check_dnsbl: a simple Nagios plugin

One way to deal with rogue virus spamming client machines is to do what AOL does. In our case this is not an acceptable choice. Therefore we redirect all rogue port 25/tcp traffic to a relay server1 where we simply check for virii in the outgoing email messages. Such a method has the side effect that this server sometimes ends up in In order to know when this happens I wrote this simple Nagios plugin, check_dnsbl:

#!/usr/bin/perl -w
# yiorgos, Fri Oct 13 16:09:52 EEST 2006
# Normally this *must* follow the Nagios plugin guidelines:

# Yes these three lines are needed because of the embedded Perl interpreter
use vars;
use strict;
my($revip, $dnsbl, $ans);

$revip = shift or die "you must give a reversed IP address";
$dnsbl = shift or die "you must give a DNSBL";

open DNSBL, "/usr/bin/dig -4 $revip.$dnsbl a |" or die;
while(<DNSBL>) {
  if (m/^;; ANSWER SECTION:/) {
    $ans = <DNSBL>
    close DNSBL;
    print "$dnsbl STATUS: ", $ans;
    exit 2;
close DNSBL;

print "$dnsbl STATUS: OK";
exit 0;

Of course you can hack check_dnsbl to include more DNSBLs. This is simply a proof-of-concept that does the job fine. It is not a complete plugin. If you want to make a more complete plugin you have to read through the Nagios plugin developer guidelines.

Update: A final version of the check_dnsbl plugin can be downloaded from here.  The final version checks for $HOSTNAME$ being listed in various DNSBLs specified in an array (Yes @dnsbl_list is specified inside the source.  You can use an external file to specify the array and have the Perl interpreter require it if you don’t like it this way).  It also uses Net::DNS instead of opening a pipe to dig which makes it considerably faster.

[1] in Greek

3 thoughts on “check_dnsbl: a simple Nagios plugin

  1. What I want to do on my blog, is every few hours take the oldest post and move it to the
    front of the queue, all automatically. Anyone know if there is a plugin that can do this or
    a simple way to set up another plugin to do this (use my own feed perhaps)?

  2. #!/bin/bash
    # check_spamcop nagios plugin 0.1
    # Nagios plugin that checks if $1 is listed at $2
    # Copyright(c) 2005 Peter Senna Tschudin

    #nagios plugins dir (check_dns is needed)

    print_usage() {
    echo “check_spamcop. Peter Senna Tschudin”
    echo “Usage: check_spamcop ”
    echo “Usage: check_spamcop”

    if [ $# -lt 2 ]; then
    exit 3

    #reverse ip
    oc1=`echo $1 | cut -d ‘.’ -f 1`
    oc2=`echo $1 | cut -d ‘.’ -f 2`
    oc3=`echo $1 | cut -d ‘.’ -f 3`
    oc4=`echo $1 | cut -d ‘.’ -f 4`

    #is it listed?
    $nagios_plugin/check_dns -H $reverseip > /dev/null

    if [ “$exitstatus” = “0” ]; then
    echo “CRITICAL: $1 is listed at $2”
    exit 2

    if [ “$exitstatus” = “2” ]; then
    echo “OK: $1 is not listed at $2”
    exit 0

    exit 3

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s