r3260 - in
/packages/libnet-rblclient-perl/branches/upstream/current:
Makefile.PL RBLClient.pm spamalyze
gregoa-guest at users.alioth.debian.org
gregoa-guest at users.alioth.debian.org
Mon Jul 10 14:56:02 UTC 2006
Author: gregoa-guest
Date: Mon Jul 10 14:56:01 2006
New Revision: 3260
URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=3260
Log:
Load /tmp/tmp.rFQuz12856/libnet-rblclient-perl-0.5 into
packages/libnet-rblclient-perl/branches/upstream/current.
Added:
packages/libnet-rblclient-perl/branches/upstream/current/spamalyze (with props)
Modified:
packages/libnet-rblclient-perl/branches/upstream/current/Makefile.PL
packages/libnet-rblclient-perl/branches/upstream/current/RBLClient.pm
Modified: packages/libnet-rblclient-perl/branches/upstream/current/Makefile.PL
URL: http://svn.debian.org/wsvn/pkg-perl/packages/libnet-rblclient-perl/branches/upstream/current/Makefile.PL?rev=3260&op=diff
==============================================================================
--- packages/libnet-rblclient-perl/branches/upstream/current/Makefile.PL (original)
+++ packages/libnet-rblclient-perl/branches/upstream/current/Makefile.PL Mon Jul 10 14:56:01 2006
@@ -8,6 +8,7 @@
Time::HiRes => 0,
Net::DNS::Packet => 0,
},
+ EXE_FILES => [ qw( spamalyze ) ],
($] >= 5.005 ?
('AUTHOR' => 'Asher Blum <asher at wildspark.com>',
Modified: packages/libnet-rblclient-perl/branches/upstream/current/RBLClient.pm
URL: http://svn.debian.org/wsvn/pkg-perl/packages/libnet-rblclient-perl/branches/upstream/current/RBLClient.pm?rev=3260&op=diff
==============================================================================
--- packages/libnet-rblclient-perl/branches/upstream/current/RBLClient.pm (original)
+++ packages/libnet-rblclient-perl/branches/upstream/current/RBLClient.pm Mon Jul 10 14:56:01 2006
@@ -6,7 +6,7 @@
use vars qw( $VERSION $ip_pat );
$ip_pat = qr(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3});
-$VERSION = '0.2';
+$VERSION = '0.4';
sub new {
my($class, %args) = @_;
@@ -149,11 +149,13 @@
my($res, $domain, $type);
foreach my $answer (@answer) {
{
+ # removed $answer->answerfrom because it caused an error
+ # with some types of answers
+
my $name = lc $answer->name;
- warn $answer->answerfrom .
- " returned answers to different domains ($domain and $answer)"
+ warn "Packet contained answers to different domains ($domain != $name)"
if defined $domain && $name ne $domain;
- $domain = $answer->name;
+ $domain = $name;
}
$domain =~ s/^\d+\.\d+\.\d+\.\d+\.//;
$type = $answer->type;
@@ -199,41 +201,51 @@
sub lists {
qw(
+ badconf.rhsbl.sorbs.net
+ bl.reynolds.net.au
+ bl.spamcop.net
blackhole.compu.net
blackholes.brainerd.net
blackholes.five-ten-sg.com
blackholes.intersil.net
blackholes.wirehub.net
block.blars.org
- bl.reynolds.net.au
- bl.spamcop.net
+ block.dnsbl.sorbs.net
dev.null.dk
dnsbl.njabl.org
+ dul.dnsbl.sorbs.net
dynablock.wirehub.net
flowgoaway.com
formmail.relays.monkeys.com
+ http.dnsbl.sorbs.net
http.opm.blitzed.org
- inputs.orbz.org
+ korea.services.net
list.dsbl.org
+ misc.dnsbl.sorbs.net
multihop.dsbl.org
+ no-more-funn.moensted.dk
+ nomail.rhsbl.sorbs.net
opm.blitzed.org
- korea.services.net
orbs.dorkslayers.com
- outputs.orbz.org
pm0-no-more.compu.net
proxies.monkeys.com
proxies.relays.monkeys.com
+ psbl.surriel.com
relays.dorkslayers.com
relays.ordb.org
relays.visi.com
+ smtp.dnsbl.sorbs.net
+ socks.dnsbl.sorbs.net
socks.opm.blitzed.org
- spews.bl.reynolds.net.au
+ spam.dnsbl.sorbs.net
spamguard.leadmon.net
spammers.v6net.org
+ spamsources.fabel.dk
+ spews.bl.reynolds.net.au
unconfirmed.dsbl.org
- spamsources.fabel.dk
+ web.dnsbl.sorbs.net
work.drbl.croco.net
- xbl.selwerd.cx
+ zombie.dnsbl.sorbs.net
ztl.dorkslayers.com
);
}
Added: packages/libnet-rblclient-perl/branches/upstream/current/spamalyze
URL: http://svn.debian.org/wsvn/pkg-perl/packages/libnet-rblclient-perl/branches/upstream/current/spamalyze?rev=3260&op=file
==============================================================================
--- packages/libnet-rblclient-perl/branches/upstream/current/spamalyze (added)
+++ packages/libnet-rblclient-perl/branches/upstream/current/spamalyze Mon Jul 10 14:56:01 2006
@@ -1,0 +1,225 @@
+#!/usr/bin/perl
+# program to analyze an mbox
+# and show how different RBL's would affect it.
+
+# Asher Blum <asher at wildspark.com> Fri May 7 2004
+# licensed under the same terms as Perl
+
+my $max_blockers_shown = 10;
+
+use strict;
+use Net::RBLClient;
+use Data::Dumper;
+my $rbl = Net::RBLClient->new( max_time => 5, max_hits => 8 );
+
+my @messages;
+my %block_freq;
+my $msg = '';
+#my %netblocks = read_netblocks('netblocks');
+my %netblocks = (
+ '210.0.0.0/7' => 'APNIC-CIDR-BLK2',
+ '217.0.0.0/8' => '217-RIPE',
+ '64.51.0.0/16' => 'DSLNET-4',
+ '63.68.128.0/20' => 'UU-63-68-128',
+ '217.32.0.0/16' => 'UK-BT-20000920',
+ '206.13.0.0/17' => 'PBI-NET',
+ '200.128.0.0/9' => 'BRAZIL-BLK2',
+ '66.95.0.0/16' => 'NASDSL-BLK2',
+ '216.40.192.0/14' => 'EVRY-BLK-6',
+);
+
+my %blocker_char; # character for each blocker
+my @blocker_chars = ( 'A' .. 'Z', 0 .. 9, 'a' .. 'z' );
+
+while(<>) {
+ if(/^From /) {
+ handle_msg($msg);
+ $msg = <>;
+ }
+ $msg .= $_;
+}
+
+my @blockers = sort {$block_freq{ $b } <=> $block_freq{ $a }} keys %block_freq;
+my $nblockers = @blockers;
+
+#print Dumper(\@blockers); exit 0;
+
+foreach my $message(@messages) {
+ my $block_string = '';
+ for(0..$nblockers) {
+ last if $_ >= $max_blockers_shown;
+ $block_string .= $message->{ blockers }{ $blockers[ $_ ] } ?
+ $blocker_chars[ $_ ] : '.';
+ }
+ printf("%-15.15s %30.30s %s %-16.16s\n",
+ $message->{ ip },
+ substr($message->{ hostname }, -30, 30),
+ $block_string,
+ $message->{ netblock },
+ );
+}
+
+print "\n";
+
+for(0..$nblockers) {
+ printf "%s %-30.30s %6d\n",
+ $blocker_chars[ $_ ],
+ $blockers[ $_ ],
+ $block_freq{ $blockers[ $_ ] },
+}
+
+
+sub handle_msg {
+ my $msg = shift or return undef;
+ return undef if $msg =~ /From: root\@wildspark.com/;
+ my($h, $b) = split /\n\n/, $msg;
+ $h =~ s/\n\s+/ /g;
+ if($h =~ /Received:.*\[(\d+\.\d+\.\d+\.\d+)\].*by/) {
+ my $addr = $1;
+
+ $rbl->lookup($addr);
+ my @blockers = $rbl->listed_by;
+ #printf "%-16.16s %s\n", $addr, $blockers;
+ $block_freq{ $_ } ++ for @blockers;
+
+ my $hostname = hostname($addr);
+ push @messages, {
+ ip => $addr,
+ hostname => $hostname,
+ blockers => { map(($_ => 1), @blockers) },
+ netblock => get_netblock($addr),
+ };
+ #printf("%-16.16s %-16.16s %s\n", $addr, get_netblock($addr), $hostname);
+ }
+ else {
+ #die" No match: $msg\n";
+ #warn "No match";
+ }
+}
+
+sub get_netblock {
+ my $addr = shift;
+ foreach my $n(keys %netblocks) {
+ if(in_netblock($n, $addr)) {
+ return $netblocks{ $n };
+ }
+ }
+ return "x";
+ foreach my $registry qw( arin apnic ripe ){
+ my $res = `whois $addr\@whois.arin.net`;
+ return $1 if $res =~ /Netblock: (.+)/;
+ }
+ return "UNKNOWN";
+}
+
+sub in_netblock {
+ use Socket;
+ my($cidr, $addr) = @_;
+ #invoke with ('217.32.0.0/16', '128.222.123.0');
+ return undef unless $addr =~ /^(\d+)+\.(\d+)\.(\d+)\.(\d+)$/;
+ my $n = pack('C4', $1, $2, $3, $4);
+ return undef unless $cidr =~ m|^(\d+)+\.(\d+)\.(\d+)\.(\d+)/(\d+)$|;
+ my $block = pack('C4', $1, $2, $3, $4);
+ my $ones = $5;
+ my $zeros = 32 - $ones;
+ my $mask = pack('B32', '1' x $ones . '0' x $zeros);
+ #print "mask=" . inet_ntoa($mask); exit;
+ my $c1 = $block & $mask;
+ my $c2 = $n & $mask;
+ #print "c1=" . inet_ntoa($c1) . " c2=" . inet_ntoa($c2) . "\n";
+ return 1 if $c1 eq $c2;
+ 0;
+}
+
+sub read_netblocks {
+ my $fn = shift;
+ open F, "$fn" or die "Can't open $fn: $!";
+ my %n;
+ while(<F>) {
+ next unless /(\S+)\s+(\S+)/;
+ $n{ $1 } = $2;
+ }
+ close F;
+ return %n;
+}
+
+sub hostname {
+ my $address = shift;
+ my ($name,$aliases,$addrtype,$length, at addrs);
+ $name = 'TIMEOUT';
+ eval {
+ alarm 1;
+ local $SIG{ALRM} = sub { die "alarm\n" };
+ ($name,$aliases,$addrtype,$length, at addrs) =
+ gethostbyaddr(inet_aton($address), AF_INET);
+ alarm 0;
+ };
+ $name;
+}
+
+__END__
+
+=head1 NAME
+
+spamalyze - Apply multiple Realtime Blackhole Lists to all messages in an mbox
+
+=head1 SYNOPSIS
+
+ spamalyze myspam.mbox
+
+ spamalyze goodstuff.mbox
+
+ tail -3000 some.mbox | spamalzse
+
+=head1 DESCRIPTION
+
+Spamalyze reads in an mbox file containing multiple mail messages and looks up the originating server of each message on multiple Realtime Blackhole Lists. Spamalyze uses L<Net::RBLClient>.
+
+Spamalyze lets you find out what the impact would be of filtering via various RBL's.
+
+The output report contains two sections. The first section has one line per email message, showing:
+
+=over 4
+
+=item * Sending IP address
+
+=item * Sending hostname if any
+
+=item * Whether the IP is on a small list of possibly spammish netblocks
+
+=item * A list of letters representing RBL's which returned responses for this IP address
+
+=back
+
+The second section contains one line for each of the top RBL's. That is, the RBL's which produced the most hits. The RBL's are listed in decreasing order of hits. Each line contains:
+
+=over 4
+
+=item * The letter assigned to the RBL - C<A> is the one with the most hits
+
+=item * The domain name of the RBL
+
+=item * The number of hits from the RBL
+
+=back
+
+
+=head1 OPTIONS
+
+No options.
+
+=head1 SEE ALSO
+
+L<Net::RBLClient(3)>
+
+=head1 AUTHOR
+
+Asher Blum E<lt>F<asher at wildspark.com>E<gt>
+
+=head1 COPYRIGHT
+
+Copyright (C) 2004 Asher Blum. All rights reserved.
+This code is free software; you can redistribute it and/or modify it under
+the same terms as Perl itself.
+
+=cut
Propchange: packages/libnet-rblclient-perl/branches/upstream/current/spamalyze
------------------------------------------------------------------------------
svn:executable = *
More information about the Pkg-perl-cvs-commits
mailing list