Mail::Toaster::DNS - DNS functions, primarily to test RBLs
5.01
A set of subroutines for testing rbls to verify that they are functioning properly. If Net::DNS is installed it will be used but we can also test using dig.
These functions are used by toaster-watcher to determine if RBL's are available when generating qmail's smtpd/run control file.
Create a new DNS method:
use Mail::Toaster::DNS; my $dns = Mail::Toaster::DNS->new;
After the demise of osirusoft and the DDoS attacks currently under way against RBL operators, this little subroutine becomes one of necessity for using RBL's on mail servers. It is called by the toaster-watcher.pl script to test the RBLs before including them in the SMTP invocation.
        my $r = $dns->rbl_test(conf=>$conf, zone=>"bl.example.com");
        if ($r) { print "bl tests good!" };
 arguments required:
    zone - the zone of a blacklist to test
 arguments optional:
    debug
Tests to make sure that name servers are found for the zone and then run several test queries against the zone to verify that the answers it returns are sane. We want to detect if a RBL operator does something like whitelist or blacklist the entire planet.
If the blacklist fails any test, the sub will return zero and you should not use that blacklist.
        my $count = $t_dns->rbl_test_ns(
            conf  => $conf, 
            rbl   => $rbl, 
            debug => $debug,
        );
 arguments required:
    rbl   - the reverse zone we use to test this rbl.
This script requires a zone name. It will then return a count of how many NS records exist for that zone. This sub is used by the rbl tests. Before we bother to look up addresses, we make sure valid nameservers are defined.
        $t_dns->rbl_test_positive_ip( rbl=>'sbl.spamhaus.org' );
 arguments required:
    rbl   - the reverse zone we use to test this rbl.
 arguments optional:
    conf
    debug
A positive test is a test that should always return a RBL match. If it should and does not, then we assume that RBL has been disabled by its operator.
Some RBLs have test IP(s) to verify they are working. For geographic RBLs (like korea.services.net) we can simply choose any IP within their allotted space. Most other RBLs use 127.0.0.2 as a positive test.
In the case of rfc-ignorant.org, they have no known test IPs and thus we have to skip testing them.
        $t_dns->rbl_test_negative_ip(conf=>$conf, rbl=>$rbl);
This test is a little more difficult as RBL operators don't typically have an IP that is whitelisted. The DNS location based lists are very easy to test negatively. For the rest I'm listing my own IP as the default unless the RBL has a specific one. At the very least, my site won't get blacklisted that way. ;) I'm open to better suggestions.
Matt Simerson <matt@tnpi.net>
None known. Report any to author.
The following man/perldoc pages:
Mail::Toaster Mail::Toaster::Conf toaster.conf toaster-watcher.conf
http://mail-toaster.org/
Copyright (c) 2004-2008, The Network People, Inc. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
Neither the name of the The Network People, Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.