: 5px; }

</style>"

#Main body of the email, tailor to fit needs

$emailbody = "<body>

<h3 align=" "center" ">An IP Has Been Listed On An Email Blacklist</h3>

<p>The IP's below have been blacklisted please check the MXToolbox link for more information.</p>"

#Convert the array to HTML

$emailtable = $arrAttributes | ConvertTo-Html

#Closing tags and when/where the report was generated

$emailbottom = "<p>Generated at $date on $(Get-Content env:computername)</p>

</body>

</html>"

#Combine all the parts together to make one pretty email

$htmlmessage = $emailhead + $emailbody + $emailtable + $emailbottom

#Check if there was a hit create an email

if ( $arrAttributes -ne $null ) {

Write-Verbose "An IP was BlackListed, sending an email to $smtpTo"

Send - MailMessage - To $smtpTo - From $smtpFrom - SmtpServer $smtpServer - Priority High - Subject $messageSubject - BodyAsHtml -Body $htmlMessage