refactor dnsbl module, show reason for positive detection when possible

2019-12-12 14:13:17 +00:00 · 2019-12-12 14:13:17 +00:00 · fbe1acf220
commit fbe1acf220
parent 39a4e97901
2 changed files with 55 additions and 12 deletions
--- a/modules/dnsbl/init.py
+++ b/modules/dnsbl/init.py
@ -1,26 +1,29 @@
 import ipaddress
 from src import ModuleManager, utils
 import dns.resolver
-
-DEFAULT_LISTS = [
-    "rbl.efnetrbl.org",
-    "zen.spamhaus.org"
-]
+from . import lists as _lists

 class Module(ModuleManager.BaseModule):
    @utils.hook("received.command.dnsbl")
    def dnsbl(self, event):
        args = event["args_split"]

+        default_lists = _lists.default_lists()
        lists = []
        for i, arg in reversed(list(enumerate(args))):
            if arg[0] == "@":
-                lists.insert(0, args.pop(i))
-        lists = lists or DEFAULT_LISTS
+                hostname = args.pop(i)
+                if hostname in default_lists:
+                    lists.insert(0, default_lists[hostname])
+                else:
+                    lists.insert(0, lists.DNSBL(hostname))
+
+        lists = lists or list(default_lists.values())

        address = args[0]
        failed = self._check_lists(lists, address)
        if failed:
+            failed = ["%s (%s)" % item for item in failed]
            event["stderr"].write("%s failed for lists: %s" %
                (address, ", ".join(failed)))
        else:
@ -37,14 +40,14 @@ class Module(ModuleManager.BaseModule):

        failed = []
        for list in lists:
-            if not self._check_list(list, address):
-                failed.append(list)
+            record = self._check_list(list.hostname, address)
+            if not record == None:
+                failed.append((list.hostname, list.process(record)))
        return failed

    def _check_list(self, list, address):
        list_address = "%s.%s" % (address, list)
        try:
-            dns.resolver.query(list_address)
+            return dns.resolver.query(list_address, "A")[0].to_text()
        except dns.resolver.NXDOMAIN:
-            return True
-        return False
+            return None
--- a/modules/dnsbl/lists.py
+++ b/modules/dnsbl/lists.py
@ -0,0 +1,40 @@
+import collections
+
+class DNSBL(object):
+    def __init__(self, hostname=None):
+        if not hostname == None:
+            self.hostname = hostname
+
+    def process(self, result: str):
+        return "unknown"
+
+class ZenSpamhaus(DNSBL):
+    hostname = "zen.spamhaus.org"
+    def process(self, result):
+        result = result.rsplit(".", 1)[1]
+        if result in ["2", "3", "9"]:
+            return "spam"
+        elif result in ["4", "5", "6", "7"]:
+            return "exploits"
+class EFNetRBL(DNSBL):
+    hostname = "rbl.efnetrbl.org"
+    SPAMTRAP = ["2", "3"]
+    def process(self, result):
+        result = result.rsplit(".", 1)[1]
+        if result == "1":
+            return "proxy"
+        elif result in self.SPAMTRAP:
+            return "spamtap"
+        elif result == "4":
+            return "tor"
+        elif result == "5":
+            return "flooding"
+
+DEFAULT_LISTS = [
+    ZenSpamhaus(),
+    EFNetRBL()
+]
+
+def default_lists():
+    return collections.OrderedDict(
+        (dnsbl.hostname, dnsbl) for dnsbl in DEFAULT_LISTS)