April 6, 2016

Blacklist Checker

This is a nice little php script that you can run in the background via cron to constantly check your mail servers (or any server you have that deals with mail) and alert you via slack

I know there are things out there like mxtoolbox that can do this for you, and include a larger list of blacklists, but I wanted something I could run on our own infrastructure that did what I wanted, and alerted me via slack (much cooler then email alerts). Eventually I will also add in bulk email alerts (like a weekly update of whats happened) and maybe, just maybe SMS alerts via twilio or SMScentral

I have been using mxtoolbox, but was finding the email alerts not helpful, as I don’t often check my emails during the day, and they started going to my spam folder. I wrote this so I could be in control of what I checked and when, and then post it to Slack when there was an issue. As at work I always have a slack windows open because use it heavily.

This alerts you when things clear up for a particular server too

You can check it out here

Here is what the notifications look like:

Slack notifications

The git repo includes setup instructions in the README, but I will include here too


To use this you will need

  • A slack API token
  • A slack webhook to the channel you want to post to
  • PHP (of course)
  1. Download this repo
  2. open blacklist-cron.php and edit settings at the top of the script to include slack specific stuff
  3. edit servers.txt to add in your mail servers (can be IP or domain name)
  4. edit dnsbls.txt to include all the DNSBL servers you want to check against (left this full of the ones I use)
    • be sure to check each one. Some, like baracuda, require you to sign up if you are going to be making lots of calls
  5. Make a cron entry, like 00 08-18 * * * /usr/bin/php /home/john/blacklist/blacklist-cron.php >> /home/john/blacklist/cron.log
    • This will run the script every hour between 8am and 6pm (office ours). I also did this to reduce the amount of requests i send to each dnsbl. You can change this to suit your needs

You will now be alerted when a server of yours gets put on any of those blacklists, like this. It will also alert you when they are removed again

You can also run this via the commandline if you want to see whats going on php blacklist-cron.php and if you have debug turned on, things will just print to screen

john@johns-server:~/backlist$ php blacklist-cron.php
is the server in bl array? 
server not found on any blacklists. Yay!

Checking mymailserver.com.au
is the server in bl array? 
mymailserver.com.au ->
checking against ubl.unsubscore.com
Added to blarray
Creating report
posting to slack

Checking mailserver02.net
is the server in bl array? 
mailserver02.net ->
server not found on any blacklists. Yay!