DynamicHost
This function will check a host name to
see if it contains the IP address in the form of w.x.y.z or w-x-y-z in
its DNS name. If it does it returns
True.
-
Function DynamicHost (DomainName,HostIP)
DynamicHost = False
If DomainName = HostIP Then Exit
Function End If
If InStr(Replace(DomainName,"-","."),HostIP)
> 0 Or InStr(DomainName,HostIP) > 0 Then
DynamicHost = True
End If
End Function
NonDynamicPart
This function strips
out the beginning part of the DNS name if it matches the IP address of
the sending server. First it calls
DynamicHost
to see if the DNS name contains part of the sending server?s IP
address. If it doesn?t it exits. Otherwise, it set the
FixedServerIP
variable to contain the server IP
address but in the format of w-x-y-z. Then the DNS name is checked to see
if it contains the
FixedServerIP
text string and if so removes it.
Last it, with the
ElseIf
statement, then checks to see if the DNS name contains the server IP address in
it, and removes it if so.
Example:
123-56-67-8.dial-up.msn.net would become dial-up.msn.net
-
Function NonDynamicPart (DomainName,HostIP)
If Not DynamicHost (DomainName,HostIP)
Then
NonDynamicPart = DomainName
Exit Function
End If
FixedServerIP = Replace(HostIP,".","-")
If InStr(DomainName,FixedServerIP) >
0 Then
StartHost =
InStr(DomainName,FixedServerIP)+Len(FixedServerIP)+1
EndHost = Len(DomainName) -
InStr(DomainName,FixedServerIP) - Len(FixedServerIP)
NonDynamicPart =
Mid(DomainName,StartHost,EndHost)
ElseIf InStr(DomainName,HostIP) > 0
Then
StartHost =
InStr(DomainName,HostIP)+Len(HostIP)+1
EndHost = Len(DomainName) -
InStr(DomainName,HostIP) - Len(HostIP)
NonDynamicPart =
Mid(DomainName,StartHost,EndHost)
End If
-
End Function
GetClassC
This function replaces the last IP bit of
an IP address it is passed with a 0.
First it breaks the IP address into four
parts and stores them in the
IPs
variable as an array with the
Split
function. Then by using
UBound
we check to make sure the
IPs
array contains four data points, the array starts at 0. Last we
?rebuild? the IP address and replace the last bit with ?0?.
-
Function GetClassC (Data)
IPs = Split (Data,".",-1,1)
If UBound(IPs) <> 3 Then
GetClassC = "Invalid"
Exit Function
End If
GetClassC = IPs(0) & "." & IPs(1) &
"." & IPs(2) & ".0"
End Function
IsIPBit
This function returns True if the data it
is passed is a number between 0 and 255.
-
Function IsIPBit (Data)
IsIPBit = False
IPBit = 0
On Error Resume Next
' If CheckPart is 1 to 256 then it is part of
an IP address
' So don't include it in the domain name
IPBit = Data + 1
On Error GoTo 0
If (IPBit > 0 and IPBit < 257) Then
IsIPBit = True End If
End Function
GetPartialDomain
This function is used to return part of a
DNS domain name. It is used many times by the script to return the last
two parts of a domain name.
First it splits the domain name into
individual data points and stores them in the
DomainArray
field. Next it store the last part of the domain name in the
GetPartialDomain
variable. It then checks to make sure that the domain does contain
enough parts to return the requested about of data. In addition, it
checks to see if the first part is an IP bit, a number between 0 and
255. If the domain is too short, like in the case where the domain is
dial-up.msn.net and the first four parts of the domain were requested,
or is an IP bit, an example is where the entire data field passed in an
IP address, then
GetPartialDomain
is set to the data it was passed and the function exits.
If the data is valid the function will
then loop through each part of the domain name appending
GetPartialDomain
on each loop until the number of
parts to return is reached.
-
Function GetPartialDomain (Data,MaxLevels)
DomainArray = Split(Data,".",-1,1)
GetPartialDomain =
DomainArray(UBound (DomainArray))
If UBound (DomainArray) < MaxLevels
or IsIPBit (GetPartialDomain) Then
GetPartialDomain = Data
Exit Function
End If
For i = UBound (DomainArray)-1 to
UBound (DomainArray)-MaxLevels+1 Step -1
GetPartialDomain = DomainArray(i) &
"." & GetPartialDomain
Next
End Function
NSLookUp
This function is used
to do an NSLookup by calling the nslookup command in Windows. It
returns the string of text on the line requested.
First we pass the
?nslookup? command to the Windows hosting script shell by call the
exec method, which will start nslookup. Next we pass the IP address
we are querying on. Then the exit command to close nslookup. The
exec
method will store all data displayed by nslookup in the
stdOut property. Then using a
Do While loop we go through each line until we reach the end, the
atEndOfStream property returns
True
when at the end of the input. For each line returned we check it to see
if it contains the field name we are looking for,
FieldToReturn,
and if it does we then set
NSLookUp
to the current text on that line, minus the field name.
-
Function NSLookUp (IPToQuery,FieldToReturn)
' Create an exec object that runs nslookup
Set objExec =
objShell.exec("nslookup")
objExec.stdIn.writeLine IPToQuery
objExec.stdIn.writeLine "exit"
' Exit nslookup
' Read in the NSLookup results by reading
from exec output stream
Do While not
objExec.stdOut.atEndOfStream
ResultLine = objExec.stdOut.readLine
If Left(ResultLine,Len(FieldToReturn))
= FieldToReturn Then
NSLookUp =
Trim(Right(ResultLine,Len(ResultLine)-Len(FieldToReturn)))
End If
Loop
If NSLookUp = "" Then NSLookUp =
"Invalid" End If
End Function
This function will
check several of the public blacklist servers that store a list, using a
normal DNS server, of IP address that have been flagged as open relays
for SMTP mail traffic, spam host based on mail coming from these host,
or don?t follow the RFC guild lines for an SMTP mail server, normally
because they are a spamer.
Blocking e-mail based
on these blacklist servers can be a very sensitive subject. This is
because of the fact that valid e-mail can and do get blocked because the
server sending the e-mail is listed on one of these sites. In addition,
many of these sites are run my private organizations or even individuals
and they that all have different methods of determining what is spamer,
open relay, etc site. Once they determine that a site should be listed
it is up to them to decide how long to list it and if they should list
just that IP that was flagged or related IPs, like the entire class C of
the sending server. I would suggest you go to each of the web-sites
listed in the resource section and decided for yourself if you want to
use the blacklists or not.
Note: This same list is used by the
SMTPSPAMFilter.vbs
so if you decide
not to use one or more of these servers you should modify it also.
The first variable we
set is the number of blacklist sites we are going to check, if you
remove or add any sites you will need to modify this variable since it
controls the size of the array and the loop later on. Next we resize
the
BlackList array based on the number
of servers we are going to check. Then we set the values in the array
to each of the servers.
In order to do a
reverse DNS lookup on an IP address it must be formatted the correct
way. This is why we first break up the IP address into four parts and
save them in the
IPArray
variable. Then we are being the loop that will check each of the
blacklist servers to see if the IP address has been blacklisted by
them. Inside the loop we set the
BlackListedBy
variable to the name of the current server being check so it came be
stored in the contact later. Then we build the value we are going
to send to
NSLookup
by reversing the order of the IP address and appending the server we
want to query to it. We then call the
NSLookUp
function and save the results to
ReturnedIP.
The different black list servers use slightly different formats to
indicate why the IP address is on their list but they all set the first
part to 127 if it is on their list. So we check to see if the first
three characters of the returned IP are 127. If so we set
BlackListed
to True
and exit the loop.
-
Function BlackListed (IPToCheck,BlackListedBy)
Dim BlackList
BlackListed = False
' Set host count and declare array
NumberofHosts = 6
ReDim BlackList(NumberofHosts)
-
' List of public reverse DNS sites that
return 127.0.0.x if a site is listed
'
http://relays.osirusoft.com, Returns: 127.0.0.4 = spamer
BlackList(1) = "relays.osirusoft.com"
'
http://www.rfc-ignorant.org,
Returns: 127.0.0.5 = open
relay or spamer
BlackList(2) = "ipwhois.rfc-ignorant.org"
'
http://www.ordb.org, Returns: 127.0.0.1 = open relay
BlackList(3) = "relays.ordb.org"
'
http://relays.visi.com, Returns: 127.0.0.1 = spamer
BlackList(4) = "relays.visi.com"
'
http://spews.org, Returns: 127.0.0.4 = open relay
BlackList(5) = "spews.relays.osirusoft.com"
'
http://www.spamhaus.org, Returns: 127.0.0.2 = spamer
BlackList(6) = "sbl.spamhaus.org"
-
' Split IP address
IPArray = Split(IPToCheck, ".")
-
' Loop through array of DNS hosts
For i = 1 To (UBound(BlackList))
BlackListedBy = BlackList(i)
' The above site support reverse DNS lookup
if passed the IP address in reverse order
' in from of their domain name
DNSToLookup = IPArray(3) & "." &
IPArray(2) & "." & IPArray(1) & "." & IPArray(0) &
_
"." & BlackListedBy
& "."
ReturnedIP =
NSLookUp(DNSToLookup,"Address: ")
' If the host isn't found an error is
returned
If Left(ReturnedIP, 3) = "127" Then
BlackListed = True
Exit For
' Once the IP
address if found to be blacked listed exist the loop
End If
Next
End Function
|
