This is a nice little php script that you can run in the background via cron to constantly check your mail servers (or any server you have that deals with mail) and alert you via slack
I know there are things out there like mxtoolbox that can do this for you, and include a larger list of blacklists, but I wanted something I could run on our own infrastructure that did what I wanted, and alerted me via slack (much cooler then email alerts). Eventually I will also add in bulk email alerts (like a weekly update of whats happened) and maybe, just maybe SMS alerts via twilio or SMScentral
I have been using mxtoolbox, but was finding the email alerts not helpful, as I don’t often check my emails during the day, and they started going to my spam folder. I wrote this so I could be in control of what I checked and when, and then post it to Slack when there was an issue. As at work I always have a slack windows open because use it heavily.
This alerts you when things clear up for a particular server too
You can check it out here
Here is what the notifications look like:
The git repo includes setup instructions in the README, but I will include here too
Usage
To use this you will need
- A slack API token
- A slack webhook to the channel you want to post to
- PHP (of course)
- Download this repo
- open
blacklist-cron.phpand edit settings at the top of the script to include slack specific stuff - edit
servers.txtto add in your mail servers (can be IP or domain name) - edit
dnsbls.txtto include all the DNSBL servers you want to check against (left this full of the ones I use)- be sure to check each one. Some, like baracuda, require you to sign up if you are going to be making lots of calls
- Make a cron entry, like
00 08-18 * * * /usr/bin/php /home/john/blacklist/blacklist-cron.php >> /home/john/blacklist/cron.log- This will run the script every hour between 8am and 6pm (office ours). I also did this to reduce the amount of requests i send to each dnsbl. You can change this to suit your needs
You will now be alerted when a server of yours gets put on any of those blacklists, like this. It will also alert you when they are removed again
You can also run this via the commandline if you want to see whats going on php blacklist-cron.php and if you have debug turned on, things will just print to screen
john@johns-server:~/backlist$ php blacklist-cron.php
Checking 1.2.3.4
is the server in bl array?
server not found on any blacklists. Yay!
Checking mymailserver.com.au
is the server in bl array?
mymailserver.com.au -> 5.6.7.8
checking against ubl.unsubscore.com
Added to blarray
Creating report
posting to slack
Checking mailserver02.net
is the server in bl array?
mailserver02.net -> 123.45.67.89
server not found on any blacklists. Yay!