forked from monsoft/abichecker
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathabichecker.sh
117 lines (94 loc) · 2.88 KB
/
abichecker.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
#!/bin/bash
# abichecker ver 0.2
# by Irek 'Monsoft' Pelech (c) 2023,2024
#
# Require curl, jq, logger
#
# Logging to mail log
readonly SCRIPT_NAME="$(basename $0|sed 's/\.sh//g')[$$]"
# abuseipdb.com API token
TOKEN="XXX"
# Api url
API_URL="api.abuseipdb.com/api/v2/check"
# SMTP response message
SMTP_DENY_MESSAGE="Bad host reputation."
# SMTP deny code
SMTP_DENY_CODE="521"
# Abuse score used in check. Mails above this score will be rejected.
ABUSE_SCORE=70
# App configuration directory
CONF_DIR="/opt"
HOSTNAME_WHITELIST_DOMAINS="${CONF_DIR}/abichecker/hostname_domain_whitelist.txt"
# Cache directory
CACHE_DIR="/tmp/ramdisk"
# Functions
check_commands () {
if ! command -v $1 &> /dev/null; then
echo "$1 could not be found. Please install $1" | logger -p mail.info -t ${SCRIPT_NAME}
exit 1
fi
}
email_allow () {
# We are allowing access
# echo "action=ok"
echo "action=dunno"
echo ""
exit 0
}
email_deny () {
# We are denying access
echo "action=${SMTP_DENY_CODE} ${SMTP_DENY_MESSAGE}"
echo ""
exit 0
}
# Check if curl & jq are installed
check_commands curl
check_commands jq
check_commands logger
# Load variables passed by Postfix
while read attr; do
[ -z "$attr" ] && break
eval $attr
done
if [ -z "$client_address" ]; then
echo "No variables passed by Postfix" | logger -p mail.info -t ${SCRIPT_NAME}
exit 1
fi
# Check if client whitelisted by domain
if [ ! -z "${client_name}" ]; then
if [ -f "${HOSTNAME_WHITELIST_DOMAINS}" ]; then
while IFS= read -r domain; do
if [ -n "$domain" ]; then
if [[ "${client_name}" =~ "${domain}" ]]; then
echo "Host ${client_name} whitelisted by domain." | logger -p mail.info -t ${SCRIPT_NAME}
email_allow
fi
fi
done < "${HOSTNAME_WHITELIST_DOMAINS}"
fi
fi
# check if in cache
ABUSE_CONFIDENCE_SCORE=$(<$CACHE_DIR/$client_address)
if [ -z "$ABUSE_CONFIDENCE_SCORE" ]; then
echo "$client_address not found in cache. " | logger -p mail.info -t ${SCRIPT_NAME}
REPORT_JSON=$(curl -s -G https://${API_URL} --data-urlencode "ipAddress=$client_address" -H "Key: ${TOKEN}" -H "Accept: application/json")
if [[ ! "${REPORT_JSON}" =~ "ipAddress" ]]; then
echo "Unable to fetch data from abuseipdb.com API. Please check connection." | logger -p mail.info -t ${SCRIPT_NAME}
#exit 1
email_allow
fi
# Parsing JSON into variables
ABUSE_CONFIDENCE_SCORE=$(echo "${REPORT_JSON}"|jq -r .data.abuseConfidenceScore)
#add to cache
FILE="$CACHE_DIR/$client_address"
echo $ABUSE_CONFIDENCE_SCORE >$FILE
fi
if [ "${ABUSE_CONFIDENCE_SCORE}" -gt "${ABUSE_SCORE}" ]; then
# We are denying access
echo "Email from host ${client_name}[$client_address] denied. Abuse Score ${ABUSE_CONFIDENCE_SCORE}%." | logger -p mail.info -t ${SCRIPT_NAME}
email_deny
else
# We are allowing access
echo "Email from host ${client_name}[$client_address] allowed. Abuse Score ${ABUSE_CONFIDENCE_SCORE}%." | logger -p mail.info -t ${SCRIPT_NAME}
email_allow
fi