PowerShell

PSBlackListChecker – Notifications to Microsoft Teams, Slack of Blacklisted IPs

If this is the first time you're reading about this module, it's simple PowerShell module that allows you to verify whether your IP address is on a blacklist or not. As you may know (or not know) there are over 80 blacklists run by multiple companies, organizations and having IP on their lists can cripple your mail flow heavily. Whether it's Microsoft Exchange or some other type of SMTP server, having an IP address that has a decent reputation is a must. This module won't fix your status but, it will allow you to monitor if your IP ever gets added to one of those lists so you can act upon it.

What's new

This new version takes old features and builds on top of it. It now can send notifications to Microsoft Teams, Slack but it's a bit faster, especially on a higher amount of IPs to check. This version changes your CONFIGURATION file. If you use this module already, please check new version below.

PSBlackListChecker Information
Please notice this article contains parts of information (still useful) and may not reflect all functionalities of this module. For download, source code and so on you should refer to the dedicated PSBlackListChecker module page. After reading this one of course! It contains useful informationexamples, and know-how. Without it, you may not know all the features.

To make sure you don't take my word for it I've actually spent some time and you can choose the way you want to use Search-Blacklist with. The newest version comes with parameter RunType which allows you to choose one of 6 parameters

NoWorkflowAndRunSpaceNetDNS – Basic check. Doesn't use WorkFlow or Runspaces. Uses [Net.DNS] command.
NoWorkflowAndRunSpaceResolveDNS – Basic check. Doesn't use WorkFlow or Runspaces. Uses Resolve-DNS command.
WorkflowWithNetDNS – Basic check. Uses WorkFlow. Uses [Net.DNS] command.
WorkflowResolveDNS – Basic check. Uses WorkFlow. Uses Resolve-DNS command.
RunSpaceWithNetDNS – Basic check. Uses Runspaces. Uses [Net.DNS] command.
RunSpaceWithResolveDNS – Basic check. Uses Runspaces. Uses Resolve-DNS command.

While as you can imagine there's not much benefit to having all those choices… I wanted to verify the difference between Workflow, Runspaces and [Net.DNS] vs newer Resolve-DNS. You can find some results below:

Results of searching for 4 IPs on about 80 blacklists. As you can see below Runspaces are much faster to what is offered by Workflow and to what is available without it. What's a bit surprising is that [Net.DNS] is faster on Runspaces than Resolve-DNS at the same time losing heavily with Resolve-DNS when using Workflow. Of course, there may be some other conditions that play it, or maybe some small differences in implementation but it would seem Resolve-DNS is a bit slower than using Net.DNS but I still decided to use it due to modern functionality.

With just 1 IP the differences aren't as visible and are a bit different allowing Resolve-DNS to score few points more in comparison to Net.DNS. Of course, Runspaces win this one too. Actually, for Runspaces there seemed to be marginal change. In the end, it all doesn't matter. This tool is supposed to run in the background and doing this every 1 hour or so. Just in case you would like to test this out yourself be my guest. If you find inconsistencies in my testing, please let me know!

Clear-Host
Import-Module PSBlackListChecker -Force

$RunTypes = 'NoWorkflowAndRunSpaceNetDNS', 'NoWorkflowAndRunSpaceResolveDNS', 'WorkflowResolveDNS', 'WorkflowWithNetDNS', 'RunSpaceWithResolveDNS', 'RunSpaceWithNetDNS'

$IPs = '89.74.48.96' , '89.74.48.97', '89.74.48.98', '89.74.48.99'

$Results = @()
foreach ($RunType in $RunTypes) {
    Write-Color '[', 'start ', ']', ' Testing ', $RunType -Color White, Green, White, White, Yellow
    $StopWatch = [System.Diagnostics.Stopwatch]::StartNew()
    $BlackList = Search-BlackList -IP $IPs -RunType $RunType -ReturnAll
    $StopWatch.Stop()
    $BlackListListed = $BlackList | Where-Object { $_.Islisted -eq $true }
    $BlackListListed | Format-Table -AutoSize
    Write-Color '[', 'output', ']', ' Blacklist Count ', $Blacklist.Count, ' Blacklist Listed Count ', $($BlackListListed.Count) -Color White, Yellow, White, White, Gray, White, Green
    Write-Color '[', 'end   ', ']', ' Elapsed ', $RunType, ' minutes: ', $StopWatch.Elapsed.Minutes, ' seconds: ', $StopWatch.Elapsed.Seconds, ' Milliseconds: ', $StopWatch.Elapsed.Milliseconds -Color White, Red, White, White, Yellow, White, Yellow, White, Green, White, Green, White, Green

    $Results += [PsCustomObject][ordered]@{
        'RunType'           = $RunType
        'BlackList All'     = $Blacklist.Count
        'BlackList Found'   = $BlackListListed.Count
        'Time Minutes'      = $StopWatch.Elapsed.Minutes
        'Time Seconds'      = $StopWatch.Elapsed.Seconds
        'Time Milliseconds' = $StopWatch.Elapsed.Milliseconds
    }
}

$Results | Format-Table -Autosize
Manual Usage
Import-Module PSBlackListChecker #-Force

$IP = '89.74.48.96'
$IP1 = '89.74.48.97'
$MultipleIP = $IP, $IP1

Search-BlackList -IP $IP | Format-Table -AutoSize
Search-BlackList -IP $IP -ReturnAll | Format-Table -AutoSize

## Other ideas below

Search-BlackList -IP $IP -RunType RunSpaceWithResolveDNS | Format-Table -AutoSize
Search-BlackList -IP $IP -RunType RunSpaceWithNetDNS | Format-Table -AutoSize
Search-Blacklist -IP $IP -RunType WorkflowWithNetDNS | Format-Table -AutoSize
Search-Blacklist -IP $IP -RunType WorkflowResolveDNS | Format-Table -AutoSize
Search-Blacklist -IP $IP -RunType NoWorkflowAndRunSpaceNetDNS | Format-Table
Search-BlackList -IP $IP -ReturnAll | Format-Table -AutoSize
Search-BlackList -IP $IP -ReturnAll -SortBy IsListed -SortDescending $true
Search-BlackList -IP $MultipleIP -ReturnAll -SortBy Ip | Format-Table -AutoSize
Search-BlackList -IP $MultipleIP -ReturnAll -SortBy BlackList | Format-Table -AutoSize
Microsoft Teams support

As a heavy user, there could be no PSBlackListChecker without support for Microsoft Teams. If IP appears on a blacklist, it sends you a notification to channel of your choice, along with two buttons. First one allows you to confirm your findings on MxToolBoxthe second one checks SMTP connectivity (also using MXToolBox – great tool btw!). Keep in mind that if you setup Scheduler to check for Blacklists every 5 minutes or every 1 hour, you will keep on getting notifications until your problem is solved or task scheduler is turned off. There may be a feature in future that would be able to detect this but not yet.

Slack Support

While I don't use Slack myself, I heard it's a good piece of software, so I'm adding it here. If you think display can be better feel free to contact me on GitHub and make a PR so we can improve the experience for everyone. When IP appears on the blacklist, you can also click Title of the message, and a website MXToolBox open.

PSBlackListChecker Information
Please notice this article contains parts of information (still useful) and may not reflect all functionalities of this module. For download, source code and so on you should refer to the dedicated PSBlackListChecker module page. After reading this one of course! It contains useful informationexamples, and know-how. Without it, you may not know all the features.
Config file for reporting

A new version, new configuration file. While old one still should work to use new features you should use the newest version.

Import-Module PSBlackListChecker

$EmailParameters = @{
    EmailFrom            = "monitoring@domain.pl"
    EmailTo              = "przemyslaw.klys@domain.pl" #
    EmailCC              = ""
    EmailBCC             = ""
    EmailServer          = ""
    EmailServerPassword  = ""
    EmailServerPort      = "587"
    EmailServerLogin     = ""
    EmailServerEnableSSL = 1
    EmailEncoding        = "Unicode"
    EmailSubject         = "[Reporting] Blacklist monitoring"
    EmailPriority        = "Low" # Normal, High
}
$FormattingParameters = @{
    CompanyBranding   = @{
        Logo   = "https://evotec.xyz/wp-content/uploads/2015/05/Logo-evotec-012.png"
        Width  = "200"
        Height = ""
        Link   = "https://evotec.xyz"
        Inline = $false
    }
    FontFamily        = "Calibri Light"
    FontSize          = "9pt"
    FontHeadingFamily = "Calibri Light"
    FontHeadingSize   = "12pt"
}
$ReportOptions = @{
    MonitoredIps       = @{
        Ip1 = '89.25.253.1'
        Ip2 = '188.117.129.1'
        # you can add as many Ip's as you want / IP1,2,3,4,5 etc
    }
    NotificationsEmail = @{
        Use                          = $false
        EmailPriorityWhenBlacklisted = 'High'
        EmailPriorityStandard        = 'Low'
        EmailAllResults              = $false
        EmailAlways                  = $true
        SortBy                       = 'IsListed' # Options: 'IP', 'BlackList', 'IsListed', 'Answer', 'FQDN
        SortDescending               = $true
    }
    NotificationsTeams = @{
        Use              = $false
        TeamsID          = ''
        MessageTitle     = 'IP Blacklisted'
        MessageText      = 'Everybody panic!'
        MessageImageLink = 'https://raw.githubusercontent.com/EvotecIT/PSTeams/master/Links/Asset%20130.png'
        MessageButtons   = $true
    }
    NotificationsSlack = @{
        Use            = $false
        Channel        = '#general'
        Uri            = ""
        MessageTitle   = 'IP Blacklisted'
        MessageText    = 'Everybody panic!'
        MessageButtons = $true
        MessageEmoji   = ':hankey:'  # Emoji List https://www.webpagefx.com/tools/emoji-cheat-sheet/
        MessageAsUser  = 'PSBlackListChecker'
    }
}

Start-ReportBlackLists -EmailParameters $EmailParameters -FormattingParameters $FormattingParameters -ReportOptions $ReportOptions

This post was last modified on November 3, 2018 21:29

Przemyslaw Klys

System Architect with over 14 years of experience in the IT field. Skilled, among others, in Active Directory, Microsoft Exchange and Office 365. Profoundly interested in PowerShell. Software geek.

Share
Published by
Przemyslaw Klys
Tags: blacklistblacklist ipexchangeipnet.dnspowershellresolve-dnsrunspacessmtpworkflow
6 years ago

Recent Posts

Upgrade Azure Active Directory Connect fails with unexpected error

Today, I made the decision to upgrade my test environment and update the version of…

2 months ago

Mastering Active Directory Hygiene: Automating Stale Computer Cleanup with CleanupMonster

Have you ever looked at your Active Directory and wondered, "Why do I still have…

3 months ago

Active Directory Replication Summary to your Email or Microsoft Teams

Active Directory replication is a critical process that ensures the consistent and up-to-date state of…

7 months ago

Syncing Global Address List (GAL) to personal contacts and between Office 365 tenants with PowerShell

Hey there! Today, I wanted to introduce you to one of the small but excellent…

12 months ago

Active Directory Health Check using Microsoft Entra Connect Health Service

Active Directory (AD) is crucial in managing identities and resources within an organization. Ensuring its…

1 year ago

Seamless HTML Report Creation: Harness the Power of Markdown with PSWriteHTML PowerShell Module

In today's digital age, the ability to create compelling and informative HTML reports and documents…

1 year ago