Kaseya Scripting Magic:Spam Blacklist Checker

Written by BT

Topics: Kaseya

Here’s a piece of scripting gold and I think it the longest most tedious script I’ve ever written (and it’s the longest blog post so far!)

I actually submitted a feature request to Kaseya ~6 months ago asking them to build a spam blacklist checking feature into Kaseya monitoring – it’s actually a really simple concept and only requires a bunch of DNS MX record lookups and a check through of the results. I was trolling through the forums one day and someone had cooked up a basic spam blacklist script checker. The script was OK but only checked a few blacklists and was a bit buggy so I used the basics of the script and built my own.

Anyway, here it is. It utilises the codebase from the original script I stole plus a couple of scripts available in the Kaseya 2008 script pack. The scripts is actually four scripts, Script 1 does most of the heavy lifting, Script 2 checks the login and scripts 3 and 4 write events to the Windows event log with the appropriate output. I’ve left out scripts 3 and 4 but you can grab these from the Kaseya 2008 script pack.

Not sure how well copying and pasting from the blog post will work – the code is embedded in code tags, if you have any problems, post in the comments and if necessary I’ll dump a couple of .txt files somewhere to download. I haven’t played with this script in detail in ~4-6 months so there’s a chance an RBL or other blacklist used in the script is no longer utilised – the script has been running flawlessly for me and regularly picks up spam problems but please, if you have any feedback, stick it in the comments.

Have fun!

EDIT: Oh, forgot to mention that this script automatically grabs the server gateway IP address from the Kaseya database and uses that for the lookup. In some weird network configurations or where private networks are in place, this may not be appropriate for what the script needs to do as the connection gateway may be a private network address.

Script 1

Script Name: SPAM Blacklist Pt1
Script Description: Script Description: This scripts checks to see if a public IP returns a value that contains 127.0.* from various RBLs and other spam blacklists
RBL DNSBL and other BList sourced from: http://checker.msrbl.com/
Original script taken from pjones on forums.kaseya.com
Mods made to this script by Tullibo.com
http://forum.kaseya.com/showthread.php?t=7954


IF True
THEN
Write Script Log Entry
Parameter 1 : Spam blacklist check started
OS Type : 0
Execute Shell Command
Parameter 1 : ipconfig /flushdns
Parameter 2 : 0
OS Type : 0
Get Variable
Parameter 1 : 10
Parameter 2 :
Parameter 3 : temp
OS Type : 0
Execute Shell Command
Parameter 1 : echo SERVERNAME: #vMachine.machName# - MSP results of Spam List Tests >>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : echo TIME STARTED: %time% >>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : echo DATE RAN: %date% >>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : echo Testing gateway IP address is #vMachine.ConnectionGatewayIp# >>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : echo. >>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.abuse.net >>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.zen.spamhaus.org >>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.list.dsbl.org >>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.nospam.ant.pl>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.bl.spamcop.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.dnsbl.burnt-tech.com>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.cbl.abuseat.org>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.dnsbl.njabl.org>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.dnsbl-3.uceprotect.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.dnsbl-2.uceprotect.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.dnsbl-1.uceprotect.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.cbl.abuseat.org>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.dul.dnsbl.sorbs.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.zombie.dnsbl.sorbs.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.dnsbl.ahbl.org>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.bl.technovision.dk>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.bl.csma.biz>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.bl.deadbeef.com>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.list.dsbl.org>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.multihop.dsbl.org>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.unconfirmed.dsbl.org>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.dul.ru>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.rbl.efnet.org>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.korea.services.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.combined.rbl.msrbl.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.phishing.rbl.msrbl.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.virus.rbl.msrbl.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.images.rbl.msrbl.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.spam.rbl.msrbl.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.web.rbl.msrbl.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.no-more-funn.moensted.dk>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.okrelays.nthelp.com>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.relays.nthelp.com>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.psbl.surriel.com>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.rbl.schulte.org>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.bl.spamcop.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.sbl-xbl.spamhaus.org>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.xbl.spamhaus.org>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.dnsbl.sorbs.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.http.dnsbl.sorbs.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.socks.dnsbl.sorbs.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.misc.dnsbl.sorbs.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.smtp.dnsbl.sorbs.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.web.dnsbl.sorbs.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.new.spam.dnsbl.sorbs.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.recent.spam.dnsbl.sorbs.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.old.spam.dnsbl.sorbs.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.spam.dnsbl.sorbs.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.escalations.dnsbl.sorbs.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.block.dnsbl.sorbs.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.zombie.dnsbl.sorbs.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : for /f "tokens=1,2,3,4 delims=." %a in ("#vMachine.ConnectionGatewayIp#") do nslookup %d.%c.%b.%a.dul.dnsbl.sorbs.net>>>>#temp#\spam-results.txt
Parameter 2 : 0
OS Type : 0
Get Variable
Parameter 1 : 1
Parameter 2 : #temp#\spam-results.txt
Parameter 3 : spamresults
OS Type : 0
Get File
Parameter 1 : #temp#\spam-results.txt
Parameter 2 : spam-results.txt
Parameter 3 : 1
OS Type : 0
Execute Script
Parameter 1 : SPAM Blacklist Pt2 (NOTE: Script reference is NOT imported. Correct manually in script editor.
Parameter 2 :
Parameter 3 : 0
OS Type : 0
ELSE

Script 2 checks the output and takes appropriate action

Script Name: SPAM Blacklist Pt2
Script Description: Part two of the Spam Blacklist checker.
Don't run this script directly, run SPAM Blacklist Pt1 instead!

IF Check Variable
Parameter 1 : #spamresults#
Contains :127.0
THEN
Get Variable
Parameter 1 : 2
Parameter 2 : SPAM BLACKLIST CHECK RESULT ERROR - GATEWAY LISTED ON BLACKLIST - Gateway IP is #vMachine.ConnectionGatewayIp#
Parameter 3 : error_description
OS Type : 0
Write Script Log Entry
Parameter 1 : SPAM BLACKLIST CHECK RESULT ERROR - GATEWAY LISTED ON BLACKLIST - Gateway IP is #vMachine.ConnectionGatewayIp#
OS Type : 0
Get File
Parameter 1 : #temp#\spam-results.txt
Parameter 2 : spam-result-last-blacklisted.txt
Parameter 3 : 1
OS Type : 0
Execute Script
Parameter 1 : Create Kaseya ERROR Event Log Entry (NOTE: Script reference is NOT imported. Correct manually in script editor.
Parameter 2 :
Parameter 3 : 0
OS Type : 0
ELSE
Get Variable
Parameter 1 : 2
Parameter 2 : SPAM BLACKLIST CHECK RESULTS - ALL OK, not listed
Parameter 3 : error_description
OS Type : 0
Write Script Log Entry
Parameter 1 : SPAM BLACKLIST CHECK RESULTS - ALL OK, not listed
OS Type : 0
Execute Script
Parameter 1 : Create Kaseya INFO Event Log Entry (NOTE: Script reference is NOT imported. Correct manually in script editor.
Parameter 2 :
Parameter 3 : 0
OS Type : 0

  • Jason Bradbury

    Interesting article. I use a tool to check spam blacklist which works great and is quick to check IP blacklisting here…
    http://www.spamblacklist.co.uk

    • Damien

      You can also run a complete Spam Blacklist/DNSBL test on http://www.EmailSecurityGrader.com – it has an extensive number of RBL (40+) and also includes several other email security tests (SPF, Open relay, Authentication) which noawadays are all pretty important to avoid spam, spoofing, relaying, blacklisting.

  • Jiim

    Nice Script.
    Can you provide some txt files and some hints for a ‘learner’ Kaseya user on how to get this up and running?
    Thanks

  • Joeblow

    GJ!

  • Under normal circumstances, if you never send any unsolicited bulk email to anyone or you have not participated in any form of spam campaign, this tool need not be used.

  • RobC

    This script is exactly what I’m looking for. However, when I run it I receive an error saying “script file 0 could not be loaded. make sure the script exists in the \script folder” Can you give me instructions on how to properly install this script? I’m using KNM5

    • Bud this is a really old article, I haven’t been in the kaseya space in many years so can’t really help here