"cleanup" : self.cleanup,
"scan-files" : self.releases.scan_files,
"send-all-messages" : self.messages.queue.send_all,
+ "test-blacklist" : self.geoip.test_blacklist,
"test-ldap" : self.accounts.test_ldap,
"tweet" : self.tweets.tweet,
"update-blog-feeds" : self.blog.update_feeds,
from .decorators import *
from .misc import Object
+# These lists are used to block access to the webapp
+BLOCKLISTS = (
+ "sbl.spamhaus.org",
+ "xbl.spamhaus.org",
+)
+
BLACKLISTS = {
"access.redhawk.org" : False,
"all.de.bl.blocklist.de" : False,
def get_country_name(self, code):
return countries.get_name(code)
+ @tornado.gen.coroutine
+ def test_blacklist(self, address):
+ address = self.lookup(address)
+
+ # Determne blacklist status
+ status = yield address.is_blacklisted()
+
+ print("Blacklist status for %s: %s" % (address, status))
+
class Address(Object):
def init(self, address):
@tornado.gen.coroutine
def _resolve_blacklist(self, blacklist):
+ return_code = None
+
# Get resource record name
rr = self._make_blacklist_rr(blacklist)
except IOError as e:
logging.warning(e)
- return None, "%s" % e
+ return return_code, "%s" % e
# Not found
if not res:
logging.debug("%s is not blacklisted on %s" % (self, blacklist))
- return False, None
+ return return_code, None
+
+ # Extract return code from DNS response
+ for row in res:
+ return_code = row.host
+ break
# If the IP address is on a blacklist, we will try to fetch the TXT record
reason = yield self.backend.geoip.resolver.query(rr, type=pycares.QUERY_TYPE_TXT)
# Take the first reason
if reason:
for i in reason:
- return True, i.text.decode()
+ return return_code, i.text
# Blocked, but no reason
- return True, None
+ return return_code, None
@tornado.gen.coroutine
def get_blacklists(self, important_only=False):
logging.debug("Checking if %s is blacklisted..." % self)
# Perform checks
- blacklists = yield self.get_blacklists(important_only=True)
+ blacklists = yield { bl : self._resolve_blacklist(bl) for bl in BLOCKLISTS }
# If we are blacklisted on one list, this one is screwed
- for code, reason in blacklists.values():
+ for bl in blacklists:
+ code, message = blacklists[bl]
+
+ logging.debug("Response from %s is: %s (%s)" % (bl, code, message))
+
+ # Exclude matches on SBLCSS
+ if bl == "sbl.spamhaus.org" and code == "127.0.0.3":
+ continue
+
+ # Consider the host blocked for any non-zero return code
if code:
return True
projects / ipfire.org.git / commitdiff
