better iprev, count, and importing legacy san & valid
@@ -1,21 +0,0 @@ | ||
1 | -#!/bin/bash | |
2 | - | |
3 | -[[ ! -f cacert.pem ]] && echo cacert.pem is required && exit 1 | |
4 | - | |
5 | -[[ -z $1 ]] && echo missing x\*.ptr.validcn file as first argument && exit 1 | |
6 | -inputfile=$1 | |
7 | - | |
8 | -ehlo=pro5s2.nethence.com | |
9 | -#ehlo=`curl -s ip.nethence.com | sed -n 1p | awk '{print $NF}' | sed 's/\.$//'` | |
10 | - | |
11 | -echo using $ehlo as EHLO and writing to $inputfile.return | |
12 | -for mx in `cat $inputfile`; do | |
13 | - echo -en "$mx\t" | |
14 | - | |
15 | - #we only need the last result with 'Verify', as it repeats in parenthesis what 'Verification' said above | |
16 | - echo Q | timeout --preserve-status -k 5s 10s /usr/local/bin/openssl s_client -4 -showcerts -verify 5 -CAfile cacert.pem -starttls smtp -name $ehlo -servername $mx -connect $mx:25 -crlf 2>/dev/null | grep Verify || echo | |
17 | - #-CApath /etc/ssl/certs | |
18 | - #-brief | |
19 | - #-verify_return_error | |
20 | -done > $inputfile.return; unset mx | |
21 | - |
@@ -1,52 +0,0 @@ | ||
1 | -#!/bin/bash | |
2 | - | |
3 | -[[ -z $1 ]] && echo file in hosts format? && exit 1 | |
4 | -hostsfile=$1 | |
5 | - | |
6 | -debug=0 | |
7 | - | |
8 | -ehlo=`curl -s ip.nethence.com | sed -n 1p | awk '{print $NF}' | sed 's/\.$//'` | |
9 | -echo using $ehlo as EHLO | |
10 | - | |
11 | -echo writing to $hostsfile.nossl $hostsfile.nocert $hostsfile.validcn $hostsfile.wrongcn | |
12 | -(( debug == 1 )) && echo | |
13 | -rm -f $hostsfile.nossl $hostsfile.nocert $hostsfile.validcn $hostsfile.wrongcn | |
14 | -cat $hostsfile | while read line; do | |
15 | - ip=`echo $line | awk '{print $1}'` | |
16 | - mx=`echo $line | awk '{print $2}'` | |
17 | - mx=${mx%\.} | |
18 | - (( debug == 1 )) && echo -n $mx/ | |
19 | - | |
20 | - if ! altstr=`echo Q | timeout 0.7 /usr/local/bin/openssl s_client -4 -starttls smtp -name $ehlo -servername $mx -connect $ip:25 -crlf 2>/dev/null`; then | |
21 | - echo $mx >> $hostsfile.nossl && echo -n . | |
22 | - continue | |
23 | - fi | |
24 | - (( debug == 1 )) && echo -n has ssl/ | |
25 | - | |
26 | - #no need to check CN as SAN always contains it as first match | |
27 | - if ! alt=`echo "$altstr" | /usr/local/bin/openssl x509 -noout -text 2>/dev/null | grep DNS: | sed -r 's/DNS://g; s/,//g'`; then | |
28 | - echo $mx >> $hostsfile.nocert && echo -n / | |
29 | - continue | |
30 | - fi | |
31 | - unset altstr | |
32 | - (( debug == 1 )) && echo -n has cert and san/ | |
33 | - | |
34 | - got=0 | |
35 | - for sni in $alt; do | |
36 | - (( debug == 1 )) && echo -n testing sni $sni: | |
37 | - #we are freaking lucky this condition deals with wildcards | |
38 | - #e.g. here mxs.mail.ru = *.mail.ru does validate already | |
39 | - if [[ $mx = $sni ]]; then | |
40 | - echo $mx >> $hostsfile.validcn | |
41 | - echo -n - | |
42 | - got=1 | |
43 | - break | |
44 | - fi | |
45 | - done; unset sni | |
46 | - (( got != 1 )) && echo $mx >> $hostsfile.wrongcn && echo -n _ | |
47 | - unset got | |
48 | - | |
49 | - (( debug == 1 )) && echo | |
50 | - unset ip mx | |
51 | -done && echo done | |
52 | - |
@@ -0,0 +1,1402 @@ | ||
1 | +.ac,.com.ac | |
2 | +.ac,.net.ac | |
3 | +.ac,.gov.ac | |
4 | +.ac,.org.ac | |
5 | +.ac,.mil.ac | |
6 | +.ae,.co.ae | |
7 | +.ae,.net.ae | |
8 | +.ae,.gov.ae | |
9 | +.ae,.ac.ae | |
10 | +.ae,.sch.ae | |
11 | +.ae,.org.ae | |
12 | +.ae,.mil.ae | |
13 | +.ae,.pro.ae | |
14 | +.ae,.name.ae | |
15 | +.af,.com.af | |
16 | +.af,.edu.af | |
17 | +.af,.gov.af | |
18 | +.af,.net.af | |
19 | +.af,.org.af | |
20 | +.al,.com.al | |
21 | +.al,.edu.al | |
22 | +.al,.gov.al | |
23 | +.al,.mil.al | |
24 | +.al,.net.al | |
25 | +.al,.org.al | |
26 | +.ao,.ed.ao | |
27 | +.ao,.gv.ao | |
28 | +.ao,.og.ao | |
29 | +.ao,.co.ao | |
30 | +.ao,.pb.ao | |
31 | +.ao,.it.ao | |
32 | +.ar,.com.ar | |
33 | +.ar,.edu.ar | |
34 | +.ar,.gob.ar | |
35 | +.ar,.gov.ar | |
36 | +.ar,.gov.ar | |
37 | +.ar,.int.ar | |
38 | +.ar,.mil.ar | |
39 | +.ar,.net.ar | |
40 | +.ar,.org.ar | |
41 | +.ar,.tur.ar | |
42 | +.at,.gv.at | |
43 | +.at,.ac.at | |
44 | +.at,.co.at | |
45 | +.at,.or.at | |
46 | +.au,.com.au | |
47 | +.au,.net.au | |
48 | +.au,.org.au | |
49 | +.au,.edu.au | |
50 | +.au,.gov.au | |
51 | +.au,.csiro.au | |
52 | +.au,.asn.au | |
53 | +.au,.id.au | |
54 | +.ba,.org.ba | |
55 | +.ba,.net.ba | |
56 | +.ba,.edu.ba | |
57 | +.ba,.gov.ba | |
58 | +.ba,.mil.ba | |
59 | +.ba,.unsa.ba | |
60 | +.ba,.untz.ba | |
61 | +.ba,.unmo.ba | |
62 | +.ba,.unbi.ba | |
63 | +.ba,.unze.ba | |
64 | +.ba,.co.ba | |
65 | +.ba,.com.ba | |
66 | +.ba,.rs.ba | |
67 | +.bb,.co.bb | |
68 | +.bb,.com.bb | |
69 | +.bb,.net.bb | |
70 | +.bb,.org.bb | |
71 | +.bb,.gov.bb | |
72 | +.bb,.edu.bb | |
73 | +.bb,.info.bb | |
74 | +.bb,.store.bb | |
75 | +.bb,.tv.bb | |
76 | +.bb,.biz.bb | |
77 | +.bh,.com.bh | |
78 | +.bh,.info.bh | |
79 | +.bh,.cc.bh | |
80 | +.bh,.edu.bh | |
81 | +.bh,.biz.bh | |
82 | +.bh,.net.bh | |
83 | +.bh,.org.bh | |
84 | +.bh,.gov.bh | |
85 | +.bn,.com.bn | |
86 | +.bn,.edu.bn | |
87 | +.bn,.gov.bn | |
88 | +.bn,.net.bn | |
89 | +.bn,.org.bn | |
90 | +.bo,.com.bo | |
91 | +.bo,.net.bo | |
92 | +.bo,.org.bo | |
93 | +.bo,.tv.bo | |
94 | +.bo,.mil.bo | |
95 | +.bo,.int.bo | |
96 | +.bo,.gob.bo | |
97 | +.bo,.gov.bo | |
98 | +.bo,.edu.bo | |
99 | +.br,.adm.br | |
100 | +.br,.adv.br | |
101 | +.br,.agr.br | |
102 | +.br,.am.br | |
103 | +.br,.arq.br | |
104 | +.br,.art.br | |
105 | +.br,.ato.br | |
106 | +.br,.b.br | |
107 | +.br,.bio.br | |
108 | +.br,.blog.br | |
109 | +.br,.bmd.br | |
110 | +.br,.cim.br | |
111 | +.br,.cng.br | |
112 | +.br,.cnt.br | |
113 | +.br,.com.br | |
114 | +.br,.coop.br | |
115 | +.br,.ecn.br | |
116 | +.br,.edu.br | |
117 | +.br,.eng.br | |
118 | +.br,.esp.br | |
119 | +.br,.etc.br | |
120 | +.br,.eti.br | |
121 | +.br,.far.br | |
122 | +.br,.flog.br | |
123 | +.br,.fm.br | |
124 | +.br,.fnd.br | |
125 | +.br,.fot.br | |
126 | +.br,.fst.br | |
127 | +.br,.g12.br | |
128 | +.br,.ggf.br | |
129 | +.br,.gov.br | |
130 | +.br,.imb.br | |
131 | +.br,.ind.br | |
132 | +.br,.inf.br | |
133 | +.br,.jor.br | |
134 | +.br,.jus.br | |
135 | +.br,.lel.br | |
136 | +.br,.mat.br | |
137 | +.br,.med.br | |
138 | +.br,.mil.br | |
139 | +.br,.mus.br | |
140 | +.br,.net.br | |
141 | +.br,.nom.br | |
142 | +.br,.not.br | |
143 | +.br,.ntr.br | |
144 | +.br,.odo.br | |
145 | +.br,.org.br | |
146 | +.br,.ppg.br | |
147 | +.br,.pro.br | |
148 | +.br,.psc.br | |
149 | +.br,.psi.br | |
150 | +.br,.qsl.br | |
151 | +.br,.rec.br | |
152 | +.br,.slg.br | |
153 | +.br,.srv.br | |
154 | +.br,.tmp.br | |
155 | +.br,.trd.br | |
156 | +.br,.tur.br | |
157 | +.br,.tv.br | |
158 | +.br,.vet.br | |
159 | +.br,.vlog.br | |
160 | +.br,.wiki.br | |
161 | +.br,.zlg.br | |
162 | +.bs,.com.bs | |
163 | +.bs,.net.bs | |
164 | +.bs,.org.bs | |
165 | +.bs,.edu.bs | |
166 | +.bs,.gov.bs | |
167 | +.bz,com.bz | |
168 | +.bz,edu.bz | |
169 | +.bz,gov.bz | |
170 | +.bz,net.bz | |
171 | +.bz,org.bz | |
172 | +.ca,.ab.ca | |
173 | +.ca,.bc.ca | |
174 | +.ca,.mb.ca | |
175 | +.ca,.nb.ca | |
176 | +.ca,.nf.ca | |
177 | +.ca,.nl.ca | |
178 | +.ca,.ns.ca | |
179 | +.ca,.nt.ca | |
180 | +.ca,.nu.ca | |
181 | +.ca,.on.ca | |
182 | +.ca,.pe.ca | |
183 | +.ca,.qc.ca | |
184 | +.ca,.sk.ca | |
185 | +.ca,.yk.ca | |
186 | +.ck,.co.ck | |
187 | +.ck,.org.ck | |
188 | +.ck,.edu.ck | |
189 | +.ck,.gov.ck | |
190 | +.ck,.net.ck | |
191 | +.ck,.gen.ck | |
192 | +.ck,.biz.ck | |
193 | +.ck,.info.ck | |
194 | +.cn,.ac.cn | |
195 | +.cn,.com.cn | |
196 | +.cn,.edu.cn | |
197 | +.cn,.gov.cn | |
198 | +.cn,.mil.cn | |
199 | +.cn,.net.cn | |
200 | +.cn,.org.cn | |
201 | +.cn,.ah.cn | |
202 | +.cn,.bj.cn | |
203 | +.cn,.cq.cn | |
204 | +.cn,.fj.cn | |
205 | +.cn,.gd.cn | |
206 | +.cn,.gs.cn | |
207 | +.cn,.gz.cn | |
208 | +.cn,.gx.cn | |
209 | +.cn,.ha.cn | |
210 | +.cn,.hb.cn | |
211 | +.cn,.he.cn | |
212 | +.cn,.hi.cn | |
213 | +.cn,.hl.cn | |
214 | +.cn,.hn.cn | |
215 | +.cn,.jl.cn | |
216 | +.cn,.js.cn | |
217 | +.cn,.jx.cn | |
218 | +.cn,.ln.cn | |
219 | +.cn,.nm.cn | |
220 | +.cn,.nx.cn | |
221 | +.cn,.qh.cn | |
222 | +.cn,.sc.cn | |
223 | +.cn,.sd.cn | |
224 | +.cn,.sh.cn | |
225 | +.cn,.sn.cn | |
226 | +.cn,.sx.cn | |
227 | +.cn,.tj.cn | |
228 | +.cn,.tw.cn | |
229 | +.cn,.xj.cn | |
230 | +.cn,.xz.cn | |
231 | +.cn,.yn.cn | |
232 | +.cn,.zj.cn | |
233 | +.co,.com.co | |
234 | +.co,.org.co | |
235 | +.co,.edu.co | |
236 | +.co,.gov.co | |
237 | +.co,.net.co | |
238 | +.co,.mil.co | |
239 | +.co,.nom.co | |
240 | +.cr,.ac.cr | |
241 | +.cr,.co.cr | |
242 | +.cr,.ed.cr | |
243 | +.cr,.fi.cr | |
244 | +.cr,.go.cr | |
245 | +.cr,.or.cr | |
246 | +.cr,.sa.cr | |
247 | +.cr,.cr | |
248 | +.cy,.ac.cy | |
249 | +.cy,.net.cy | |
250 | +.cy,.gov.cy | |
251 | +.cy,.org.cy | |
252 | +.cy,.pro.cy | |
253 | +.cy,.name.cy | |
254 | +.cy,.ekloges.cy | |
255 | +.cy,.tm.cy | |
256 | +.cy,.ltd.cy | |
257 | +.cy,.biz.cy | |
258 | +.cy,.press.cy | |
259 | +.cy,.parliament.cy | |
260 | +.cy,.com.cy | |
261 | +.do,.edu.do | |
262 | +.do,.gob.do | |
263 | +.do,.gov.do | |
264 | +.do,.com.do | |
265 | +.do,.sld.do | |
266 | +.do,.org.do | |
267 | +.do,.net.do | |
268 | +.do,.web.do | |
269 | +.do,.mil.do | |
270 | +.do,.art.do | |
271 | +.dz,.com.dz | |
272 | +.dz,.org.dz | |
273 | +.dz,.net.dz | |
274 | +.dz,.gov.dz | |
275 | +.dz,.edu.dz | |
276 | +.dz,.asso.dz | |
277 | +.dz,.pol.dz | |
278 | +.dz,.art.dz | |
279 | +.ec,.com.ec | |
280 | +.ec,.info.ec | |
281 | +.ec,.net.ec | |
282 | +.ec,.fin.ec | |
283 | +.ec,.med.ec | |
284 | +.ec,.pro.ec | |
285 | +.ec,.org.ec | |
286 | +.ec,.edu.ec | |
287 | +.ec,.gov.ec | |
288 | +.ec,.mil.ec | |
289 | +.eg,.com.eg | |
290 | +.eg,.edu.eg | |
291 | +.eg,.eun.eg | |
292 | +.eg,.gov.eg | |
293 | +.eg,.mil.eg | |
294 | +.eg,.name.eg | |
295 | +.eg,.net.eg | |
296 | +.eg,.org.eg | |
297 | +.eg,.sci.eg | |
298 | +.er,.com.er | |
299 | +.er,.edu.er | |
300 | +.er,.gov.er | |
301 | +.er,.mil.er | |
302 | +.er,.net.er | |
303 | +.er,.org.er | |
304 | +.er,.ind.er | |
305 | +.er,.rochest.er | |
306 | +.er,.w.er | |
307 | +.es,.com.es | |
308 | +.es,.nom.es | |
309 | +.es,.org.es | |
310 | +.es,.gob.es | |
311 | +.es,.edu.es | |
312 | +.et,.com.et | |
313 | +.et,.gov.et | |
314 | +.et,.org.et | |
315 | +.et,.edu.et | |
316 | +.et,.net.et | |
317 | +.et,.biz.et | |
318 | +.et,.name.et | |
319 | +.et,.info.et | |
320 | +.fj,.ac.fj | |
321 | +.fj,.biz.fj | |
322 | +.fj,.com.fj | |
323 | +.fj,.info.fj | |
324 | +.fj,.mil.fj | |
325 | +.fj,.name.fj | |
326 | +.fj,.net.fj | |
327 | +.fj,.org.fj | |
328 | +.fj,.pro.fj | |
329 | +.fk,.co.fk | |
330 | +.fk,.org.fk | |
331 | +.fk,.gov.fk | |
332 | +.fk,.ac.fk | |
333 | +.fk,.nom.fk | |
334 | +.fk,.net.fk | |
335 | +.fr,.fr | |
336 | +.fr,.tm.fr | |
337 | +.fr,.asso.fr | |
338 | +.fr,.nom.fr | |
339 | +.fr,.prd.fr | |
340 | +.fr,.presse.fr | |
341 | +.fr,.com.fr | |
342 | +.fr,.gouv.fr | |
343 | +.gg,.co.gg | |
344 | +.gg,.net.gg | |
345 | +.gg,.org.gg | |
346 | +.gh,.com.gh | |
347 | +.gh,.edu.gh | |
348 | +.gh,.gov.gh | |
349 | +.gh,.org.gh | |
350 | +.gh,.mil.gh | |
351 | +.gn,.com.gn | |
352 | +.gn,.ac.gn | |
353 | +.gn,.gov.gn | |
354 | +.gn,.org.gn | |
355 | +.gn,.net.gn | |
356 | +.gr,.com.gr | |
357 | +.gr,.edu.gr | |
358 | +.gr,.net.gr | |
359 | +.gr,.org.gr | |
360 | +.gr,.gov.gr | |
361 | +.gr,.mil.gr | |
362 | +.gt,.com.gt | |
363 | +.gt,.edu.gt | |
364 | +.gt,.net.gt | |
365 | +.gt,.gob.gt | |
366 | +.gt,.org.gt | |
367 | +.gt,.mil.gt | |
368 | +.gt,.ind.gt | |
369 | +.gu,.com.gu | |
370 | +.gu,.net.gu | |
371 | +.gu,.gov.gu | |
372 | +.gu,.org.gu | |
373 | +.gu,.edu.gu | |
374 | +.hk,.com.hk | |
375 | +.hk,.edu.hk | |
376 | +.hk,.gov.hk | |
377 | +.hk,.idv.hk | |
378 | +.hk,.net.hk | |
379 | +.hk,.org.hk | |
380 | +.id,.ac.id | |
381 | +.id,.co.id | |
382 | +.id,.net.id | |
383 | +.id,.or.id | |
384 | +.id,.web.id | |
385 | +.id,.sch.id | |
386 | +.id,.mil.id | |
387 | +.id,.go.id | |
388 | +.id,.war.net.id | |
389 | +.il,.ac.il | |
390 | +.il,.co.il | |
391 | +.il,.org.il | |
392 | +.il,.net.il | |
393 | +.il,.k12.il | |
394 | +.il,.gov.il | |
395 | +.il,.muni.il | |
396 | +.il,.idf.il | |
397 | +.in,.in | |
398 | +.in,.4fd.in | |
399 | +.in,.co.in | |
400 | +.in,.firm.in | |
401 | +.in,.net.in | |
402 | +.in,.org.in | |
403 | +.in,.gen.in | |
404 | +.in,.ind.in | |
405 | +.in,.ac.in | |
406 | +.in,.edu.in | |
407 | +.in,.res.in | |
408 | +.in,.ernet.in | |
409 | +.in,.gov.in | |
410 | +.in,.mil.in | |
411 | +.in,.nic.in | |
412 | +.in,.nic.in | |
413 | +.iq,.iq | |
414 | +.iq,.gov.iq | |
415 | +.iq,.edu.iq | |
416 | +.iq,.com.iq | |
417 | +.iq,.mil.iq | |
418 | +.iq,.org.iq | |
419 | +.iq,.net.iq | |
420 | +.ir,.ir | |
421 | +.ir,.ac.ir | |
422 | +.ir,.co.ir | |
423 | +.ir,.gov.ir | |
424 | +.ir,.id.ir | |
425 | +.ir,.net.ir | |
426 | +.ir,.org.ir | |
427 | +.ir,.sch.ir | |
428 | +.ir,.dnssec.ir | |
429 | +.it,.gov.it | |
430 | +.it,.edu.it | |
431 | +.je,.co.je | |
432 | +.je,.net.je | |
433 | +.je,.org.je | |
434 | +.jo,.com.jo | |
435 | +.jo,.net.jo | |
436 | +.jo,.gov.jo | |
437 | +.jo,.edu.jo | |
438 | +.jo,.org.jo | |
439 | +.jo,.mil.jo | |
440 | +.jo,.name.jo | |
441 | +.jo,.sch.jo | |
442 | +.jp,.ac.jp | |
443 | +.jp,.ad.jp | |
444 | +.jp,.co.jp | |
445 | +.jp,.ed.jp | |
446 | +.jp,.go.jp | |
447 | +.jp,.gr.jp | |
448 | +.jp,.lg.jp | |
449 | +.jp,.ne.jp | |
450 | +.jp,.or.jp | |
451 | +.ke,.co.ke | |
452 | +.ke,.or.ke | |
453 | +.ke,.ne.ke | |
454 | +.ke,.go.ke | |
455 | +.ke,.ac.ke | |
456 | +.ke,.sc.ke | |
457 | +.ke,.me.ke | |
458 | +.ke,.mobi.ke | |
459 | +.ke,.info.ke | |
460 | +.kh,.per.kh | |
461 | +.kh,.com.kh | |
462 | +.kh,.edu.kh | |
463 | +.kh,.gov.kh | |
464 | +.kh,.mil.kh | |
465 | +.kh,.net.kh | |
466 | +.kh,.org.kh | |
467 | +.ki,.com.ki | |
468 | +.ki,.biz.ki | |
469 | +.ki,.de.ki | |
470 | +.ki,.net.ki | |
471 | +.ki,.info.ki | |
472 | +.ki,.org.ki | |
473 | +.ki,.gov.ki | |
474 | +.ki,.edu.ki | |
475 | +.ki,.mob.ki | |
476 | +.ki,.tel.ki | |
477 | +.km,.km | |
478 | +.km,.com.km | |
479 | +.km,.coop.km | |
480 | +.km,.asso.km | |
481 | +.km,.nom.km | |
482 | +.km,.presse.km | |
483 | +.km,.tm.km | |
484 | +.km,.medecin.km | |
485 | +.km,.notaires.km | |
486 | +.km,.pharmaciens.km | |
487 | +.km,.veterinaire.km | |
488 | +.km,.edu.km | |
489 | +.km,.gouv.km | |
490 | +.km,.mil.km | |
491 | +.kn,.net.kn | |
492 | +.kn,.org.kn | |
493 | +.kn,.edu.kn | |
494 | +.kn,.gov.kn | |
495 | +.kr,.kr | |
496 | +.kr,.co.kr | |
497 | +.kr,.ne.kr | |
498 | +.kr,.or.kr | |
499 | +.kr,.re.kr | |
500 | +.kr,.pe.kr | |
501 | +.kr,.go.kr | |
502 | +.kr,.mil.kr | |
503 | +.kr,.ac.kr | |
504 | +.kr,.hs.kr | |
505 | +.kr,.ms.kr | |
506 | +.kr,.es.kr | |
507 | +.kr,.sc.kr | |
508 | +.kr,.kg.kr | |
509 | +.kr,.seoul.kr | |
510 | +.kr,.busan.kr | |
511 | +.kr,.daegu.kr | |
512 | +.kr,.incheon.kr | |
513 | +.kr,.gwangju.kr | |
514 | +.kr,.daejeon.kr | |
515 | +.kr,.ulsan.kr | |
516 | +.kr,.gyeonggi.kr | |
517 | +.kr,.gangwon.kr | |
518 | +.kr,.chungbuk.kr | |
519 | +.kr,.chungnam.kr | |
520 | +.kr,.jeonbuk.kr | |
521 | +.kr,.jeonnam.kr | |
522 | +.kr,.gyeongbuk.kr | |
523 | +.kr,.gyeongnam.kr | |
524 | +.kr,.jeju.kr | |
525 | +.kw,.edu.kw | |
526 | +.kw,.com.kw | |
527 | +.kw,.net.kw | |
528 | +.kw,.org.kw | |
529 | +.kw,.gov.kw | |
530 | +.ky,.com.ky | |
531 | +.ky,.org.ky | |
532 | +.ky,.net.ky | |
533 | +.ky,.edu.ky | |
534 | +.ky,.gov.ky | |
535 | +.kz,.com.kz | |
536 | +.kz,.edu.kz | |
537 | +.kz,.gov.kz | |
538 | +.kz,.mil.kz | |
539 | +.kz,.net.kz | |
540 | +.kz,.org.kz | |
541 | +.lb,.com.lb | |
542 | +.lb,.edu.lb | |
543 | +.lb,.gov.lb | |
544 | +.lb,.net.lb | |
545 | +.lb,.org.lb | |
546 | +.lk,.gov.lk | |
547 | +.lk,.sch.lk | |
548 | +.lk,.net.lk | |
549 | +.lk,.int.lk | |
550 | +.lk,.com.lk | |
551 | +.lk,.org.lk | |
552 | +.lk,.edu.lk | |
553 | +.lk,.ngo.lk | |
554 | +.lk,.soc.lk | |
555 | +.lk,.web.lk | |
556 | +.lk,.ltd.lk | |
557 | +.lk,.assn.lk | |
558 | +.lk,.grp.lk | |
559 | +.lk,.hotel.lk | |
560 | +.lr,.com.lr | |
561 | +.lr,.edu.lr | |
562 | +.lr,.gov.lr | |
563 | +.lr,.org.lr | |
564 | +.lr,.net.lr | |
565 | +.lv,.com.lv | |
566 | +.lv,.edu.lv | |
567 | +.lv,.gov.lv | |
568 | +.lv,.org.lv | |
569 | +.lv,.mil.lv | |
570 | +.lv,.id.lv | |
571 | +.lv,.net.lv | |
572 | +.lv,.asn.lv | |
573 | +.lv,.conf.lv | |
574 | +.ly,.com.ly | |
575 | +.ly,.net.ly | |
576 | +.ly,.gov.ly | |
577 | +.ly,.plc.ly | |
578 | +.ly,.edu.ly | |
579 | +.ly,.sch.ly | |
580 | +.ly,.med.ly | |
581 | +.ly,.org.ly | |
582 | +.ly,.id.ly | |
583 | +.ma,.ma | |
584 | +.ma,.net.ma | |
585 | +.ma,.ac.ma | |
586 | +.ma,.org.ma | |
587 | +.ma,.gov.ma | |
588 | +.ma,.press.ma | |
589 | +.ma,.co.ma | |
590 | +.mc,.tm.mc | |
591 | +.mc,.asso.mc | |
592 | +.me,.co.me | |
593 | +.me,.net.me | |
594 | +.me,.org.me | |
595 | +.me,.edu.me | |
596 | +.me,.ac.me | |
597 | +.me,.gov.me | |
598 | +.me,.its.me | |
599 | +.me,.priv.me | |
600 | +.mg,.org.mg | |
601 | +.mg,.nom.mg | |
602 | +.mg,.gov.mg | |
603 | +.mg,.prd.mg | |
604 | +.mg,.tm.mg | |
605 | +.mg,.edu.mg | |
606 | +.mg,.mil.mg | |
607 | +.mg,.com.mg | |
608 | +.mk,.com.mk | |
609 | +.mk,.org.mk | |
610 | +.mk,.net.mk | |
611 | +.mk,.edu.mk | |
612 | +.mk,.gov.mk | |
613 | +.mk,.inf.mk | |
614 | +.mk,.name.mk | |
615 | +.mk,.pro.mk | |
616 | +.ml,.com.ml | |
617 | +.ml,.net.ml | |
618 | +.ml,.org.ml | |
619 | +.ml,.edu.ml | |
620 | +.ml,.gov.ml | |
621 | +.ml,.presse.ml | |
622 | +.mn,.gov.mn | |
623 | +.mn,.edu.mn | |
624 | +.mn,.org.mn | |
625 | +.mo,.com.mo | |
626 | +.mo,.edu.mo | |
627 | +.mo,.gov.mo | |
628 | +.mo,.net.mo | |
629 | +.mo,.org.mo | |
630 | +.mt,.com.mt | |
631 | +.mt,.org.mt | |
632 | +.mt,.net.mt | |
633 | +.mt,.edu.mt | |
634 | +.mt,.gov.mt | |
635 | +.mv,.aero.mv | |
636 | +.mv,.biz.mv | |
637 | +.mv,.com.mv | |
638 | +.mv,.coop.mv | |
639 | +.mv,.edu.mv | |
640 | +.mv,.gov.mv | |
641 | +.mv,.info.mv | |
642 | +.mv,.int.mv | |
643 | +.mv,.mil.mv | |
644 | +.mv,.museum.mv | |
645 | +.mv,.name.mv | |
646 | +.mv,.net.mv | |
647 | +.mv,.org.mv | |
648 | +.mv,.pro.mv | |
649 | +.mw,.ac.mw | |
650 | +.mw,.co.mw | |
651 | +.mw,.com.mw | |
652 | +.mw,.coop.mw | |
653 | +.mw,.edu.mw | |
654 | +.mw,.gov.mw | |
655 | +.mw,.int.mw | |
656 | +.mw,.museum.mw | |
657 | +.mw,.net.mw | |
658 | +.mw,.org.mw | |
659 | +.mx,.com.mx | |
660 | +.mx,.net.mx | |
661 | +.mx,.org.mx | |
662 | +.mx,.edu.mx | |
663 | +.mx,.gob.mx | |
664 | +.my,.com.my | |
665 | +.my,.net.my | |
666 | +.my,.org.my | |
667 | +.my,.gov.my | |
668 | +.my,.edu.my | |
669 | +.my,.sch.my | |
670 | +.my,.mil.my | |
671 | +.my,.name.my | |
672 | +.nf,.com.nf | |
673 | +.nf,.net.nf | |
674 | +.nf,.arts.nf | |
675 | +.nf,.store.nf | |
676 | +.nf,.web.nf | |
677 | +.nf,.firm.nf | |
678 | +.nf,.info.nf | |
679 | +.nf,.other.nf | |
680 | +.nf,.per.nf | |
681 | +.nf,.rec.nf | |
682 | +.ng,.com.ng | |
683 | +.ng,.org.ng | |
684 | +.ng,.gov.ng | |
685 | +.ng,.edu.ng | |
686 | +.ng,.net.ng | |
687 | +.ng,.sch.ng | |
688 | +.ng,.name.ng | |
689 | +.ng,.mobi.ng | |
690 | +.ng,.biz.ng | |
691 | +.ng,.mil.ng | |
692 | +.ni,.gob.ni | |
693 | +.ni,.co.ni | |
694 | +.ni,.com.ni | |
695 | +.ni,.ac.ni | |
696 | +.ni,.edu.ni | |
697 | +.ni,.org.ni | |
698 | +.ni,.nom.ni | |
699 | +.ni,.net.ni | |
700 | +.ni,.mil.ni | |
701 | +.np,.com.np | |
702 | +.np,.edu.np | |
703 | +.np,.gov.np | |
704 | +.np,.org.np | |
705 | +.np,.mil.np | |
706 | +.np,.net.np | |
707 | +.nr,.edu.nr | |
708 | +.nr,.gov.nr | |
709 | +.nr,.biz.nr | |
710 | +.nr,.info.nr | |
711 | +.nr,.net.nr | |
712 | +.nr,.org.nr | |
713 | +.nr,.com.nr | |
714 | +.om,.com.om | |
715 | +.om,.co.om | |
716 | +.om,.edu.om | |
717 | +.om,.ac.om | |
718 | +.om,.sch.om | |
719 | +.om,.gov.om | |
720 | +.om,.net.om | |
721 | +.om,.org.om | |
722 | +.om,.mil.om | |
723 | +.om,.museum.om | |
724 | +.om,.biz.om | |
725 | +.om,.pro.om | |
726 | +.om,.med.om | |
727 | +.pe,.edu.pe | |
728 | +.pe,.gob.pe | |
729 | +.pe,.nom.pe | |
730 | +.pe,.mil.pe | |
731 | +.pe,.sld.pe | |
732 | +.pe,.org.pe | |
733 | +.pe,.com.pe | |
734 | +.pe,.net.pe | |
735 | +.ph,.com.ph | |
736 | +.ph,.net.ph | |
737 | +.ph,.org.ph | |
738 | +.ph,.mil.ph | |
739 | +.ph,.ngo.ph | |
740 | +.ph,.i.ph | |
741 | +.ph,.gov.ph | |
742 | +.ph,.edu.ph | |
743 | +.pk,.com.pk | |
744 | +.pk,.net.pk | |
745 | +.pk,.edu.pk | |
746 | +.pk,.org.pk | |
747 | +.pk,.fam.pk | |
748 | +.pk,.biz.pk | |
749 | +.pk,.web.pk | |
750 | +.pk,.gov.pk | |
751 | +.pk,.gob.pk | |
752 | +.pk,.gok.pk | |
753 | +.pk,.gon.pk | |
754 | +.pk,.gop.pk | |
755 | +.pk,.gos.pk | |
756 | +.pl,.pwr.pl | |
757 | +.pl,.com.pl | |
758 | +.pl,.biz.pl | |
759 | +.pl,.net.pl | |
760 | +.pl,.art.pl | |
761 | +.pl,.edu.pl | |
762 | +.pl,.org.pl | |
763 | +.pl,.ngo.pl | |
764 | +.pl,.gov.pl | |
765 | +.pl,.info.pl | |
766 | +.pl,.mil.pl | |
767 | +.pl,.waw.pl | |
768 | +.pl,.warszawa.pl | |
769 | +.pl,.wroc.pl | |
770 | +.pl,.wroclaw.pl | |
771 | +.pl,.krakow.pl | |
772 | +.pl,.katowice.pl | |
773 | +.pl,.poznan.pl | |
774 | +.pl,.lodz.pl | |
775 | +.pl,.gda.pl | |
776 | +.pl,.gdansk.pl | |
777 | +.pl,.slupsk.pl | |
778 | +.pl,.radom.pl | |
779 | +.pl,.szczecin.pl | |
780 | +.pl,.lublin.pl | |
781 | +.pl,.bialystok.pl | |
782 | +.pl,.olsztyn.pl | |
783 | +.pl,.torun.pl | |
784 | +.pl,.gorzow.pl | |
785 | +.pl,.zgora.pl | |
786 | +.pr,.biz.pr | |
787 | +.pr,.com.pr | |
788 | +.pr,.edu.pr | |
789 | +.pr,.gov.pr | |
790 | +.pr,.info.pr | |
791 | +.pr,.isla.pr | |
792 | +.pr,.name.pr | |
793 | +.pr,.net.pr | |
794 | +.pr,.org.pr | |
795 | +.pr,.pro.pr | |
796 | +.pr,.est.pr | |
797 | +.pr,.prof.pr | |
798 | +.pr,.ac.pr | |
799 | +.ps,.com.ps | |
800 | +.ps,.net.ps | |
801 | +.ps,.org.ps | |
802 | +.ps,.edu.ps | |
803 | +.ps,.gov.ps | |
804 | +.ps,.plo.ps | |
805 | +.ps,.sec.ps | |
806 | +.pw,.co.pw | |
807 | +.pw,.ne.pw | |
808 | +.pw,.or.pw | |
809 | +.pw,.ed.pw | |
810 | +.pw,.go.pw | |
811 | +.pw,.belau.pw | |
812 | +.ro,.arts.ro | |
813 | +.ro,.com.ro | |
814 | +.ro,.firm.ro | |
815 | +.ro,.info.ro | |
816 | +.ro,.nom.ro | |
817 | +.ro,.nt.ro | |
818 | +.ro,.org.ro | |
819 | +.ro,.rec.ro | |
820 | +.ro,.store.ro | |
821 | +.ro,.tm.ro | |
822 | +.ro,.www.ro | |
823 | +.rs,.co.rs | |
824 | +.rs,.org.rs | |
825 | +.rs,.edu.rs | |
826 | +.rs,.ac.rs | |
827 | +.rs,.gov.rs | |
828 | +.rs,.in.rs | |
829 | +.sb,.com.sb | |
830 | +.sb,.net.sb | |
831 | +.sb,.edu.sb | |
832 | +.sb,.org.sb | |
833 | +.sb,.gov.sb | |
834 | +.sc,.com.sc | |
835 | +.sc,.net.sc | |
836 | +.sc,.edu.sc | |
837 | +.sc,.gov.sc | |
838 | +.sc,.org.sc | |
839 | +.sh,.co.sh | |
840 | +.sh,.com.sh | |
841 | +.sh,.org.sh | |
842 | +.sh,.gov.sh | |
843 | +.sh,.edu.sh | |
844 | +.sh,.net.sh | |
845 | +.sh,.nom.sh | |
846 | +.sl,.com.sl | |
847 | +.sl,.net.sl | |
848 | +.sl,.org.sl | |
849 | +.sl,.edu.sl | |
850 | +.sl,.gov.sl | |
851 | +.st,.gov.st | |
852 | +.st,.saotome.st | |
853 | +.st,.principe.st | |
854 | +.st,.consulado.st | |
855 | +.st,.embaixada.st | |
856 | +.st,.org.st | |
857 | +.st,.edu.st | |
858 | +.st,.net.st | |
859 | +.st,.com.st | |
860 | +.st,.store.st | |
861 | +.st,.mil.st | |
862 | +.st,.co.st | |
863 | +.sv,.edu.sv | |
864 | +.sv,.gob.sv | |
865 | +.sv,.com.sv | |
866 | +.sv,.org.sv | |
867 | +.sv,.red.sv | |
868 | +.sz,.co.sz | |
869 | +.sz,.ac.sz | |
870 | +.sz,.org.sz | |
871 | +.tr,.com.tr | |
872 | +.tr,.gen.tr | |
873 | +.tr,.org.tr | |
874 | +.tr,.biz.tr | |
875 | +.tr,.info.tr | |
876 | +.tr,.av.tr | |
877 | +.tr,.dr.tr | |
878 | +.tr,.pol.tr | |
879 | +.tr,.bel.tr | |
880 | +.tr,.tsk.tr | |
881 | +.tr,.bbs.tr | |
882 | +.tr,.k12.tr | |
883 | +.tr,.edu.tr | |
884 | +.tr,.name.tr | |
885 | +.tr,.net.tr | |
886 | +.tr,.gov.tr | |
887 | +.tr,.web.tr | |
888 | +.tr,.tel.tr | |
889 | +.tr,.tv.tr | |
890 | +.tt,.co.tt | |
891 | +.tt,.com.tt | |
892 | +.tt,.org.tt | |
893 | +.tt,.net.tt | |
894 | +.tt,.biz.tt | |
895 | +.tt,.info.tt | |
896 | +.tt,.pro.tt | |
897 | +.tt,.int.tt | |
898 | +.tt,.coop.tt | |
899 | +.tt,.jobs.tt | |
900 | +.tt,.mobi.tt | |
901 | +.tt,.travel.tt | |
902 | +.tt,.museum.tt | |
903 | +.tt,.aero.tt | |
904 | +.tt,.cat.tt | |
905 | +.tt,.tel.tt | |
906 | +.tt,.name.tt | |
907 | +.tt,.mil.tt | |
908 | +.tt,.edu.tt | |
909 | +.tt,.gov.tt | |
910 | +.tw,.edu.tw | |
911 | +.tw,.gov.tw | |
912 | +.tw,.mil.tw | |
913 | +.tw,.com.tw | |
914 | +.tw,.net.tw | |
915 | +.tw,.org.tw | |
916 | +.tw,.idv.tw | |
917 | +.tw,.game.tw | |
918 | +.tw,.ebiz.tw | |
919 | +.tw,.club.tw | |
920 | +.mu,.com.mu | |
921 | +.mu,.gov.mu | |
922 | +.mu,.net.mu | |
923 | +.mu,.org.mu | |
924 | +.mu,.ac.mu | |
925 | +.mu,.co.mu | |
926 | +.mu,.or.mu | |
927 | +.mz,.ac.mz | |
928 | +.mz,.co.mz | |
929 | +.mz,.edu.mz | |
930 | +.mz,.org.mz | |
931 | +.mz,.gov.mz | |
932 | +.na,.com.na | |
933 | +.na,.co.na | |
934 | +.nz,.ac.nz | |
935 | +.nz,.co.nz | |
936 | +.nz,.cri.nz | |
937 | +.nz,.geek.nz | |
938 | +.nz,.gen.nz | |
939 | +.nz,.govt.nz | |
940 | +.nz,.health.nz | |
941 | +.nz,.iwi.nz | |
942 | +.nz,.maori.nz | |
943 | +.nz,.mil.nz | |
944 | +.nz,.net.nz | |
945 | +.nz,.org.nz | |
946 | +.nz,.parliament.nz | |
947 | +.nz,.school.nz | |
948 | +.pa,.abo.pa | |
949 | +.pa,.ac.pa | |
950 | +.pa,.com.pa | |
951 | +.pa,.edu.pa | |
952 | +.pa,.gob.pa | |
953 | +.pa,.ing.pa | |
954 | +.pa,.med.pa | |
955 | +.pa,.net.pa | |
956 | +.pa,.nom.pa | |
957 | +.pa,.org.pa | |
958 | +.pa,.sld.pa | |
959 | +.pt,.com.pt | |
960 | +.pt,.edu.pt | |
961 | +.pt,.gov.pt | |
962 | +.pt,.int.pt | |
963 | +.pt,.net.pt | |
964 | +.pt,.nome.pt | |
965 | +.pt,.org.pt | |
966 | +.pt,.publ.pt | |
967 | +.py,.com.py | |
968 | +.py,.edu.py | |
969 | +.py,.gov.py | |
970 | +.py,.mil.py | |
971 | +.py,.net.py | |
972 | +.py,.org.py | |
973 | +.qa,.com.qa | |
974 | +.qa,.edu.qa | |
975 | +.qa,.gov.qa | |
976 | +.qa,.mil.qa | |
977 | +.qa,.net.qa | |
978 | +.qa,.org.qa | |
979 | +.re,.asso.re | |
980 | +.re,.com.re | |
981 | +.re,.nom.re | |
982 | +.ru,.ac.ru | |
983 | +.ru,.adygeya.ru | |
984 | +.ru,.altai.ru | |
985 | +.ru,.amur.ru | |
986 | +.ru,.arkhangelsk.ru | |
987 | +.ru,.astrakhan.ru | |
988 | +.ru,.bashkiria.ru | |
989 | +.ru,.belgorod.ru | |
990 | +.ru,.bir.ru | |
991 | +.ru,.bryansk.ru | |
992 | +.ru,.buryatia.ru | |
993 | +.ru,.cbg.ru | |
994 | +.ru,.chel.ru | |
995 | +.ru,.chelyabinsk.ru | |
996 | +.ru,.chita.ru | |
997 | +.ru,.chita.ru | |
998 | +.ru,.chukotka.ru | |
999 | +.ru,.chuvashia.ru | |
1000 | +.ru,.com.ru | |
1001 | +.ru,.dagestan.ru | |
1002 | +.ru,.e-burg.ru | |
1003 | +.ru,.edu.ru | |
1004 | +.ru,.gov.ru | |
1005 | +.ru,.grozny.ru | |
1006 | +.ru,.int.ru | |
1007 | +.ru,.irkutsk.ru | |
1008 | +.ru,.ivanovo.ru | |
1009 | +.ru,.izhevsk.ru | |
1010 | +.ru,.jar.ru | |
1011 | +.ru,.joshkar-ola.ru | |
1012 | +.ru,.kalmykia.ru | |
1013 | +.ru,.kaluga.ru | |
1014 | +.ru,.kamchatka.ru | |
1015 | +.ru,.karelia.ru | |
1016 | +.ru,.kazan.ru | |
1017 | +.ru,.kchr.ru | |
1018 | +.ru,.kemerovo.ru | |
1019 | +.ru,.khabarovsk.ru | |
1020 | +.ru,.khakassia.ru | |
1021 | +.ru,.khv.ru | |
1022 | +.ru,.kirov.ru | |
1023 | +.ru,.koenig.ru | |
1024 | +.ru,.komi.ru | |
1025 | +.ru,.kostroma.ru | |
1026 | +.ru,.kranoyarsk.ru | |
1027 | +.ru,.kuban.ru | |
1028 | +.ru,.kurgan.ru | |
1029 | +.ru,.kursk.ru | |
1030 | +.ru,.lipetsk.ru | |
1031 | +.ru,.magadan.ru | |
1032 | +.ru,.mari.ru | |
1033 | +.ru,.mari-el.ru | |
1034 | +.ru,.marine.ru | |
1035 | +.ru,.mil.ru | |
1036 | +.ru,.mordovia.ru | |
1037 | +.ru,.mosreg.ru | |
1038 | +.ru,.msk.ru | |
1039 | +.ru,.murmansk.ru | |
1040 | +.ru,.nalchik.ru | |
1041 | +.ru,.net.ru | |
1042 | +.ru,.nnov.ru | |
1043 | +.ru,.nov.ru | |
1044 | +.ru,.novosibirsk.ru | |
1045 | +.ru,.nsk.ru | |
1046 | +.ru,.omsk.ru | |
1047 | +.ru,.orenburg.ru | |
1048 | +.ru,.org.ru | |
1049 | +.ru,.oryol.ru | |
1050 | +.ru,.penza.ru | |
1051 | +.ru,.perm.ru | |
1052 | +.ru,.pp.ru | |
1053 | +.ru,.pskov.ru | |
1054 | +.ru,.ptz.ru | |
1055 | +.ru,.rnd.ru | |
1056 | +.ru,.ryazan.ru | |
1057 | +.ru,.sakhalin.ru | |
1058 | +.ru,.samara.ru | |
1059 | +.ru,.saratov.ru | |
1060 | +.ru,.simbirsk.ru | |
1061 | +.ru,.smolensk.ru | |
1062 | +.ru,.spb.ru | |
1063 | +.ru,.stavropol.ru | |
1064 | +.ru,.stv.ru | |
1065 | +.ru,.surgut.ru | |
1066 | +.ru,.tambov.ru | |
1067 | +.ru,.tatarstan.ru | |
1068 | +.ru,.tom.ru | |
1069 | +.ru,.tomsk.ru | |
1070 | +.ru,.tsaritsyn.ru | |
1071 | +.ru,.tsk.ru | |
1072 | +.ru,.tula.ru | |
1073 | +.ru,.tuva.ru | |
1074 | +.ru,.tver.ru | |
1075 | +.ru,.tyumen.ru | |
1076 | +.ru,.udm.ru | |
1077 | +.ru,.udmurtia.ru | |
1078 | +.ru,.ulan-ude.ru | |
1079 | +.ru,.vladikavkaz.ru | |
1080 | +.ru,.vladimir.ru | |
1081 | +.ru,.vladivostok.ru | |
1082 | +.ru,.volgograd.ru | |
1083 | +.ru,.vologda.ru | |
1084 | +.ru,.voronezh.ru | |
1085 | +.ru,.vrn.ru | |
1086 | +.ru,.vyatka.ru | |
1087 | +.ru,.yakutia.ru | |
1088 | +.ru,.yamal.ru | |
1089 | +.ru,.yekaterinburg.ru | |
1090 | +.ru,.yuzhno-sakhalinsk.ru | |
1091 | +.rw,.ac.rw | |
1092 | +.rw,.co.rw | |
1093 | +.rw,.com.rw | |
1094 | +.rw,.edu.rw | |
1095 | +.rw,.gouv.rw | |
1096 | +.rw,.gov.rw | |
1097 | +.rw,.int.rw | |
1098 | +.rw,.mil.rw | |
1099 | +.rw,.net.rw | |
1100 | +.sa,.com.sa | |
1101 | +.sa,.edu.sa | |
1102 | +.sa,.gov.sa | |
1103 | +.sa,.med.sa | |
1104 | +.sa,.net.sa | |
1105 | +.sa,.org.sa | |
1106 | +.sa,.pub.sa | |
1107 | +.sa,.sch.sa | |
1108 | +.sd,.com.sd | |
1109 | +.sd,.edu.sd | |
1110 | +.sd,.gov.sd | |
1111 | +.sd,.info.sd | |
1112 | +.sd,.med.sd | |
1113 | +.sd,.net.sd | |
1114 | +.sd,.org.sd | |
1115 | +.sd,.tv.sd | |
1116 | +.se,.a.se | |
1117 | +.se,.ac.se | |
1118 | +.se,.b.se | |
1119 | +.se,.bd.se | |
1120 | +.se,.c.se | |
1121 | +.se,.d.se | |
1122 | +.se,.e.se | |
1123 | +.se,.f.se | |
1124 | +.se,.g.se | |
1125 | +.se,.h.se | |
1126 | +.se,.i.se | |
1127 | +.se,.k.se | |
1128 | +.se,.l.se | |
1129 | +.se,.m.se | |
1130 | +.se,.n.se | |
1131 | +.se,.o.se | |
1132 | +.se,.org.se | |
1133 | +.se,.p.se | |
1134 | +.se,.parti.se | |
1135 | +.se,.pp.se | |
1136 | +.se,.press.se | |
1137 | +.se,.r.se | |
1138 | +.se,.s.se | |
1139 | +.se,.t.se | |
1140 | +.se,.tm.se | |
1141 | +.se,.u.se | |
1142 | +.se,.w.se | |
1143 | +.se,.x.se | |
1144 | +.se,.y.se | |
1145 | +.se,.z.se | |
1146 | +.sg,.com.sg | |
1147 | +.sg,.edu.sg | |
1148 | +.sg,.gov.sg | |
1149 | +.sg,.idn.sg | |
1150 | +.sg,.net.sg | |
1151 | +.sg,.org.sg | |
1152 | +.sg,.per.sg | |
1153 | +.sn,.art.sn | |
1154 | +.sn,.com.sn | |
1155 | +.sn,.edu.sn | |
1156 | +.sn,.gouv.sn | |
1157 | +.sn,.org.sn | |
1158 | +.sn,.perso.sn | |
1159 | +.sn,.univ.sn | |
1160 | +.sy,.com.sy | |
1161 | +.sy,.edu.sy | |
1162 | +.sy,.gov.sy | |
1163 | +.sy,.mil.sy | |
1164 | +.sy,.net.sy | |
1165 | +.sy,.news.sy | |
1166 | +.sy,.org.sy | |
1167 | +.th,.ac.th | |
1168 | +.th,.co.th | |
1169 | +.th,.go.th | |
1170 | +.th,.in.th | |
1171 | +.th,.mi.th | |
1172 | +.th,.net.th | |
1173 | +.th,.or.th | |
1174 | +.tj,.ac.tj | |
1175 | +.tj,.biz.tj | |
1176 | +.tj,.co.tj | |
1177 | +.tj,.com.tj | |
1178 | +.tj,.edu.tj | |
1179 | +.tj,.go.tj | |
1180 | +.tj,.gov.tj | |
1181 | +.tj,.info.tj | |
1182 | +.tj,.int.tj | |
1183 | +.tj,.mil.tj | |
1184 | +.tj,.name.tj | |
1185 | +.tj,.net.tj | |
1186 | +.tj,.nic.tj | |
1187 | +.tj,.org.tj | |
1188 | +.tj,.test.tj | |
1189 | +.tj,.web.tj | |
1190 | +.tn,.agrinet.tn | |
1191 | +.tn,.com.tn | |
1192 | +.tn,.defense.tn | |
1193 | +.tn,.edunet.tn | |
1194 | +.tn,.ens.tn | |
1195 | +.tn,.fin.tn | |
1196 | +.tn,.gov.tn | |
1197 | +.tn,.ind.tn | |
1198 | +.tn,.info.tn | |
1199 | +.tn,.intl.tn | |
1200 | +.tn,.mincom.tn | |
1201 | +.tn,.nat.tn | |
1202 | +.tn,.net.tn | |
1203 | +.tn,.org.tn | |
1204 | +.tn,.perso.tn | |
1205 | +.tn,.rnrt.tn | |
1206 | +.tn,.rns.tn | |
1207 | +.tn,.rnu.tn | |
1208 | +.tn,.tourism.tn | |
1209 | +.tz,.ac.tz | |
1210 | +.tz,.co.tz | |
1211 | +.tz,.go.tz | |
1212 | +.tz,.ne.tz | |
1213 | +.tz,.or.tz | |
1214 | +.ua,.biz.ua | |
1215 | +.ua,.cherkassy.ua | |
1216 | +.ua,.chernigov.ua | |
1217 | +.ua,.chernovtsy.ua | |
1218 | +.ua,.ck.ua | |
1219 | +.ua,.cn.ua | |
1220 | +.ua,.co.ua | |
1221 | +.ua,.com.ua | |
1222 | +.ua,.crimea.ua | |
1223 | +.ua,.cv.ua | |
1224 | +.ua,.dn.ua | |
1225 | +.ua,.dnepropetrovsk.ua | |
1226 | +.ua,.donetsk.ua | |
1227 | +.ua,.dp.ua | |
1228 | +.ua,.edu.ua | |
1229 | +.ua,.gov.ua | |
1230 | +.ua,.if.ua | |
1231 | +.ua,.in.ua | |
1232 | +.ua,.ivano-frankivsk.ua | |
1233 | +.ua,.kh.ua | |
1234 | +.ua,.kharkov.ua | |
1235 | +.ua,.kherson.ua | |
1236 | +.ua,.khmelnitskiy.ua | |
1237 | +.ua,.kiev.ua | |
1238 | +.ua,.kirovograd.ua | |
1239 | +.ua,.km.ua | |
1240 | +.ua,.kr.ua | |
1241 | +.ua,.ks.ua | |
1242 | +.ua,.kv.ua | |
1243 | +.ua,.lg.ua | |
1244 | +.ua,.lugansk.ua | |
1245 | +.ua,.lutsk.ua | |
1246 | +.ua,.lviv.ua | |
1247 | +.ua,.me.ua | |
1248 | +.ua,.mk.ua | |
1249 | +.ua,.net.ua | |
1250 | +.ua,.nikolaev.ua | |
1251 | +.ua,.od.ua | |
1252 | +.ua,.odessa.ua | |
1253 | +.ua,.org.ua | |
1254 | +.ua,.pl.ua | |
1255 | +.ua,.poltava.ua | |
1256 | +.ua,.pp.ua | |
1257 | +.ua,.rovno.ua | |
1258 | +.ua,.rv.ua | |
1259 | +.ua,.sebastopol.ua | |
1260 | +.ua,.sumy.ua | |
1261 | +.ua,.te.ua | |
1262 | +.ua,.ternopil.ua | |
1263 | +.ua,.uzhgorod.ua | |
1264 | +.ua,.vinnica.ua | |
1265 | +.ua,.vn.ua | |
1266 | +.ua,.zaporizhzhe.ua | |
1267 | +.ua,.zhitomir.ua | |
1268 | +.ua,.zp.ua | |
1269 | +.ua,.zt.ua | |
1270 | +.ug,.ac.ug | |
1271 | +.ug,.co.ug | |
1272 | +.ug,.go.ug | |
1273 | +.ug,.ne.ug | |
1274 | +.ug,.or.ug | |
1275 | +.ug,.org.ug | |
1276 | +.ug,.sc.ug | |
1277 | +.uk,.ac.uk | |
1278 | +.uk,.bl.uk | |
1279 | +.uk,.british-library.uk | |
1280 | +.uk,.co.uk | |
1281 | +.uk,.cym.uk | |
1282 | +.uk,.gov.uk | |
1283 | +.uk,.govt.uk | |
1284 | +.uk,.icnet.uk | |
1285 | +.uk,.jet.uk | |
1286 | +.uk,.lea.uk | |
1287 | +.uk,.ltd.uk | |
1288 | +.uk,.me.uk | |
1289 | +.uk,.mil.uk | |
1290 | +.uk,.mod.uk | |
1291 | +.uk,.mod.uk | |
1292 | +.uk,.national-library-scotland.uk | |
1293 | +.uk,.nel.uk | |
1294 | +.uk,.net.uk | |
1295 | +.uk,.nhs.uk | |
1296 | +.uk,.nhs.uk | |
1297 | +.uk,.nic.uk | |
1298 | +.uk,.nls.uk | |
1299 | +.uk,.org.uk | |
1300 | +.uk,.orgn.uk | |
1301 | +.uk,.parliament.uk | |
1302 | +.uk,.parliament.uk | |
1303 | +.uk,.plc.uk | |
1304 | +.uk,.police.uk | |
1305 | +.uk,.sch.uk | |
1306 | +.uk,.scot.uk | |
1307 | +.uk,.soc.uk | |
1308 | +.us,.4fd.us | |
1309 | +.us,.dni.us | |
1310 | +.us,.fed.us | |
1311 | +.us,.isa.us | |
1312 | +.us,.kids.us | |
1313 | +.us,.nsn.us | |
1314 | +.uy,.com.uy | |
1315 | +.uy,.edu.uy | |
1316 | +.uy,.gub.uy | |
1317 | +.uy,.mil.uy | |
1318 | +.uy,.net.uy | |
1319 | +.uy,.org.uy | |
1320 | +.ve,.co.ve | |
1321 | +.ve,.com.ve | |
1322 | +.ve,.edu.ve | |
1323 | +.ve,.gob.ve | |
1324 | +.ve,.info.ve | |
1325 | +.ve,.mil.ve | |
1326 | +.ve,.net.ve | |
1327 | +.ve,.org.ve | |
1328 | +.ve,.web.ve | |
1329 | +.vi,.co.vi | |
1330 | +.vi,.com.vi | |
1331 | +.vi,.k12.vi | |
1332 | +.vi,.net.vi | |
1333 | +.vi,.org.vi | |
1334 | +.vn,.ac.vn | |
1335 | +.vn,.biz.vn | |
1336 | +.vn,.com.vn | |
1337 | +.vn,.edu.vn | |
1338 | +.vn,.gov.vn | |
1339 | +.vn,.health.vn | |
1340 | +.vn,.info.vn | |
1341 | +.vn,.int.vn | |
1342 | +.vn,.name.vn | |
1343 | +.vn,.net.vn | |
1344 | +.vn,.org.vn | |
1345 | +.vn,.pro.vn | |
1346 | +.ye,.co.ye | |
1347 | +.ye,.com.ye | |
1348 | +.ye,.gov.ye | |
1349 | +.ye,.ltd.ye | |
1350 | +.ye,.me.ye | |
1351 | +.ye,.net.ye | |
1352 | +.ye,.org.ye | |
1353 | +.ye,.plc.ye | |
1354 | +.yu,.ac.yu | |
1355 | +.yu,.co.yu | |
1356 | +.yu,.edu.yu | |
1357 | +.yu,.gov.yu | |
1358 | +.yu,.org.yu | |
1359 | +.za,.ac.za | |
1360 | +.za,.agric.za | |
1361 | +.za,.alt.za | |
1362 | +.za,.bourse.za | |
1363 | +.za,.city.za | |
1364 | +.za,.co.za | |
1365 | +.za,.cybernet.za | |
1366 | +.za,.db.za | |
1367 | +.za,.ecape.school.za | |
1368 | +.za,.edu.za | |
1369 | +.za,.fs.school.za | |
1370 | +.za,.gov.za | |
1371 | +.za,.gp.school.za | |
1372 | +.za,.grondar.za | |
1373 | +.za,.iaccess.za | |
1374 | +.za,.imt.za | |
1375 | +.za,.inca.za | |
1376 | +.za,.kzn.school.za | |
1377 | +.za,.landesign.za | |
1378 | +.za,.law.za | |
1379 | +.za,.lp.school.za | |
1380 | +.za,.mil.za | |
1381 | +.za,.mpm.school.za | |
1382 | +.za,.ncape.school.za | |
1383 | +.za,.net.za | |
1384 | +.za,.ngo.za | |
1385 | +.za,.nis.za | |
1386 | +.za,.nom.za | |
1387 | +.za,.nw.school.za | |
1388 | +.za,.olivetti.za | |
1389 | +.za,.org.za | |
1390 | +.za,.pix.za | |
1391 | +.za,.school.za | |
1392 | +.za,.tm.za | |
1393 | +.za,.wcape.school.za | |
1394 | +.za,.web.za | |
1395 | +.zm,.ac.zm | |
1396 | +.zm,.co.zm | |
1397 | +.zm,.com.zm | |
1398 | +.zm,.edu.zm | |
1399 | +.zm,.gov.zm | |
1400 | +.zm,.net.zm | |
1401 | +.zm,.org.zm | |
1402 | +.zm,.sch.zm |
@@ -1,4 +1,5 @@ | ||
1 | 1 | #!/bin/bash |
2 | +#stage1 | |
2 | 3 | |
3 | 4 | debug=0 |
4 | 5 |
@@ -7,7 +8,7 @@ | ||
7 | 8 | [[ -z $ip ]] && echo function $0 requires \$ip && exit 1 |
8 | 9 | |
9 | 10 | #need to separate the commands to get the first return code |
10 | - ptrstr=`host $ip` || continue | |
11 | + ptrstr=`host -W3 $ip` || continue | |
11 | 12 | #{ echo DEBUG: ip is $ip; continue; } |
12 | 13 | |
13 | 14 | #we need to avoid backslash escaped foreign chars e.g. |
@@ -21,7 +22,7 @@ | ||
21 | 22 | [[ $ptr = "" ]] && echo weird EMPTY ptr on ip $ip >> $piece.weird && continue |
22 | 23 | (( debug == 1 )) && echo ptr is $ptr |
23 | 24 | |
24 | - hostipstr=`host $ptr` | |
25 | + hostipstr=`host -W3 $ptr` | |
25 | 26 | #{ echo DEBUG: ptr is $ptr; continue; } |
26 | 27 | hostip=`echo $hostipstr | awk '{print $NF}'` |
27 | 28 | (( debug == 1 )) && echo hostip is $hostip |
@@ -0,0 +1,53 @@ | ||
1 | +#!/bin/bash | |
2 | +#stage2.0 (legacy) | |
3 | + | |
4 | +[[ -z $1 ]] && echo file in hosts format? && exit 1 | |
5 | +hostsfile=$1 | |
6 | + | |
7 | +debug=0 | |
8 | + | |
9 | +ehlo=`curl -s ip.nethence.com | sed -n 1p | awk '{print $NF}' | sed 's/\.$//'` | |
10 | +echo using $ehlo as EHLO | |
11 | + | |
12 | +echo writing to $hostsfile.nossl $hostsfile.nocert $hostsfile.validcn $hostsfile.wrongcn | |
13 | +(( debug == 1 )) && echo | |
14 | +rm -f $hostsfile.nossl $hostsfile.nocert $hostsfile.validcn $hostsfile.wrongcn | |
15 | +cat $hostsfile | while read line; do | |
16 | + ip=`echo $line | awk '{print $1}'` | |
17 | + mx=`echo $line | awk '{print $2}'` | |
18 | + mx=${mx%\.} | |
19 | + (( debug == 1 )) && echo -n $mx/ | |
20 | + | |
21 | + if ! altstr=`echo Q | timeout 0.7 /usr/local/bin/openssl s_client -4 -starttls smtp -name $ehlo -servername $mx -connect $ip:25 -crlf 2>/dev/null`; then | |
22 | + echo $mx >> $hostsfile.nossl && echo -n . | |
23 | + continue | |
24 | + fi | |
25 | + (( debug == 1 )) && echo -n has ssl/ | |
26 | + | |
27 | + #no need to check CN as SAN always contains it as first match | |
28 | + if ! alt=`echo "$altstr" | /usr/local/bin/openssl x509 -noout -text 2>/dev/null | grep DNS: | sed -r 's/DNS://g; s/,//g'`; then | |
29 | + echo $mx >> $hostsfile.nocert && echo -n / | |
30 | + continue | |
31 | + fi | |
32 | + unset altstr | |
33 | + (( debug == 1 )) && echo -n has cert and san/ | |
34 | + | |
35 | + got=0 | |
36 | + for sni in $alt; do | |
37 | + (( debug == 1 )) && echo -n testing sni $sni: | |
38 | + #we are freaking lucky this condition deals with wildcards | |
39 | + #e.g. here mxs.mail.ru = *.mail.ru does validate already | |
40 | + if [[ $mx = $sni ]]; then | |
41 | + echo $mx >> $hostsfile.validcn | |
42 | + echo -n - | |
43 | + got=1 | |
44 | + break | |
45 | + fi | |
46 | + done; unset sni | |
47 | + (( got != 1 )) && echo $mx >> $hostsfile.wrongcn && echo -n _ | |
48 | + unset got | |
49 | + | |
50 | + (( debug == 1 )) && echo | |
51 | + unset ip mx | |
52 | +done && echo done | |
53 | + |
@@ -0,0 +1,21 @@ | ||
1 | +#!/bin/bash | |
2 | + | |
3 | +[[ ! -f $HOME/masspie/cacert.pem ]] && echo $HOME/masspie/cacert.pem is required && exit 1 | |
4 | + | |
5 | +[[ -z $1 ]] && echo missing x\*.ptr.validcn file as first argument && exit 1 | |
6 | +inputfile=$1 | |
7 | + | |
8 | +ehlo=pro5s2.nethence.com | |
9 | +#ehlo=`curl -s ip.nethence.com | sed -n 1p | awk '{print $NF}' | sed 's/\.$//'` | |
10 | + | |
11 | +echo using $ehlo as EHLO and writing to $inputfile.return | |
12 | +for mx in `cat $inputfile`; do | |
13 | + echo -en "$mx\t" | |
14 | + | |
15 | + #we only need the last result with 'Verify', as it repeats in parenthesis what 'Verification' said above | |
16 | + echo Q | timeout --preserve-status -k 5s 10s /usr/local/bin/openssl s_client -4 -showcerts -verify 5 -CAfile $HOME/masspie/cacert.pem -starttls smtp -name $ehlo -servername $mx -connect $mx:25 -crlf 2>/dev/null | grep Verify || echo | |
17 | + #-CApath /etc/ssl/certs | |
18 | + #-brief | |
19 | + #-verify_return_error | |
20 | +done > $inputfile.return; unset mx | |
21 | + |
@@ -0,0 +1,273 @@ | ||
1 | +#!/bin/ksh | |
2 | +# | |
3 | +# KSH93 only (floating point) | |
4 | +# | |
5 | +set -e | |
6 | + | |
7 | +debug=0 | |
8 | + | |
9 | +[[ -z $1 ]] && echo want \$shot && exit 1 | |
10 | +shot=$1 | |
11 | + | |
12 | +LC_NUMERIC=en_US | |
13 | +#sep="sed ':a;s/\B[0-9]\{3\}\>/,&/;ta'" | |
14 | +#| eval $sep | |
15 | + | |
16 | +echo -n entering ~/$shot/splitted/ ... | |
17 | +cd ~/$shot/splitted/ && echo done | |
18 | + | |
19 | +#based on exclude.conf | |
20 | +internet=3970693888 | |
21 | + | |
22 | +range=`seq -w 00 89; seq 9000 9447` | |
23 | + | |
24 | +(( debug == 1 )) && counting inbound smtp hosts | |
25 | +#smtp=0 | |
26 | +#for x in $range; do | |
27 | +# (( smtp = smtp + `grep -v ^# x$x | wc -l` )) || echo FAIL:x$x | |
28 | +#done; unset x | |
29 | +smtp=`grep -v ^# ../massp25.og | wc -l` | |
30 | + | |
31 | +(( debug == 1 )) && echo counting hosts which iprev resolve x\*.ptr | |
32 | +(( iprev = `cat x*.ptr | wc -l` )) | |
33 | + | |
34 | +(( debug == 1 )) && echo counting unique iprev hosts | |
35 | +iprevu=`wc -l < ptr.unique` | |
36 | + | |
37 | +(( debug == 1 )) && echo counting those which do not talk SSL x\*.ptr.nossl | |
38 | +nossl=0 | |
39 | +for x in $range; do | |
40 | + (( nossl = nossl + `wc -l < x$x.ptr.nossl` )) || echo FAIL:x$x | |
41 | +done; unset x | |
42 | + | |
43 | +(( debug == 1 )) && echo counting those which have wrong SAN x\*.ptr.wrongcn | |
44 | +wrongcn=0 | |
45 | +for x in $range; do | |
46 | + (( wrongcn = wrongcn + `wc -l < x$x.ptr.wrongcn` )) || echo FAIL:x$x | |
47 | +done; unset x | |
48 | + | |
49 | +(( debug == 1 )) && echo counting those which have valid SAN x\*.ptr.validcn | |
50 | +validcn=0 | |
51 | +for x in $range; do | |
52 | + (( validcn = validcn + `wc -l < x$x.ptr.validcn` )) || echo FAIL:x$x | |
53 | +done; unset x | |
54 | + | |
55 | +(( debug == 1 )) && echo counting those which validate x\*.ptr.validcn.return | |
56 | +(( validate = `grep 'Verify return code: 0 (ok)' x*.ptr.validcn.return | wc -l` )) || echo FAIL | |
57 | + | |
58 | +echo | |
59 | +printf "internet is\\t\\t%'.f\n" $internet | |
60 | +printf "inbound smtp hosts are\\t%'.f\n" $smtp | |
61 | +printf "iprev are\\t\\t%'.f\n" $iprev | |
62 | +printf "unique iprev are\\t%'.f\n" $iprevu | |
63 | +printf "no ssl are\\t\\t%'.f\n" $nossl | |
64 | +printf "wrong CN/SAN are\\t%'.f\n" $wrongcn | |
65 | +printf "iprev CN/SAN are\\t%'.f\n" $validcn | |
66 | +printf "valid chains are\\t%'.f\n" $validate | |
67 | + | |
68 | +typeset -F2 internet smtp iprev iprevu nossl wrongcn validcn validate | |
69 | +typeset -F2 ssldiff iprevdiff | |
70 | + | |
71 | +(( ssldiff = iprev - nossl )) | |
72 | +(( iprevdiff = iprev - iprevu )) | |
73 | + | |
74 | +typeset -F2 result | |
75 | + | |
76 | +echo | |
77 | + | |
78 | +(( result = smtp * 100 / internet )) | |
79 | +echo $result% of the public network listens on port 25/tcp - ${smtp%\.*} out of ${internet%\.*} | |
80 | + | |
81 | +(( result = iprev * 100 / smtp )) | |
82 | +echo $result% of the smtp servers are full-circle reverse DNS - ${iprev%\.*} out of ${smtp%\.*} | |
83 | + | |
84 | +(( result = iprevdiff * 100 / iprev )) | |
85 | +echo $result% of those iprev hosts are multi-homed \(round-robin\) - ${iprevdiff%\.*} out of ${iprev%\.*} | |
86 | + | |
87 | +(( result = ssldiff * 100 / iprev )) | |
88 | +echo $result% of full-circle hosts talk SSL/STARTTLS - ${ssldiff%\.*} out of ${iprev%\.*} | |
89 | + | |
90 | +#echo $(( validcn * 100 / iprev ))% of full-circle hosts advertise a valid subject alternative - ${validcn%\.*} out of ${iprev%\.*} | |
91 | + | |
92 | +(( result = validcn * 100 / ssldiff )) | |
93 | +echo $result% of SSL-enabled hosts advertise an iprev subject alternative name - ${validcn%\.*} out of ${ssldiff%\.*} | |
94 | + | |
95 | +(( result = validate * 100 / validcn )) | |
96 | +echo $result% of SAN hosts have a valid certificate chain - ${validate%\.*} out of ${validcn%\.*} | |
97 | + | |
98 | +echo | |
99 | + | |
100 | +# | |
101 | +# here comes stats based on MX records | |
102 | +# | |
103 | + | |
104 | +ptrs=`wc -l < ptr.unique` | |
105 | + | |
106 | +cd domains/ | |
107 | + | |
108 | +domains=`wc -l < domains.unique` | |
109 | + | |
110 | +cd mx/ | |
111 | + | |
112 | +mx=`wc -l < mx.unique` | |
113 | + | |
114 | +cd dane/ | |
115 | + | |
116 | +(( debug == 1 )) && echo counting trueok | |
117 | +trueok=`grep '0 (ok)$' *.ssl | grep -v 'New, (NONE), Cipher is (NONE)' | wc -l` | |
118 | + | |
119 | +(( debug == 1 )) && echo counting fakeok | |
120 | +fakeok=`grep '0 (ok)$' *.ssl | grep 'New, (NONE), Cipher is (NONE)' | wc -l` | |
121 | + | |
122 | +#grep 'Verify return code: ' mx.unique37.ssl | cut -f2 -d: | sort -u | |
123 | +(( debug == 1 )) && echo counting notyet | |
124 | +notyet=`grep '9 (certificate is not yet valid)$' *.ssl | wc -l` | |
125 | + | |
126 | +(( debug == 1 )) && echo counting expired | |
127 | +expired=`grep '10 (certificate has expired)$' *.ssl | wc -l` | |
128 | + | |
129 | +(( debug == 1 )) && echo counting selfsigned | |
130 | +selfsigned=`grep '18 (self signed certificate)$' *.ssl | wc -l` | |
131 | + | |
132 | +(( debug == 1 )) && echo counting selfchain | |
133 | +selfchain=`grep '19 (self signed certificate in certificate chain)$' *.ssl | wc -l` | |
134 | + | |
135 | +(( debug == 1 )) && echo counting untrusted | |
136 | +untrusted=`grep '20 (unable to get local issuer certificate)$' *.ssl | wc -l` | |
137 | + | |
138 | +(( debug == 1 )) && echo counting firstinvalid | |
139 | +invalid=`grep '21 (unable to verify the first certificate)$' *.ssl | wc -l` | |
140 | + | |
141 | +(( debug == 1 )) && echo counting purpose | |
142 | +purpose=`grep '26 (unsupported certificate purpose)$' *.ssl | wc -l` | |
143 | + | |
144 | +(( debug == 1 )) && echo counting dane | |
145 | +dane=`grep THIS-LOOKS-LIKE-DANE$ *.dane | wc -l` | |
146 | +#notlsa=`grep notlsa$ *.dane | wc -l` | |
147 | +#servfail=`grep servfail$ *.dane | wc -l` | |
148 | +#timeout=`grep timeout$ *.dane | wc -l` | |
149 | + | |
150 | +(( debug == 1 )) && echo counting daneee and daneta | |
151 | +daneee=`grep ^DANE *.dane.results | grep 'matched EE' | wc -l` | |
152 | +daneta=`grep ^DANE *.dane.results | grep 'matched TA' | wc -l` | |
153 | +#grep ^DANE *.results | grep -vE 'matched EE|matched TA' | |
154 | + | |
155 | +(( debug == 1 )) && echo counting STARTTLS | |
156 | +#TOFIX | |
157 | +#enforcetotal=`cat mx.unique*.starttls.enforce.dist | wc -l` | |
158 | +enforcetotal2=`cat mx.unique*.starttls.enforce | wc -l` | |
159 | +connectbaddns=`grep connect-bad-dns$ mx.unique*.starttls.enforce | wc -l` | |
160 | +connectfailed=`grep connect-failed$ mx.unique*.starttls.enforce | wc -l` | |
161 | +connect4xx=`grep connect-4xx$ mx.unique*.starttls.enforce | wc -l` | |
162 | +connect5xx=`grep connect-5xx$ mx.unique*.starttls.enforce | wc -l` | |
163 | +connectrefused=`grep connect-refused$ mx.unique*.starttls.enforce | wc -l` | |
164 | +connectclosed=`grep connect-closed$ mx.unique*.starttls.enforce | wc -l` | |
165 | +connecttimeout=`grep connect-timeout$ mx.unique*.starttls.enforce | wc -l` | |
166 | +connectunknown=`grep connect-unknown$ mx.unique*.starttls.enforce | wc -l` | |
167 | +ehlo2xxnostarttls=`grep ehlo-2xx-no-starttls$ mx.unique*.starttls.enforce | wc -l` | |
168 | +ehlo5xx=`grep ehlo-5xx$ mx.unique*.starttls.enforce | wc -l` | |
169 | +ehlo4xx=`grep ehlo-4xx$ mx.unique*.starttls.enforce | wc -l` | |
170 | +ehlotimeout=`grep ehlo-timeout$ mx.unique*.starttls.enforce | wc -l` | |
171 | +ehlounknown=`grep ehlo-unknown$ mx.unique*.starttls.enforce | wc -l` | |
172 | +#sender2xx=`grep sender-2xx$ mx.unique*.starttls.enforce | wc -l` | |
173 | +#sender5xx=`grep sender-5xx$ mx.unique*.starttls.enforce | wc -l` | |
174 | +#sender4xx=`grep sender-4xx$ mx.unique*.starttls.enforce | wc -l` | |
175 | +hastls=`grep -E '^250-STARTTLS|^250 STARTTLS' mx.unique*.starttls | wc -l` | |
176 | + | |
177 | +#we want | |
178 | +#530 5.7.0 Must issue a STARTTLS command first | |
179 | +#530 5.5.1 Invalid command: Must issue a STARTTLS command first | |
180 | +#530 Must issue STARTTLS first. | |
181 | +#430 4.7.0 Must issue a STARTTLS command first | |
182 | +#grep -E '[[:digit:]]{3} 5\.7\.3 ' mx.unique*.starttls | |
183 | + | |
184 | +#exceptions | |
185 | +#530 5.7.1 Client was not authenticated | |
186 | +#530 5.7.3 Client was not authenticated | |
187 | +#530 aws.besteffort.com ESMTP MailEnable Service, Version: 9.76-9.76- denied access at 01/22/20 13:32:04 | |
188 | + | |
189 | +must=`grep -E '^575 |^[[:digit:]]{3} 5\.7\.3 |^530 |^451 5\.7\.3 |^430 4\.7\.0 |^451 .*TLS.*|^550 AUTH TLS |^550 TLS ' mx.unique*.starttls | grep -vE ' 5\.7\.1 |530 5\.7\.3 |MailEnable' | wc -l` | |
190 | + | |
191 | +(( mxdown = connectbaddns + connectfailed + connect4xx + connect5xx + connectrefused + connectclosed + connecttimeout + connectunknown )) | |
192 | + | |
193 | +cd ../../../ | |
194 | + | |
195 | +(( debug == 1 )) && echo | |
196 | + | |
197 | +printf "IPREV PTRs\t\t\t%'.f\n" $ptrs | |
198 | +#next versions will have 2nd-3rd-level domains: $domains | |
199 | +printf "Deferenced domains\t\t%'.f\n" $domains | |
200 | +printf "MX records\t\t\t%'.f\n" $mx | |
201 | +echo | |
202 | + | |
203 | +printf "Total results for enforce check\t%'.f\n" $enforcetotal2 | |
204 | +printf "Unreachable MXen\t\t%'.f\n" $mxdown | |
205 | +printf "No STARTTLS\t\t\t%'.f\n" $ehlo2xxnostarttls | |
206 | +#printf "Opportunistic STARTTLS\t\t%'.f\n" $sender2xx | |
207 | +#printf "Enforced STARTTLS or 5xx\t%'.f\n" $sender5xx | |
208 | +#printf "Enforced STARTTLS or 4xx\t%'.f\n" $sender4xx | |
209 | +printf "Offers STARTTLS\t\t\t%'.f\n" $hastls | |
210 | +printf "Enforces STARTTLS\t\t%'.f\n" $must | |
211 | +echo | |
212 | + | |
213 | +printf "Trusted certificate chain\t%'.f (ok)\n" $trueok | |
214 | +printf "Cipher is (NONE)\t\t%'.f (ok)\n" $fakeok | |
215 | +printf "From the future\t\t\t%'.f (certificate is not yet valid)\n" $notyet | |
216 | +printf "Expired\t\t\t\t%'.f (certificate has expired)\n" $expired | |
217 | +printf "Self-signed\t\t\t%'.f (self signed certificate)\n" $selfsigned | |
218 | +printf "Self-signed CA\t\t\t%'.f (self signed certificate in certificate chain)\n" $selfchain | |
219 | +printf "Untrusted certificate chain\t%'.f (unable to get local issuer certificate)\n" $untrusted | |
220 | +printf "Invalid certificate\t\t%'.f (unable to verify the first certificate)\n" $invalid | |
221 | +printf "Wrong purpose certificate\t%'.f (unsupported certificate purpose)\n" $purpose | |
222 | +printf "TLSA records\t\t\t%'.f\n" $dane | |
223 | +printf "Valid PKIX/DANE-EE\t\t%'.f\n" $daneee | |
224 | +printf "Valid PKIX/DANE-TA\t\t%'.f\n" $daneta | |
225 | +echo | |
226 | + | |
227 | +typeset -F2 result | |
228 | +(( result = mx * 100 / domains )) | |
229 | +echo $result% of deferenced domains have an MX record | |
230 | +unset result | |
231 | + | |
232 | +typeset -F2 result | |
233 | +(( result = trueok * 100 / mx )) | |
234 | +echo $result% of MX certificates are valid | |
235 | +unset result | |
236 | + | |
237 | +typeset -F2 result | |
238 | +(( result = fakeok * 100 / mx )) | |
239 | +echo $result% of MX end-points do not offer STARTTLS | |
240 | +unset result | |
241 | + | |
242 | +typeset -F2 result | |
243 | +(( result = expired * 100 / mx )) | |
244 | +echo $result% of MX certificates are expired | |
245 | +unset result | |
246 | + | |
247 | +typeset -F2 result | |
248 | +(( result = selfsigned * 100 / mx )) | |
249 | +echo $result% of MX certificates are self-signed | |
250 | +unset result | |
251 | + | |
252 | +typeset -F2 result | |
253 | +(( result = untrusted * 100 / mx )) | |
254 | +echo $result% of MX certificates are private | |
255 | +unset result | |
256 | + | |
257 | +typeset -F2 result | |
258 | +(( result = invalid * 100 / mx )) | |
259 | +echo $result% of MX certificates are invalid | |
260 | +unset result | |
261 | + | |
262 | +typeset -F2 result | |
263 | +(( result = dane * 100 / mx )) | |
264 | +echo $result% of MX end-points have a DANE record | |
265 | +unset result | |
266 | + | |
267 | +typeset -F2 result | |
268 | +(( result = ( daneee + daneta ) * 100 / mx )) | |
269 | +echo $result% of MX end-points validating DANE \(trusted, private and self-signed\) | |
270 | +unset result | |
271 | + | |
272 | +echo | |
273 | + |