OSDN -- Develop and Download Open Source Software
  • R/O
  • SSH
  • HTTPS

masspie: Commit


Commit MetaInfo

Revision21 (tree)
Time2020-02-19 15:01:53
Authorelge

Log Message

better iprev, count, and importing legacy san & valid

Change Summary

Incremental Difference

--- sslvalid.bash (revision 20)
+++ sslvalid.bash (nonexistent)
@@ -1,21 +0,0 @@
1-#!/bin/bash
2-
3-[[ ! -f cacert.pem ]] && echo cacert.pem is required && exit 1
4-
5-[[ -z $1 ]] && echo missing x\*.ptr.validcn file as first argument && exit 1
6-inputfile=$1
7-
8-ehlo=pro5s2.nethence.com
9-#ehlo=`curl -s ip.nethence.com | sed -n 1p | awk '{print $NF}' | sed 's/\.$//'`
10-
11-echo using $ehlo as EHLO and writing to $inputfile.return
12-for mx in `cat $inputfile`; do
13- echo -en "$mx\t"
14-
15- #we only need the last result with 'Verify', as it repeats in parenthesis what 'Verification' said above
16- echo Q | timeout --preserve-status -k 5s 10s /usr/local/bin/openssl s_client -4 -showcerts -verify 5 -CAfile cacert.pem -starttls smtp -name $ehlo -servername $mx -connect $mx:25 -crlf 2>/dev/null | grep Verify || echo
17- #-CApath /etc/ssl/certs
18- #-brief
19- #-verify_return_error
20-done > $inputfile.return; unset mx
21-
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
--- sslcheck.bash (revision 20)
+++ sslcheck.bash (nonexistent)
@@ -1,52 +0,0 @@
1-#!/bin/bash
2-
3-[[ -z $1 ]] && echo file in hosts format? && exit 1
4-hostsfile=$1
5-
6-debug=0
7-
8-ehlo=`curl -s ip.nethence.com | sed -n 1p | awk '{print $NF}' | sed 's/\.$//'`
9-echo using $ehlo as EHLO
10-
11-echo writing to $hostsfile.nossl $hostsfile.nocert $hostsfile.validcn $hostsfile.wrongcn
12-(( debug == 1 )) && echo
13-rm -f $hostsfile.nossl $hostsfile.nocert $hostsfile.validcn $hostsfile.wrongcn
14-cat $hostsfile | while read line; do
15- ip=`echo $line | awk '{print $1}'`
16- mx=`echo $line | awk '{print $2}'`
17- mx=${mx%\.}
18- (( debug == 1 )) && echo -n $mx/
19-
20- if ! altstr=`echo Q | timeout 0.7 /usr/local/bin/openssl s_client -4 -starttls smtp -name $ehlo -servername $mx -connect $ip:25 -crlf 2>/dev/null`; then
21- echo $mx >> $hostsfile.nossl && echo -n .
22- continue
23- fi
24- (( debug == 1 )) && echo -n has ssl/
25-
26- #no need to check CN as SAN always contains it as first match
27- if ! alt=`echo "$altstr" | /usr/local/bin/openssl x509 -noout -text 2>/dev/null | grep DNS: | sed -r 's/DNS://g; s/,//g'`; then
28- echo $mx >> $hostsfile.nocert && echo -n /
29- continue
30- fi
31- unset altstr
32- (( debug == 1 )) && echo -n has cert and san/
33-
34- got=0
35- for sni in $alt; do
36- (( debug == 1 )) && echo -n testing sni $sni:
37- #we are freaking lucky this condition deals with wildcards
38- #e.g. here mxs.mail.ru = *.mail.ru does validate already
39- if [[ $mx = $sni ]]; then
40- echo $mx >> $hostsfile.validcn
41- echo -n -
42- got=1
43- break
44- fi
45- done; unset sni
46- (( got != 1 )) && echo $mx >> $hostsfile.wrongcn && echo -n _
47- unset got
48-
49- (( debug == 1 )) && echo
50- unset ip mx
51-done && echo done
52-
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
--- SLDs.csv (nonexistent)
+++ SLDs.csv (revision 21)
@@ -0,0 +1,1402 @@
1+.ac,.com.ac
2+.ac,.net.ac
3+.ac,.gov.ac
4+.ac,.org.ac
5+.ac,.mil.ac
6+.ae,.co.ae
7+.ae,.net.ae
8+.ae,.gov.ae
9+.ae,.ac.ae
10+.ae,.sch.ae
11+.ae,.org.ae
12+.ae,.mil.ae
13+.ae,.pro.ae
14+.ae,.name.ae
15+.af,.com.af
16+.af,.edu.af
17+.af,.gov.af
18+.af,.net.af
19+.af,.org.af
20+.al,.com.al
21+.al,.edu.al
22+.al,.gov.al
23+.al,.mil.al
24+.al,.net.al
25+.al,.org.al
26+.ao,.ed.ao
27+.ao,.gv.ao
28+.ao,.og.ao
29+.ao,.co.ao
30+.ao,.pb.ao
31+.ao,.it.ao
32+.ar,.com.ar
33+.ar,.edu.ar
34+.ar,.gob.ar
35+.ar,.gov.ar
36+.ar,.gov.ar
37+.ar,.int.ar
38+.ar,.mil.ar
39+.ar,.net.ar
40+.ar,.org.ar
41+.ar,.tur.ar
42+.at,.gv.at
43+.at,.ac.at
44+.at,.co.at
45+.at,.or.at
46+.au,.com.au
47+.au,.net.au
48+.au,.org.au
49+.au,.edu.au
50+.au,.gov.au
51+.au,.csiro.au
52+.au,.asn.au
53+.au,.id.au
54+.ba,.org.ba
55+.ba,.net.ba
56+.ba,.edu.ba
57+.ba,.gov.ba
58+.ba,.mil.ba
59+.ba,.unsa.ba
60+.ba,.untz.ba
61+.ba,.unmo.ba
62+.ba,.unbi.ba
63+.ba,.unze.ba
64+.ba,.co.ba
65+.ba,.com.ba
66+.ba,.rs.ba
67+.bb,.co.bb
68+.bb,.com.bb
69+.bb,.net.bb
70+.bb,.org.bb
71+.bb,.gov.bb
72+.bb,.edu.bb
73+.bb,.info.bb
74+.bb,.store.bb
75+.bb,.tv.bb
76+.bb,.biz.bb
77+.bh,.com.bh
78+.bh,.info.bh
79+.bh,.cc.bh
80+.bh,.edu.bh
81+.bh,.biz.bh
82+.bh,.net.bh
83+.bh,.org.bh
84+.bh,.gov.bh
85+.bn,.com.bn
86+.bn,.edu.bn
87+.bn,.gov.bn
88+.bn,.net.bn
89+.bn,.org.bn
90+.bo,.com.bo
91+.bo,.net.bo
92+.bo,.org.bo
93+.bo,.tv.bo
94+.bo,.mil.bo
95+.bo,.int.bo
96+.bo,.gob.bo
97+.bo,.gov.bo
98+.bo,.edu.bo
99+.br,.adm.br
100+.br,.adv.br
101+.br,.agr.br
102+.br,.am.br
103+.br,.arq.br
104+.br,.art.br
105+.br,.ato.br
106+.br,.b.br
107+.br,.bio.br
108+.br,.blog.br
109+.br,.bmd.br
110+.br,.cim.br
111+.br,.cng.br
112+.br,.cnt.br
113+.br,.com.br
114+.br,.coop.br
115+.br,.ecn.br
116+.br,.edu.br
117+.br,.eng.br
118+.br,.esp.br
119+.br,.etc.br
120+.br,.eti.br
121+.br,.far.br
122+.br,.flog.br
123+.br,.fm.br
124+.br,.fnd.br
125+.br,.fot.br
126+.br,.fst.br
127+.br,.g12.br
128+.br,.ggf.br
129+.br,.gov.br
130+.br,.imb.br
131+.br,.ind.br
132+.br,.inf.br
133+.br,.jor.br
134+.br,.jus.br
135+.br,.lel.br
136+.br,.mat.br
137+.br,.med.br
138+.br,.mil.br
139+.br,.mus.br
140+.br,.net.br
141+.br,.nom.br
142+.br,.not.br
143+.br,.ntr.br
144+.br,.odo.br
145+.br,.org.br
146+.br,.ppg.br
147+.br,.pro.br
148+.br,.psc.br
149+.br,.psi.br
150+.br,.qsl.br
151+.br,.rec.br
152+.br,.slg.br
153+.br,.srv.br
154+.br,.tmp.br
155+.br,.trd.br
156+.br,.tur.br
157+.br,.tv.br
158+.br,.vet.br
159+.br,.vlog.br
160+.br,.wiki.br
161+.br,.zlg.br
162+.bs,.com.bs
163+.bs,.net.bs
164+.bs,.org.bs
165+.bs,.edu.bs
166+.bs,.gov.bs
167+.bz,com.bz
168+.bz,edu.bz
169+.bz,gov.bz
170+.bz,net.bz
171+.bz,org.bz
172+.ca,.ab.ca
173+.ca,.bc.ca
174+.ca,.mb.ca
175+.ca,.nb.ca
176+.ca,.nf.ca
177+.ca,.nl.ca
178+.ca,.ns.ca
179+.ca,.nt.ca
180+.ca,.nu.ca
181+.ca,.on.ca
182+.ca,.pe.ca
183+.ca,.qc.ca
184+.ca,.sk.ca
185+.ca,.yk.ca
186+.ck,.co.ck
187+.ck,.org.ck
188+.ck,.edu.ck
189+.ck,.gov.ck
190+.ck,.net.ck
191+.ck,.gen.ck
192+.ck,.biz.ck
193+.ck,.info.ck
194+.cn,.ac.cn
195+.cn,.com.cn
196+.cn,.edu.cn
197+.cn,.gov.cn
198+.cn,.mil.cn
199+.cn,.net.cn
200+.cn,.org.cn
201+.cn,.ah.cn
202+.cn,.bj.cn
203+.cn,.cq.cn
204+.cn,.fj.cn
205+.cn,.gd.cn
206+.cn,.gs.cn
207+.cn,.gz.cn
208+.cn,.gx.cn
209+.cn,.ha.cn
210+.cn,.hb.cn
211+.cn,.he.cn
212+.cn,.hi.cn
213+.cn,.hl.cn
214+.cn,.hn.cn
215+.cn,.jl.cn
216+.cn,.js.cn
217+.cn,.jx.cn
218+.cn,.ln.cn
219+.cn,.nm.cn
220+.cn,.nx.cn
221+.cn,.qh.cn
222+.cn,.sc.cn
223+.cn,.sd.cn
224+.cn,.sh.cn
225+.cn,.sn.cn
226+.cn,.sx.cn
227+.cn,.tj.cn
228+.cn,.tw.cn
229+.cn,.xj.cn
230+.cn,.xz.cn
231+.cn,.yn.cn
232+.cn,.zj.cn
233+.co,.com.co
234+.co,.org.co
235+.co,.edu.co
236+.co,.gov.co
237+.co,.net.co
238+.co,.mil.co
239+.co,.nom.co
240+.cr,.ac.cr
241+.cr,.co.cr
242+.cr,.ed.cr
243+.cr,.fi.cr
244+.cr,.go.cr
245+.cr,.or.cr
246+.cr,.sa.cr
247+.cr,.cr
248+.cy,.ac.cy
249+.cy,.net.cy
250+.cy,.gov.cy
251+.cy,.org.cy
252+.cy,.pro.cy
253+.cy,.name.cy
254+.cy,.ekloges.cy
255+.cy,.tm.cy
256+.cy,.ltd.cy
257+.cy,.biz.cy
258+.cy,.press.cy
259+.cy,.parliament.cy
260+.cy,.com.cy
261+.do,.edu.do
262+.do,.gob.do
263+.do,.gov.do
264+.do,.com.do
265+.do,.sld.do
266+.do,.org.do
267+.do,.net.do
268+.do,.web.do
269+.do,.mil.do
270+.do,.art.do
271+.dz,.com.dz
272+.dz,.org.dz
273+.dz,.net.dz
274+.dz,.gov.dz
275+.dz,.edu.dz
276+.dz,.asso.dz
277+.dz,.pol.dz
278+.dz,.art.dz
279+.ec,.com.ec
280+.ec,.info.ec
281+.ec,.net.ec
282+.ec,.fin.ec
283+.ec,.med.ec
284+.ec,.pro.ec
285+.ec,.org.ec
286+.ec,.edu.ec
287+.ec,.gov.ec
288+.ec,.mil.ec
289+.eg,.com.eg
290+.eg,.edu.eg
291+.eg,.eun.eg
292+.eg,.gov.eg
293+.eg,.mil.eg
294+.eg,.name.eg
295+.eg,.net.eg
296+.eg,.org.eg
297+.eg,.sci.eg
298+.er,.com.er
299+.er,.edu.er
300+.er,.gov.er
301+.er,.mil.er
302+.er,.net.er
303+.er,.org.er
304+.er,.ind.er
305+.er,.rochest.er
306+.er,.w.er
307+.es,.com.es
308+.es,.nom.es
309+.es,.org.es
310+.es,.gob.es
311+.es,.edu.es
312+.et,.com.et
313+.et,.gov.et
314+.et,.org.et
315+.et,.edu.et
316+.et,.net.et
317+.et,.biz.et
318+.et,.name.et
319+.et,.info.et
320+.fj,.ac.fj
321+.fj,.biz.fj
322+.fj,.com.fj
323+.fj,.info.fj
324+.fj,.mil.fj
325+.fj,.name.fj
326+.fj,.net.fj
327+.fj,.org.fj
328+.fj,.pro.fj
329+.fk,.co.fk
330+.fk,.org.fk
331+.fk,.gov.fk
332+.fk,.ac.fk
333+.fk,.nom.fk
334+.fk,.net.fk
335+.fr,.fr
336+.fr,.tm.fr
337+.fr,.asso.fr
338+.fr,.nom.fr
339+.fr,.prd.fr
340+.fr,.presse.fr
341+.fr,.com.fr
342+.fr,.gouv.fr
343+.gg,.co.gg
344+.gg,.net.gg
345+.gg,.org.gg
346+.gh,.com.gh
347+.gh,.edu.gh
348+.gh,.gov.gh
349+.gh,.org.gh
350+.gh,.mil.gh
351+.gn,.com.gn
352+.gn,.ac.gn
353+.gn,.gov.gn
354+.gn,.org.gn
355+.gn,.net.gn
356+.gr,.com.gr
357+.gr,.edu.gr
358+.gr,.net.gr
359+.gr,.org.gr
360+.gr,.gov.gr
361+.gr,.mil.gr
362+.gt,.com.gt
363+.gt,.edu.gt
364+.gt,.net.gt
365+.gt,.gob.gt
366+.gt,.org.gt
367+.gt,.mil.gt
368+.gt,.ind.gt
369+.gu,.com.gu
370+.gu,.net.gu
371+.gu,.gov.gu
372+.gu,.org.gu
373+.gu,.edu.gu
374+.hk,.com.hk
375+.hk,.edu.hk
376+.hk,.gov.hk
377+.hk,.idv.hk
378+.hk,.net.hk
379+.hk,.org.hk
380+.id,.ac.id
381+.id,.co.id
382+.id,.net.id
383+.id,.or.id
384+.id,.web.id
385+.id,.sch.id
386+.id,.mil.id
387+.id,.go.id
388+.id,.war.net.id
389+.il,.ac.il
390+.il,.co.il
391+.il,.org.il
392+.il,.net.il
393+.il,.k12.il
394+.il,.gov.il
395+.il,.muni.il
396+.il,.idf.il
397+.in,.in
398+.in,.4fd.in
399+.in,.co.in
400+.in,.firm.in
401+.in,.net.in
402+.in,.org.in
403+.in,.gen.in
404+.in,.ind.in
405+.in,.ac.in
406+.in,.edu.in
407+.in,.res.in
408+.in,.ernet.in
409+.in,.gov.in
410+.in,.mil.in
411+.in,.nic.in
412+.in,.nic.in
413+.iq,.iq
414+.iq,.gov.iq
415+.iq,.edu.iq
416+.iq,.com.iq
417+.iq,.mil.iq
418+.iq,.org.iq
419+.iq,.net.iq
420+.ir,.ir
421+.ir,.ac.ir
422+.ir,.co.ir
423+.ir,.gov.ir
424+.ir,.id.ir
425+.ir,.net.ir
426+.ir,.org.ir
427+.ir,.sch.ir
428+.ir,.dnssec.ir
429+.it,.gov.it
430+.it,.edu.it
431+.je,.co.je
432+.je,.net.je
433+.je,.org.je
434+.jo,.com.jo
435+.jo,.net.jo
436+.jo,.gov.jo
437+.jo,.edu.jo
438+.jo,.org.jo
439+.jo,.mil.jo
440+.jo,.name.jo
441+.jo,.sch.jo
442+.jp,.ac.jp
443+.jp,.ad.jp
444+.jp,.co.jp
445+.jp,.ed.jp
446+.jp,.go.jp
447+.jp,.gr.jp
448+.jp,.lg.jp
449+.jp,.ne.jp
450+.jp,.or.jp
451+.ke,.co.ke
452+.ke,.or.ke
453+.ke,.ne.ke
454+.ke,.go.ke
455+.ke,.ac.ke
456+.ke,.sc.ke
457+.ke,.me.ke
458+.ke,.mobi.ke
459+.ke,.info.ke
460+.kh,.per.kh
461+.kh,.com.kh
462+.kh,.edu.kh
463+.kh,.gov.kh
464+.kh,.mil.kh
465+.kh,.net.kh
466+.kh,.org.kh
467+.ki,.com.ki
468+.ki,.biz.ki
469+.ki,.de.ki
470+.ki,.net.ki
471+.ki,.info.ki
472+.ki,.org.ki
473+.ki,.gov.ki
474+.ki,.edu.ki
475+.ki,.mob.ki
476+.ki,.tel.ki
477+.km,.km
478+.km,.com.km
479+.km,.coop.km
480+.km,.asso.km
481+.km,.nom.km
482+.km,.presse.km
483+.km,.tm.km
484+.km,.medecin.km
485+.km,.notaires.km
486+.km,.pharmaciens.km
487+.km,.veterinaire.km
488+.km,.edu.km
489+.km,.gouv.km
490+.km,.mil.km
491+.kn,.net.kn
492+.kn,.org.kn
493+.kn,.edu.kn
494+.kn,.gov.kn
495+.kr,.kr
496+.kr,.co.kr
497+.kr,.ne.kr
498+.kr,.or.kr
499+.kr,.re.kr
500+.kr,.pe.kr
501+.kr,.go.kr
502+.kr,.mil.kr
503+.kr,.ac.kr
504+.kr,.hs.kr
505+.kr,.ms.kr
506+.kr,.es.kr
507+.kr,.sc.kr
508+.kr,.kg.kr
509+.kr,.seoul.kr
510+.kr,.busan.kr
511+.kr,.daegu.kr
512+.kr,.incheon.kr
513+.kr,.gwangju.kr
514+.kr,.daejeon.kr
515+.kr,.ulsan.kr
516+.kr,.gyeonggi.kr
517+.kr,.gangwon.kr
518+.kr,.chungbuk.kr
519+.kr,.chungnam.kr
520+.kr,.jeonbuk.kr
521+.kr,.jeonnam.kr
522+.kr,.gyeongbuk.kr
523+.kr,.gyeongnam.kr
524+.kr,.jeju.kr
525+.kw,.edu.kw
526+.kw,.com.kw
527+.kw,.net.kw
528+.kw,.org.kw
529+.kw,.gov.kw
530+.ky,.com.ky
531+.ky,.org.ky
532+.ky,.net.ky
533+.ky,.edu.ky
534+.ky,.gov.ky
535+.kz,.com.kz
536+.kz,.edu.kz
537+.kz,.gov.kz
538+.kz,.mil.kz
539+.kz,.net.kz
540+.kz,.org.kz
541+.lb,.com.lb
542+.lb,.edu.lb
543+.lb,.gov.lb
544+.lb,.net.lb
545+.lb,.org.lb
546+.lk,.gov.lk
547+.lk,.sch.lk
548+.lk,.net.lk
549+.lk,.int.lk
550+.lk,.com.lk
551+.lk,.org.lk
552+.lk,.edu.lk
553+.lk,.ngo.lk
554+.lk,.soc.lk
555+.lk,.web.lk
556+.lk,.ltd.lk
557+.lk,.assn.lk
558+.lk,.grp.lk
559+.lk,.hotel.lk
560+.lr,.com.lr
561+.lr,.edu.lr
562+.lr,.gov.lr
563+.lr,.org.lr
564+.lr,.net.lr
565+.lv,.com.lv
566+.lv,.edu.lv
567+.lv,.gov.lv
568+.lv,.org.lv
569+.lv,.mil.lv
570+.lv,.id.lv
571+.lv,.net.lv
572+.lv,.asn.lv
573+.lv,.conf.lv
574+.ly,.com.ly
575+.ly,.net.ly
576+.ly,.gov.ly
577+.ly,.plc.ly
578+.ly,.edu.ly
579+.ly,.sch.ly
580+.ly,.med.ly
581+.ly,.org.ly
582+.ly,.id.ly
583+.ma,.ma
584+.ma,.net.ma
585+.ma,.ac.ma
586+.ma,.org.ma
587+.ma,.gov.ma
588+.ma,.press.ma
589+.ma,.co.ma
590+.mc,.tm.mc
591+.mc,.asso.mc
592+.me,.co.me
593+.me,.net.me
594+.me,.org.me
595+.me,.edu.me
596+.me,.ac.me
597+.me,.gov.me
598+.me,.its.me
599+.me,.priv.me
600+.mg,.org.mg
601+.mg,.nom.mg
602+.mg,.gov.mg
603+.mg,.prd.mg
604+.mg,.tm.mg
605+.mg,.edu.mg
606+.mg,.mil.mg
607+.mg,.com.mg
608+.mk,.com.mk
609+.mk,.org.mk
610+.mk,.net.mk
611+.mk,.edu.mk
612+.mk,.gov.mk
613+.mk,.inf.mk
614+.mk,.name.mk
615+.mk,.pro.mk
616+.ml,.com.ml
617+.ml,.net.ml
618+.ml,.org.ml
619+.ml,.edu.ml
620+.ml,.gov.ml
621+.ml,.presse.ml
622+.mn,.gov.mn
623+.mn,.edu.mn
624+.mn,.org.mn
625+.mo,.com.mo
626+.mo,.edu.mo
627+.mo,.gov.mo
628+.mo,.net.mo
629+.mo,.org.mo
630+.mt,.com.mt
631+.mt,.org.mt
632+.mt,.net.mt
633+.mt,.edu.mt
634+.mt,.gov.mt
635+.mv,.aero.mv
636+.mv,.biz.mv
637+.mv,.com.mv
638+.mv,.coop.mv
639+.mv,.edu.mv
640+.mv,.gov.mv
641+.mv,.info.mv
642+.mv,.int.mv
643+.mv,.mil.mv
644+.mv,.museum.mv
645+.mv,.name.mv
646+.mv,.net.mv
647+.mv,.org.mv
648+.mv,.pro.mv
649+.mw,.ac.mw
650+.mw,.co.mw
651+.mw,.com.mw
652+.mw,.coop.mw
653+.mw,.edu.mw
654+.mw,.gov.mw
655+.mw,.int.mw
656+.mw,.museum.mw
657+.mw,.net.mw
658+.mw,.org.mw
659+.mx,.com.mx
660+.mx,.net.mx
661+.mx,.org.mx
662+.mx,.edu.mx
663+.mx,.gob.mx
664+.my,.com.my
665+.my,.net.my
666+.my,.org.my
667+.my,.gov.my
668+.my,.edu.my
669+.my,.sch.my
670+.my,.mil.my
671+.my,.name.my
672+.nf,.com.nf
673+.nf,.net.nf
674+.nf,.arts.nf
675+.nf,.store.nf
676+.nf,.web.nf
677+.nf,.firm.nf
678+.nf,.info.nf
679+.nf,.other.nf
680+.nf,.per.nf
681+.nf,.rec.nf
682+.ng,.com.ng
683+.ng,.org.ng
684+.ng,.gov.ng
685+.ng,.edu.ng
686+.ng,.net.ng
687+.ng,.sch.ng
688+.ng,.name.ng
689+.ng,.mobi.ng
690+.ng,.biz.ng
691+.ng,.mil.ng
692+.ni,.gob.ni
693+.ni,.co.ni
694+.ni,.com.ni
695+.ni,.ac.ni
696+.ni,.edu.ni
697+.ni,.org.ni
698+.ni,.nom.ni
699+.ni,.net.ni
700+.ni,.mil.ni
701+.np,.com.np
702+.np,.edu.np
703+.np,.gov.np
704+.np,.org.np
705+.np,.mil.np
706+.np,.net.np
707+.nr,.edu.nr
708+.nr,.gov.nr
709+.nr,.biz.nr
710+.nr,.info.nr
711+.nr,.net.nr
712+.nr,.org.nr
713+.nr,.com.nr
714+.om,.com.om
715+.om,.co.om
716+.om,.edu.om
717+.om,.ac.om
718+.om,.sch.om
719+.om,.gov.om
720+.om,.net.om
721+.om,.org.om
722+.om,.mil.om
723+.om,.museum.om
724+.om,.biz.om
725+.om,.pro.om
726+.om,.med.om
727+.pe,.edu.pe
728+.pe,.gob.pe
729+.pe,.nom.pe
730+.pe,.mil.pe
731+.pe,.sld.pe
732+.pe,.org.pe
733+.pe,.com.pe
734+.pe,.net.pe
735+.ph,.com.ph
736+.ph,.net.ph
737+.ph,.org.ph
738+.ph,.mil.ph
739+.ph,.ngo.ph
740+.ph,.i.ph
741+.ph,.gov.ph
742+.ph,.edu.ph
743+.pk,.com.pk
744+.pk,.net.pk
745+.pk,.edu.pk
746+.pk,.org.pk
747+.pk,.fam.pk
748+.pk,.biz.pk
749+.pk,.web.pk
750+.pk,.gov.pk
751+.pk,.gob.pk
752+.pk,.gok.pk
753+.pk,.gon.pk
754+.pk,.gop.pk
755+.pk,.gos.pk
756+.pl,.pwr.pl
757+.pl,.com.pl
758+.pl,.biz.pl
759+.pl,.net.pl
760+.pl,.art.pl
761+.pl,.edu.pl
762+.pl,.org.pl
763+.pl,.ngo.pl
764+.pl,.gov.pl
765+.pl,.info.pl
766+.pl,.mil.pl
767+.pl,.waw.pl
768+.pl,.warszawa.pl
769+.pl,.wroc.pl
770+.pl,.wroclaw.pl
771+.pl,.krakow.pl
772+.pl,.katowice.pl
773+.pl,.poznan.pl
774+.pl,.lodz.pl
775+.pl,.gda.pl
776+.pl,.gdansk.pl
777+.pl,.slupsk.pl
778+.pl,.radom.pl
779+.pl,.szczecin.pl
780+.pl,.lublin.pl
781+.pl,.bialystok.pl
782+.pl,.olsztyn.pl
783+.pl,.torun.pl
784+.pl,.gorzow.pl
785+.pl,.zgora.pl
786+.pr,.biz.pr
787+.pr,.com.pr
788+.pr,.edu.pr
789+.pr,.gov.pr
790+.pr,.info.pr
791+.pr,.isla.pr
792+.pr,.name.pr
793+.pr,.net.pr
794+.pr,.org.pr
795+.pr,.pro.pr
796+.pr,.est.pr
797+.pr,.prof.pr
798+.pr,.ac.pr
799+.ps,.com.ps
800+.ps,.net.ps
801+.ps,.org.ps
802+.ps,.edu.ps
803+.ps,.gov.ps
804+.ps,.plo.ps
805+.ps,.sec.ps
806+.pw,.co.pw
807+.pw,.ne.pw
808+.pw,.or.pw
809+.pw,.ed.pw
810+.pw,.go.pw
811+.pw,.belau.pw
812+.ro,.arts.ro
813+.ro,.com.ro
814+.ro,.firm.ro
815+.ro,.info.ro
816+.ro,.nom.ro
817+.ro,.nt.ro
818+.ro,.org.ro
819+.ro,.rec.ro
820+.ro,.store.ro
821+.ro,.tm.ro
822+.ro,.www.ro
823+.rs,.co.rs
824+.rs,.org.rs
825+.rs,.edu.rs
826+.rs,.ac.rs
827+.rs,.gov.rs
828+.rs,.in.rs
829+.sb,.com.sb
830+.sb,.net.sb
831+.sb,.edu.sb
832+.sb,.org.sb
833+.sb,.gov.sb
834+.sc,.com.sc
835+.sc,.net.sc
836+.sc,.edu.sc
837+.sc,.gov.sc
838+.sc,.org.sc
839+.sh,.co.sh
840+.sh,.com.sh
841+.sh,.org.sh
842+.sh,.gov.sh
843+.sh,.edu.sh
844+.sh,.net.sh
845+.sh,.nom.sh
846+.sl,.com.sl
847+.sl,.net.sl
848+.sl,.org.sl
849+.sl,.edu.sl
850+.sl,.gov.sl
851+.st,.gov.st
852+.st,.saotome.st
853+.st,.principe.st
854+.st,.consulado.st
855+.st,.embaixada.st
856+.st,.org.st
857+.st,.edu.st
858+.st,.net.st
859+.st,.com.st
860+.st,.store.st
861+.st,.mil.st
862+.st,.co.st
863+.sv,.edu.sv
864+.sv,.gob.sv
865+.sv,.com.sv
866+.sv,.org.sv
867+.sv,.red.sv
868+.sz,.co.sz
869+.sz,.ac.sz
870+.sz,.org.sz
871+.tr,.com.tr
872+.tr,.gen.tr
873+.tr,.org.tr
874+.tr,.biz.tr
875+.tr,.info.tr
876+.tr,.av.tr
877+.tr,.dr.tr
878+.tr,.pol.tr
879+.tr,.bel.tr
880+.tr,.tsk.tr
881+.tr,.bbs.tr
882+.tr,.k12.tr
883+.tr,.edu.tr
884+.tr,.name.tr
885+.tr,.net.tr
886+.tr,.gov.tr
887+.tr,.web.tr
888+.tr,.tel.tr
889+.tr,.tv.tr
890+.tt,.co.tt
891+.tt,.com.tt
892+.tt,.org.tt
893+.tt,.net.tt
894+.tt,.biz.tt
895+.tt,.info.tt
896+.tt,.pro.tt
897+.tt,.int.tt
898+.tt,.coop.tt
899+.tt,.jobs.tt
900+.tt,.mobi.tt
901+.tt,.travel.tt
902+.tt,.museum.tt
903+.tt,.aero.tt
904+.tt,.cat.tt
905+.tt,.tel.tt
906+.tt,.name.tt
907+.tt,.mil.tt
908+.tt,.edu.tt
909+.tt,.gov.tt
910+.tw,.edu.tw
911+.tw,.gov.tw
912+.tw,.mil.tw
913+.tw,.com.tw
914+.tw,.net.tw
915+.tw,.org.tw
916+.tw,.idv.tw
917+.tw,.game.tw
918+.tw,.ebiz.tw
919+.tw,.club.tw
920+.mu,.com.mu
921+.mu,.gov.mu
922+.mu,.net.mu
923+.mu,.org.mu
924+.mu,.ac.mu
925+.mu,.co.mu
926+.mu,.or.mu
927+.mz,.ac.mz
928+.mz,.co.mz
929+.mz,.edu.mz
930+.mz,.org.mz
931+.mz,.gov.mz
932+.na,.com.na
933+.na,.co.na
934+.nz,.ac.nz
935+.nz,.co.nz
936+.nz,.cri.nz
937+.nz,.geek.nz
938+.nz,.gen.nz
939+.nz,.govt.nz
940+.nz,.health.nz
941+.nz,.iwi.nz
942+.nz,.maori.nz
943+.nz,.mil.nz
944+.nz,.net.nz
945+.nz,.org.nz
946+.nz,.parliament.nz
947+.nz,.school.nz
948+.pa,.abo.pa
949+.pa,.ac.pa
950+.pa,.com.pa
951+.pa,.edu.pa
952+.pa,.gob.pa
953+.pa,.ing.pa
954+.pa,.med.pa
955+.pa,.net.pa
956+.pa,.nom.pa
957+.pa,.org.pa
958+.pa,.sld.pa
959+.pt,.com.pt
960+.pt,.edu.pt
961+.pt,.gov.pt
962+.pt,.int.pt
963+.pt,.net.pt
964+.pt,.nome.pt
965+.pt,.org.pt
966+.pt,.publ.pt
967+.py,.com.py
968+.py,.edu.py
969+.py,.gov.py
970+.py,.mil.py
971+.py,.net.py
972+.py,.org.py
973+.qa,.com.qa
974+.qa,.edu.qa
975+.qa,.gov.qa
976+.qa,.mil.qa
977+.qa,.net.qa
978+.qa,.org.qa
979+.re,.asso.re
980+.re,.com.re
981+.re,.nom.re
982+.ru,.ac.ru
983+.ru,.adygeya.ru
984+.ru,.altai.ru
985+.ru,.amur.ru
986+.ru,.arkhangelsk.ru
987+.ru,.astrakhan.ru
988+.ru,.bashkiria.ru
989+.ru,.belgorod.ru
990+.ru,.bir.ru
991+.ru,.bryansk.ru
992+.ru,.buryatia.ru
993+.ru,.cbg.ru
994+.ru,.chel.ru
995+.ru,.chelyabinsk.ru
996+.ru,.chita.ru
997+.ru,.chita.ru
998+.ru,.chukotka.ru
999+.ru,.chuvashia.ru
1000+.ru,.com.ru
1001+.ru,.dagestan.ru
1002+.ru,.e-burg.ru
1003+.ru,.edu.ru
1004+.ru,.gov.ru
1005+.ru,.grozny.ru
1006+.ru,.int.ru
1007+.ru,.irkutsk.ru
1008+.ru,.ivanovo.ru
1009+.ru,.izhevsk.ru
1010+.ru,.jar.ru
1011+.ru,.joshkar-ola.ru
1012+.ru,.kalmykia.ru
1013+.ru,.kaluga.ru
1014+.ru,.kamchatka.ru
1015+.ru,.karelia.ru
1016+.ru,.kazan.ru
1017+.ru,.kchr.ru
1018+.ru,.kemerovo.ru
1019+.ru,.khabarovsk.ru
1020+.ru,.khakassia.ru
1021+.ru,.khv.ru
1022+.ru,.kirov.ru
1023+.ru,.koenig.ru
1024+.ru,.komi.ru
1025+.ru,.kostroma.ru
1026+.ru,.kranoyarsk.ru
1027+.ru,.kuban.ru
1028+.ru,.kurgan.ru
1029+.ru,.kursk.ru
1030+.ru,.lipetsk.ru
1031+.ru,.magadan.ru
1032+.ru,.mari.ru
1033+.ru,.mari-el.ru
1034+.ru,.marine.ru
1035+.ru,.mil.ru
1036+.ru,.mordovia.ru
1037+.ru,.mosreg.ru
1038+.ru,.msk.ru
1039+.ru,.murmansk.ru
1040+.ru,.nalchik.ru
1041+.ru,.net.ru
1042+.ru,.nnov.ru
1043+.ru,.nov.ru
1044+.ru,.novosibirsk.ru
1045+.ru,.nsk.ru
1046+.ru,.omsk.ru
1047+.ru,.orenburg.ru
1048+.ru,.org.ru
1049+.ru,.oryol.ru
1050+.ru,.penza.ru
1051+.ru,.perm.ru
1052+.ru,.pp.ru
1053+.ru,.pskov.ru
1054+.ru,.ptz.ru
1055+.ru,.rnd.ru
1056+.ru,.ryazan.ru
1057+.ru,.sakhalin.ru
1058+.ru,.samara.ru
1059+.ru,.saratov.ru
1060+.ru,.simbirsk.ru
1061+.ru,.smolensk.ru
1062+.ru,.spb.ru
1063+.ru,.stavropol.ru
1064+.ru,.stv.ru
1065+.ru,.surgut.ru
1066+.ru,.tambov.ru
1067+.ru,.tatarstan.ru
1068+.ru,.tom.ru
1069+.ru,.tomsk.ru
1070+.ru,.tsaritsyn.ru
1071+.ru,.tsk.ru
1072+.ru,.tula.ru
1073+.ru,.tuva.ru
1074+.ru,.tver.ru
1075+.ru,.tyumen.ru
1076+.ru,.udm.ru
1077+.ru,.udmurtia.ru
1078+.ru,.ulan-ude.ru
1079+.ru,.vladikavkaz.ru
1080+.ru,.vladimir.ru
1081+.ru,.vladivostok.ru
1082+.ru,.volgograd.ru
1083+.ru,.vologda.ru
1084+.ru,.voronezh.ru
1085+.ru,.vrn.ru
1086+.ru,.vyatka.ru
1087+.ru,.yakutia.ru
1088+.ru,.yamal.ru
1089+.ru,.yekaterinburg.ru
1090+.ru,.yuzhno-sakhalinsk.ru
1091+.rw,.ac.rw
1092+.rw,.co.rw
1093+.rw,.com.rw
1094+.rw,.edu.rw
1095+.rw,.gouv.rw
1096+.rw,.gov.rw
1097+.rw,.int.rw
1098+.rw,.mil.rw
1099+.rw,.net.rw
1100+.sa,.com.sa
1101+.sa,.edu.sa
1102+.sa,.gov.sa
1103+.sa,.med.sa
1104+.sa,.net.sa
1105+.sa,.org.sa
1106+.sa,.pub.sa
1107+.sa,.sch.sa
1108+.sd,.com.sd
1109+.sd,.edu.sd
1110+.sd,.gov.sd
1111+.sd,.info.sd
1112+.sd,.med.sd
1113+.sd,.net.sd
1114+.sd,.org.sd
1115+.sd,.tv.sd
1116+.se,.a.se
1117+.se,.ac.se
1118+.se,.b.se
1119+.se,.bd.se
1120+.se,.c.se
1121+.se,.d.se
1122+.se,.e.se
1123+.se,.f.se
1124+.se,.g.se
1125+.se,.h.se
1126+.se,.i.se
1127+.se,.k.se
1128+.se,.l.se
1129+.se,.m.se
1130+.se,.n.se
1131+.se,.o.se
1132+.se,.org.se
1133+.se,.p.se
1134+.se,.parti.se
1135+.se,.pp.se
1136+.se,.press.se
1137+.se,.r.se
1138+.se,.s.se
1139+.se,.t.se
1140+.se,.tm.se
1141+.se,.u.se
1142+.se,.w.se
1143+.se,.x.se
1144+.se,.y.se
1145+.se,.z.se
1146+.sg,.com.sg
1147+.sg,.edu.sg
1148+.sg,.gov.sg
1149+.sg,.idn.sg
1150+.sg,.net.sg
1151+.sg,.org.sg
1152+.sg,.per.sg
1153+.sn,.art.sn
1154+.sn,.com.sn
1155+.sn,.edu.sn
1156+.sn,.gouv.sn
1157+.sn,.org.sn
1158+.sn,.perso.sn
1159+.sn,.univ.sn
1160+.sy,.com.sy
1161+.sy,.edu.sy
1162+.sy,.gov.sy
1163+.sy,.mil.sy
1164+.sy,.net.sy
1165+.sy,.news.sy
1166+.sy,.org.sy
1167+.th,.ac.th
1168+.th,.co.th
1169+.th,.go.th
1170+.th,.in.th
1171+.th,.mi.th
1172+.th,.net.th
1173+.th,.or.th
1174+.tj,.ac.tj
1175+.tj,.biz.tj
1176+.tj,.co.tj
1177+.tj,.com.tj
1178+.tj,.edu.tj
1179+.tj,.go.tj
1180+.tj,.gov.tj
1181+.tj,.info.tj
1182+.tj,.int.tj
1183+.tj,.mil.tj
1184+.tj,.name.tj
1185+.tj,.net.tj
1186+.tj,.nic.tj
1187+.tj,.org.tj
1188+.tj,.test.tj
1189+.tj,.web.tj
1190+.tn,.agrinet.tn
1191+.tn,.com.tn
1192+.tn,.defense.tn
1193+.tn,.edunet.tn
1194+.tn,.ens.tn
1195+.tn,.fin.tn
1196+.tn,.gov.tn
1197+.tn,.ind.tn
1198+.tn,.info.tn
1199+.tn,.intl.tn
1200+.tn,.mincom.tn
1201+.tn,.nat.tn
1202+.tn,.net.tn
1203+.tn,.org.tn
1204+.tn,.perso.tn
1205+.tn,.rnrt.tn
1206+.tn,.rns.tn
1207+.tn,.rnu.tn
1208+.tn,.tourism.tn
1209+.tz,.ac.tz
1210+.tz,.co.tz
1211+.tz,.go.tz
1212+.tz,.ne.tz
1213+.tz,.or.tz
1214+.ua,.biz.ua
1215+.ua,.cherkassy.ua
1216+.ua,.chernigov.ua
1217+.ua,.chernovtsy.ua
1218+.ua,.ck.ua
1219+.ua,.cn.ua
1220+.ua,.co.ua
1221+.ua,.com.ua
1222+.ua,.crimea.ua
1223+.ua,.cv.ua
1224+.ua,.dn.ua
1225+.ua,.dnepropetrovsk.ua
1226+.ua,.donetsk.ua
1227+.ua,.dp.ua
1228+.ua,.edu.ua
1229+.ua,.gov.ua
1230+.ua,.if.ua
1231+.ua,.in.ua
1232+.ua,.ivano-frankivsk.ua
1233+.ua,.kh.ua
1234+.ua,.kharkov.ua
1235+.ua,.kherson.ua
1236+.ua,.khmelnitskiy.ua
1237+.ua,.kiev.ua
1238+.ua,.kirovograd.ua
1239+.ua,.km.ua
1240+.ua,.kr.ua
1241+.ua,.ks.ua
1242+.ua,.kv.ua
1243+.ua,.lg.ua
1244+.ua,.lugansk.ua
1245+.ua,.lutsk.ua
1246+.ua,.lviv.ua
1247+.ua,.me.ua
1248+.ua,.mk.ua
1249+.ua,.net.ua
1250+.ua,.nikolaev.ua
1251+.ua,.od.ua
1252+.ua,.odessa.ua
1253+.ua,.org.ua
1254+.ua,.pl.ua
1255+.ua,.poltava.ua
1256+.ua,.pp.ua
1257+.ua,.rovno.ua
1258+.ua,.rv.ua
1259+.ua,.sebastopol.ua
1260+.ua,.sumy.ua
1261+.ua,.te.ua
1262+.ua,.ternopil.ua
1263+.ua,.uzhgorod.ua
1264+.ua,.vinnica.ua
1265+.ua,.vn.ua
1266+.ua,.zaporizhzhe.ua
1267+.ua,.zhitomir.ua
1268+.ua,.zp.ua
1269+.ua,.zt.ua
1270+.ug,.ac.ug
1271+.ug,.co.ug
1272+.ug,.go.ug
1273+.ug,.ne.ug
1274+.ug,.or.ug
1275+.ug,.org.ug
1276+.ug,.sc.ug
1277+.uk,.ac.uk
1278+.uk,.bl.uk
1279+.uk,.british-library.uk
1280+.uk,.co.uk
1281+.uk,.cym.uk
1282+.uk,.gov.uk
1283+.uk,.govt.uk
1284+.uk,.icnet.uk
1285+.uk,.jet.uk
1286+.uk,.lea.uk
1287+.uk,.ltd.uk
1288+.uk,.me.uk
1289+.uk,.mil.uk
1290+.uk,.mod.uk
1291+.uk,.mod.uk
1292+.uk,.national-library-scotland.uk
1293+.uk,.nel.uk
1294+.uk,.net.uk
1295+.uk,.nhs.uk
1296+.uk,.nhs.uk
1297+.uk,.nic.uk
1298+.uk,.nls.uk
1299+.uk,.org.uk
1300+.uk,.orgn.uk
1301+.uk,.parliament.uk
1302+.uk,.parliament.uk
1303+.uk,.plc.uk
1304+.uk,.police.uk
1305+.uk,.sch.uk
1306+.uk,.scot.uk
1307+.uk,.soc.uk
1308+.us,.4fd.us
1309+.us,.dni.us
1310+.us,.fed.us
1311+.us,.isa.us
1312+.us,.kids.us
1313+.us,.nsn.us
1314+.uy,.com.uy
1315+.uy,.edu.uy
1316+.uy,.gub.uy
1317+.uy,.mil.uy
1318+.uy,.net.uy
1319+.uy,.org.uy
1320+.ve,.co.ve
1321+.ve,.com.ve
1322+.ve,.edu.ve
1323+.ve,.gob.ve
1324+.ve,.info.ve
1325+.ve,.mil.ve
1326+.ve,.net.ve
1327+.ve,.org.ve
1328+.ve,.web.ve
1329+.vi,.co.vi
1330+.vi,.com.vi
1331+.vi,.k12.vi
1332+.vi,.net.vi
1333+.vi,.org.vi
1334+.vn,.ac.vn
1335+.vn,.biz.vn
1336+.vn,.com.vn
1337+.vn,.edu.vn
1338+.vn,.gov.vn
1339+.vn,.health.vn
1340+.vn,.info.vn
1341+.vn,.int.vn
1342+.vn,.name.vn
1343+.vn,.net.vn
1344+.vn,.org.vn
1345+.vn,.pro.vn
1346+.ye,.co.ye
1347+.ye,.com.ye
1348+.ye,.gov.ye
1349+.ye,.ltd.ye
1350+.ye,.me.ye
1351+.ye,.net.ye
1352+.ye,.org.ye
1353+.ye,.plc.ye
1354+.yu,.ac.yu
1355+.yu,.co.yu
1356+.yu,.edu.yu
1357+.yu,.gov.yu
1358+.yu,.org.yu
1359+.za,.ac.za
1360+.za,.agric.za
1361+.za,.alt.za
1362+.za,.bourse.za
1363+.za,.city.za
1364+.za,.co.za
1365+.za,.cybernet.za
1366+.za,.db.za
1367+.za,.ecape.school.za
1368+.za,.edu.za
1369+.za,.fs.school.za
1370+.za,.gov.za
1371+.za,.gp.school.za
1372+.za,.grondar.za
1373+.za,.iaccess.za
1374+.za,.imt.za
1375+.za,.inca.za
1376+.za,.kzn.school.za
1377+.za,.landesign.za
1378+.za,.law.za
1379+.za,.lp.school.za
1380+.za,.mil.za
1381+.za,.mpm.school.za
1382+.za,.ncape.school.za
1383+.za,.net.za
1384+.za,.ngo.za
1385+.za,.nis.za
1386+.za,.nom.za
1387+.za,.nw.school.za
1388+.za,.olivetti.za
1389+.za,.org.za
1390+.za,.pix.za
1391+.za,.school.za
1392+.za,.tm.za
1393+.za,.wcape.school.za
1394+.za,.web.za
1395+.zm,.ac.zm
1396+.zm,.co.zm
1397+.zm,.com.zm
1398+.zm,.edu.zm
1399+.zm,.gov.zm
1400+.zm,.net.zm
1401+.zm,.org.zm
1402+.zm,.sch.zm
--- checkiprev.bash (revision 20)
+++ checkiprev.bash (revision 21)
@@ -1,4 +1,5 @@
11 #!/bin/bash
2+#stage1
23
34 debug=0
45
@@ -7,7 +8,7 @@
78 [[ -z $ip ]] && echo function $0 requires \$ip && exit 1
89
910 #need to separate the commands to get the first return code
10- ptrstr=`host $ip` || continue
11+ ptrstr=`host -W3 $ip` || continue
1112 #{ echo DEBUG: ip is $ip; continue; }
1213
1314 #we need to avoid backslash escaped foreign chars e.g.
@@ -21,7 +22,7 @@
2122 [[ $ptr = "" ]] && echo weird EMPTY ptr on ip $ip >> $piece.weird && continue
2223 (( debug == 1 )) && echo ptr is $ptr
2324
24- hostipstr=`host $ptr`
25+ hostipstr=`host -W3 $ptr`
2526 #{ echo DEBUG: ptr is $ptr; continue; }
2627 hostip=`echo $hostipstr | awk '{print $NF}'`
2728 (( debug == 1 )) && echo hostip is $hostip
--- checksan.bash (nonexistent)
+++ checksan.bash (revision 21)
@@ -0,0 +1,53 @@
1+#!/bin/bash
2+#stage2.0 (legacy)
3+
4+[[ -z $1 ]] && echo file in hosts format? && exit 1
5+hostsfile=$1
6+
7+debug=0
8+
9+ehlo=`curl -s ip.nethence.com | sed -n 1p | awk '{print $NF}' | sed 's/\.$//'`
10+echo using $ehlo as EHLO
11+
12+echo writing to $hostsfile.nossl $hostsfile.nocert $hostsfile.validcn $hostsfile.wrongcn
13+(( debug == 1 )) && echo
14+rm -f $hostsfile.nossl $hostsfile.nocert $hostsfile.validcn $hostsfile.wrongcn
15+cat $hostsfile | while read line; do
16+ ip=`echo $line | awk '{print $1}'`
17+ mx=`echo $line | awk '{print $2}'`
18+ mx=${mx%\.}
19+ (( debug == 1 )) && echo -n $mx/
20+
21+ if ! altstr=`echo Q | timeout 0.7 /usr/local/bin/openssl s_client -4 -starttls smtp -name $ehlo -servername $mx -connect $ip:25 -crlf 2>/dev/null`; then
22+ echo $mx >> $hostsfile.nossl && echo -n .
23+ continue
24+ fi
25+ (( debug == 1 )) && echo -n has ssl/
26+
27+ #no need to check CN as SAN always contains it as first match
28+ if ! alt=`echo "$altstr" | /usr/local/bin/openssl x509 -noout -text 2>/dev/null | grep DNS: | sed -r 's/DNS://g; s/,//g'`; then
29+ echo $mx >> $hostsfile.nocert && echo -n /
30+ continue
31+ fi
32+ unset altstr
33+ (( debug == 1 )) && echo -n has cert and san/
34+
35+ got=0
36+ for sni in $alt; do
37+ (( debug == 1 )) && echo -n testing sni $sni:
38+ #we are freaking lucky this condition deals with wildcards
39+ #e.g. here mxs.mail.ru = *.mail.ru does validate already
40+ if [[ $mx = $sni ]]; then
41+ echo $mx >> $hostsfile.validcn
42+ echo -n -
43+ got=1
44+ break
45+ fi
46+ done; unset sni
47+ (( got != 1 )) && echo $mx >> $hostsfile.wrongcn && echo -n _
48+ unset got
49+
50+ (( debug == 1 )) && echo
51+ unset ip mx
52+done && echo done
53+
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
--- checkvalid.bash (nonexistent)
+++ checkvalid.bash (revision 21)
@@ -0,0 +1,21 @@
1+#!/bin/bash
2+
3+[[ ! -f $HOME/masspie/cacert.pem ]] && echo $HOME/masspie/cacert.pem is required && exit 1
4+
5+[[ -z $1 ]] && echo missing x\*.ptr.validcn file as first argument && exit 1
6+inputfile=$1
7+
8+ehlo=pro5s2.nethence.com
9+#ehlo=`curl -s ip.nethence.com | sed -n 1p | awk '{print $NF}' | sed 's/\.$//'`
10+
11+echo using $ehlo as EHLO and writing to $inputfile.return
12+for mx in `cat $inputfile`; do
13+ echo -en "$mx\t"
14+
15+ #we only need the last result with 'Verify', as it repeats in parenthesis what 'Verification' said above
16+ echo Q | timeout --preserve-status -k 5s 10s /usr/local/bin/openssl s_client -4 -showcerts -verify 5 -CAfile $HOME/masspie/cacert.pem -starttls smtp -name $ehlo -servername $mx -connect $mx:25 -crlf 2>/dev/null | grep Verify || echo
17+ #-CApath /etc/ssl/certs
18+ #-brief
19+ #-verify_return_error
20+done > $inputfile.return; unset mx
21+
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
--- count.ksh (nonexistent)
+++ count.ksh (revision 21)
@@ -0,0 +1,273 @@
1+#!/bin/ksh
2+#
3+# KSH93 only (floating point)
4+#
5+set -e
6+
7+debug=0
8+
9+[[ -z $1 ]] && echo want \$shot && exit 1
10+shot=$1
11+
12+LC_NUMERIC=en_US
13+#sep="sed ':a;s/\B[0-9]\{3\}\>/,&/;ta'"
14+#| eval $sep
15+
16+echo -n entering ~/$shot/splitted/ ...
17+cd ~/$shot/splitted/ && echo done
18+
19+#based on exclude.conf
20+internet=3970693888
21+
22+range=`seq -w 00 89; seq 9000 9447`
23+
24+(( debug == 1 )) && counting inbound smtp hosts
25+#smtp=0
26+#for x in $range; do
27+# (( smtp = smtp + `grep -v ^# x$x | wc -l` )) || echo FAIL:x$x
28+#done; unset x
29+smtp=`grep -v ^# ../massp25.og | wc -l`
30+
31+(( debug == 1 )) && echo counting hosts which iprev resolve x\*.ptr
32+(( iprev = `cat x*.ptr | wc -l` ))
33+
34+(( debug == 1 )) && echo counting unique iprev hosts
35+iprevu=`wc -l < ptr.unique`
36+
37+(( debug == 1 )) && echo counting those which do not talk SSL x\*.ptr.nossl
38+nossl=0
39+for x in $range; do
40+ (( nossl = nossl + `wc -l < x$x.ptr.nossl` )) || echo FAIL:x$x
41+done; unset x
42+
43+(( debug == 1 )) && echo counting those which have wrong SAN x\*.ptr.wrongcn
44+wrongcn=0
45+for x in $range; do
46+ (( wrongcn = wrongcn + `wc -l < x$x.ptr.wrongcn` )) || echo FAIL:x$x
47+done; unset x
48+
49+(( debug == 1 )) && echo counting those which have valid SAN x\*.ptr.validcn
50+validcn=0
51+for x in $range; do
52+ (( validcn = validcn + `wc -l < x$x.ptr.validcn` )) || echo FAIL:x$x
53+done; unset x
54+
55+(( debug == 1 )) && echo counting those which validate x\*.ptr.validcn.return
56+(( validate = `grep 'Verify return code: 0 (ok)' x*.ptr.validcn.return | wc -l` )) || echo FAIL
57+
58+echo
59+printf "internet is\\t\\t%'.f\n" $internet
60+printf "inbound smtp hosts are\\t%'.f\n" $smtp
61+printf "iprev are\\t\\t%'.f\n" $iprev
62+printf "unique iprev are\\t%'.f\n" $iprevu
63+printf "no ssl are\\t\\t%'.f\n" $nossl
64+printf "wrong CN/SAN are\\t%'.f\n" $wrongcn
65+printf "iprev CN/SAN are\\t%'.f\n" $validcn
66+printf "valid chains are\\t%'.f\n" $validate
67+
68+typeset -F2 internet smtp iprev iprevu nossl wrongcn validcn validate
69+typeset -F2 ssldiff iprevdiff
70+
71+(( ssldiff = iprev - nossl ))
72+(( iprevdiff = iprev - iprevu ))
73+
74+typeset -F2 result
75+
76+echo
77+
78+(( result = smtp * 100 / internet ))
79+echo $result% of the public network listens on port 25/tcp - ${smtp%\.*} out of ${internet%\.*}
80+
81+(( result = iprev * 100 / smtp ))
82+echo $result% of the smtp servers are full-circle reverse DNS - ${iprev%\.*} out of ${smtp%\.*}
83+
84+(( result = iprevdiff * 100 / iprev ))
85+echo $result% of those iprev hosts are multi-homed \(round-robin\) - ${iprevdiff%\.*} out of ${iprev%\.*}
86+
87+(( result = ssldiff * 100 / iprev ))
88+echo $result% of full-circle hosts talk SSL/STARTTLS - ${ssldiff%\.*} out of ${iprev%\.*}
89+
90+#echo $(( validcn * 100 / iprev ))% of full-circle hosts advertise a valid subject alternative - ${validcn%\.*} out of ${iprev%\.*}
91+
92+(( result = validcn * 100 / ssldiff ))
93+echo $result% of SSL-enabled hosts advertise an iprev subject alternative name - ${validcn%\.*} out of ${ssldiff%\.*}
94+
95+(( result = validate * 100 / validcn ))
96+echo $result% of SAN hosts have a valid certificate chain - ${validate%\.*} out of ${validcn%\.*}
97+
98+echo
99+
100+#
101+# here comes stats based on MX records
102+#
103+
104+ptrs=`wc -l < ptr.unique`
105+
106+cd domains/
107+
108+domains=`wc -l < domains.unique`
109+
110+cd mx/
111+
112+mx=`wc -l < mx.unique`
113+
114+cd dane/
115+
116+(( debug == 1 )) && echo counting trueok
117+trueok=`grep '0 (ok)$' *.ssl | grep -v 'New, (NONE), Cipher is (NONE)' | wc -l`
118+
119+(( debug == 1 )) && echo counting fakeok
120+fakeok=`grep '0 (ok)$' *.ssl | grep 'New, (NONE), Cipher is (NONE)' | wc -l`
121+
122+#grep 'Verify return code: ' mx.unique37.ssl | cut -f2 -d: | sort -u
123+(( debug == 1 )) && echo counting notyet
124+notyet=`grep '9 (certificate is not yet valid)$' *.ssl | wc -l`
125+
126+(( debug == 1 )) && echo counting expired
127+expired=`grep '10 (certificate has expired)$' *.ssl | wc -l`
128+
129+(( debug == 1 )) && echo counting selfsigned
130+selfsigned=`grep '18 (self signed certificate)$' *.ssl | wc -l`
131+
132+(( debug == 1 )) && echo counting selfchain
133+selfchain=`grep '19 (self signed certificate in certificate chain)$' *.ssl | wc -l`
134+
135+(( debug == 1 )) && echo counting untrusted
136+untrusted=`grep '20 (unable to get local issuer certificate)$' *.ssl | wc -l`
137+
138+(( debug == 1 )) && echo counting firstinvalid
139+invalid=`grep '21 (unable to verify the first certificate)$' *.ssl | wc -l`
140+
141+(( debug == 1 )) && echo counting purpose
142+purpose=`grep '26 (unsupported certificate purpose)$' *.ssl | wc -l`
143+
144+(( debug == 1 )) && echo counting dane
145+dane=`grep THIS-LOOKS-LIKE-DANE$ *.dane | wc -l`
146+#notlsa=`grep notlsa$ *.dane | wc -l`
147+#servfail=`grep servfail$ *.dane | wc -l`
148+#timeout=`grep timeout$ *.dane | wc -l`
149+
150+(( debug == 1 )) && echo counting daneee and daneta
151+daneee=`grep ^DANE *.dane.results | grep 'matched EE' | wc -l`
152+daneta=`grep ^DANE *.dane.results | grep 'matched TA' | wc -l`
153+#grep ^DANE *.results | grep -vE 'matched EE|matched TA'
154+
155+(( debug == 1 )) && echo counting STARTTLS
156+#TOFIX
157+#enforcetotal=`cat mx.unique*.starttls.enforce.dist | wc -l`
158+enforcetotal2=`cat mx.unique*.starttls.enforce | wc -l`
159+connectbaddns=`grep connect-bad-dns$ mx.unique*.starttls.enforce | wc -l`
160+connectfailed=`grep connect-failed$ mx.unique*.starttls.enforce | wc -l`
161+connect4xx=`grep connect-4xx$ mx.unique*.starttls.enforce | wc -l`
162+connect5xx=`grep connect-5xx$ mx.unique*.starttls.enforce | wc -l`
163+connectrefused=`grep connect-refused$ mx.unique*.starttls.enforce | wc -l`
164+connectclosed=`grep connect-closed$ mx.unique*.starttls.enforce | wc -l`
165+connecttimeout=`grep connect-timeout$ mx.unique*.starttls.enforce | wc -l`
166+connectunknown=`grep connect-unknown$ mx.unique*.starttls.enforce | wc -l`
167+ehlo2xxnostarttls=`grep ehlo-2xx-no-starttls$ mx.unique*.starttls.enforce | wc -l`
168+ehlo5xx=`grep ehlo-5xx$ mx.unique*.starttls.enforce | wc -l`
169+ehlo4xx=`grep ehlo-4xx$ mx.unique*.starttls.enforce | wc -l`
170+ehlotimeout=`grep ehlo-timeout$ mx.unique*.starttls.enforce | wc -l`
171+ehlounknown=`grep ehlo-unknown$ mx.unique*.starttls.enforce | wc -l`
172+#sender2xx=`grep sender-2xx$ mx.unique*.starttls.enforce | wc -l`
173+#sender5xx=`grep sender-5xx$ mx.unique*.starttls.enforce | wc -l`
174+#sender4xx=`grep sender-4xx$ mx.unique*.starttls.enforce | wc -l`
175+hastls=`grep -E '^250-STARTTLS|^250 STARTTLS' mx.unique*.starttls | wc -l`
176+
177+#we want
178+#530 5.7.0 Must issue a STARTTLS command first
179+#530 5.5.1 Invalid command: Must issue a STARTTLS command first
180+#530 Must issue STARTTLS first.
181+#430 4.7.0 Must issue a STARTTLS command first
182+#grep -E '[[:digit:]]{3} 5\.7\.3 ' mx.unique*.starttls
183+
184+#exceptions
185+#530 5.7.1 Client was not authenticated
186+#530 5.7.3 Client was not authenticated
187+#530 aws.besteffort.com ESMTP MailEnable Service, Version: 9.76-9.76- denied access at 01/22/20 13:32:04
188+
189+must=`grep -E '^575 |^[[:digit:]]{3} 5\.7\.3 |^530 |^451 5\.7\.3 |^430 4\.7\.0 |^451 .*TLS.*|^550 AUTH TLS |^550 TLS ' mx.unique*.starttls | grep -vE ' 5\.7\.1 |530 5\.7\.3 |MailEnable' | wc -l`
190+
191+(( mxdown = connectbaddns + connectfailed + connect4xx + connect5xx + connectrefused + connectclosed + connecttimeout + connectunknown ))
192+
193+cd ../../../
194+
195+(( debug == 1 )) && echo
196+
197+printf "IPREV PTRs\t\t\t%'.f\n" $ptrs
198+#next versions will have 2nd-3rd-level domains: $domains
199+printf "Deferenced domains\t\t%'.f\n" $domains
200+printf "MX records\t\t\t%'.f\n" $mx
201+echo
202+
203+printf "Total results for enforce check\t%'.f\n" $enforcetotal2
204+printf "Unreachable MXen\t\t%'.f\n" $mxdown
205+printf "No STARTTLS\t\t\t%'.f\n" $ehlo2xxnostarttls
206+#printf "Opportunistic STARTTLS\t\t%'.f\n" $sender2xx
207+#printf "Enforced STARTTLS or 5xx\t%'.f\n" $sender5xx
208+#printf "Enforced STARTTLS or 4xx\t%'.f\n" $sender4xx
209+printf "Offers STARTTLS\t\t\t%'.f\n" $hastls
210+printf "Enforces STARTTLS\t\t%'.f\n" $must
211+echo
212+
213+printf "Trusted certificate chain\t%'.f (ok)\n" $trueok
214+printf "Cipher is (NONE)\t\t%'.f (ok)\n" $fakeok
215+printf "From the future\t\t\t%'.f (certificate is not yet valid)\n" $notyet
216+printf "Expired\t\t\t\t%'.f (certificate has expired)\n" $expired
217+printf "Self-signed\t\t\t%'.f (self signed certificate)\n" $selfsigned
218+printf "Self-signed CA\t\t\t%'.f (self signed certificate in certificate chain)\n" $selfchain
219+printf "Untrusted certificate chain\t%'.f (unable to get local issuer certificate)\n" $untrusted
220+printf "Invalid certificate\t\t%'.f (unable to verify the first certificate)\n" $invalid
221+printf "Wrong purpose certificate\t%'.f (unsupported certificate purpose)\n" $purpose
222+printf "TLSA records\t\t\t%'.f\n" $dane
223+printf "Valid PKIX/DANE-EE\t\t%'.f\n" $daneee
224+printf "Valid PKIX/DANE-TA\t\t%'.f\n" $daneta
225+echo
226+
227+typeset -F2 result
228+(( result = mx * 100 / domains ))
229+echo $result% of deferenced domains have an MX record
230+unset result
231+
232+typeset -F2 result
233+(( result = trueok * 100 / mx ))
234+echo $result% of MX certificates are valid
235+unset result
236+
237+typeset -F2 result
238+(( result = fakeok * 100 / mx ))
239+echo $result% of MX end-points do not offer STARTTLS
240+unset result
241+
242+typeset -F2 result
243+(( result = expired * 100 / mx ))
244+echo $result% of MX certificates are expired
245+unset result
246+
247+typeset -F2 result
248+(( result = selfsigned * 100 / mx ))
249+echo $result% of MX certificates are self-signed
250+unset result
251+
252+typeset -F2 result
253+(( result = untrusted * 100 / mx ))
254+echo $result% of MX certificates are private
255+unset result
256+
257+typeset -F2 result
258+(( result = invalid * 100 / mx ))
259+echo $result% of MX certificates are invalid
260+unset result
261+
262+typeset -F2 result
263+(( result = dane * 100 / mx ))
264+echo $result% of MX end-points have a DANE record
265+unset result
266+
267+typeset -F2 result
268+(( result = ( daneee + daneta ) * 100 / mx ))
269+echo $result% of MX end-points validating DANE \(trusted, private and self-signed\)
270+unset result
271+
272+echo
273+
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Show on old repository browser