How to check, if IPs in your network are blacklisted?

Question

I would like actively monitor, if any of my network IPs are on blacklists.

Here I would like to collect links to instructions, how to sync blacklists, which allows that.

I want to stress, that I need means to check if any IP from networks sized /20,/19 or similar are in blacklist. — Kazimieras Aliulis, Oct 11 '10 at 18:11
You will never get a definitive answer to whether or not your IPs are on a blacklist. There are as many spam blocking lists as there are stars in the sky. — Rob Moir, Oct 31 '10 at 22:25

score 2 · Answer 1 · answered Oct 07 '10 at 08:29

2

I'm assuming you're talking about spam blacklists. For that I use Nagios with the check_bl module. Simple to use but you may find you need to split check_bl into two or more checks, otherwise you may get timeouts too often.

answered Oct 07 '10 at 08:29

John Gardeniers

27,262
12
53
108

Is it efective at checink for listed host in (lets say) /19 size network? – Kazimieras Aliulis Oct 11 '10 at 18:09
@Kz, I'm not sure. Perhaps that's clarified in the docs. – John Gardeniers Oct 11 '10 at 20:47
It checks for 1 IP. So for /19 sized network it should be run for more than 8000 times. This counts to more then 8000 DNS queries for any blacklist that is checked... – Kazimieras Aliulis Oct 12 '10 at 06:05

score 0 · Answer 2 · answered Oct 31 '10 at 20:45

0

You can write a basic script to check your IPs at http://whatismyipaddress.com/blacklist-check

There are many blacklisting organization listed in there.

answered Oct 31 '10 at 20:45

Ismail Guneydas

134
3

score 0 · Answer 3 · answered Oct 31 '10 at 21:00

You cannot collect "a list of lists". Lists come and go and some are private enough that you cannot even query them if you are outside their operator's network. You compile "a list of lists" that interest you by monitoring who enlists part of your IP space (why you were listed, who uses the list and ability to contact list operators also count). Popular choices to test your networks on are lists from Spamhaus and UCEPROTECT.

That being said, you can script around a tool like adnsrblcheck and check. However subscribing to a feedback loop like AOL's greatly reduces your requirement for checking a /19 to a few hosts contained inside the /19 (which is considerably faster) since through the FBL reports you already know candidates for inclusion in a RBL.

score 0 · Answer 4 · answered Oct 31 '10 at 21:25

0

Not sure if this is what you mean, but have a look at The blacklist checker at myiptest.com. There's other useful tools there too.

answered Oct 31 '10 at 21:25

Linker3000

668
1
5
14

score 0 · Answer 5 · answered Jan 12 '16 at 06:08

0

You can use the sites like http://www.ip-score.com and http://mxtoolbox.com/blacklists.aspx for checking domain or IP backlisting.

answered Jan 12 '16 at 06:08

Amol

151
5

score -1 · Answer 6 · answered Oct 07 '10 at 21:36

If you mean blacklists, the most common use a DNS based interface (e.g. see http://www.spamhaus.org/faq/answers.lasso?section=DNSBL%20Usage)

For example to test a random IP address:

dig +short 252.165.172.207.zen.spamhaus.org @b.ns.spamhaus.org.
127.0.0.11

with the return IP address meaning that the IP is in a range which should not be delivering unauthenticated SMTP email.

(Google DNS does not like spamhaus... but specifying the NS server like this works)

How to check, if IPs in your network are blacklisted?

6 Answers6