Checking your IP against RBLs in icinga2

Posted by Markus Benning on January 09, 2015

To make sure that your IP is listed on any RBL you can implement a daily check in icinga2.

The check can be implement with the check_rbl script:

The script has a few perl module dependencies. To install them on a debian system execute:

apt-get install libreadonly-xs-perl libnagios-plugin-perl libdata-validate-ip-perl libdata-validate-domain-perl

Then download the script and make it executable:

curl -o /usr/local/bin/check_rbl
chmod 755 /usr/local/bin/check_rbl

Also download a copy of the configuration file:

curl -o /etc/check_rbl.ini

Edit the configuration file and add/remove RBLs as needed. When writting this, the list still included the retired AHBL blacklist. To disable it comment the following line:


Now its time to start a test run:

check_rbl -t 60 --extra-opts=rbl@/etc/check_rbl.ini -H -v

The script will display all checked RBLs and exit with a Nagios status line:

CHECK_RBL OK - BLACKLISTED on 0 servers of 38 | servers=0;0;0 time=10s;;

Now add the command/service definitions to your icinga2 configuration and apply the rbl_address to your hosts definition.

Create /etc/icinga2/conf.d/check_rbl.conf with the following content:

object CheckCommand "rbl" {
        import "plugin-check-command"

        command = [ "/usr/local/bin/check_rbl" ]

        arguments = {
                "-t" = "$rbl_timeout$"
                "--extra-opts" = "rbl@$rbl_config$"
                "-H" = "$rbl_address$"

        vars.rbl_address = "$address$"
        vars.rbl_timeout = "60"
        vars.rbl_config = "/etc/check_rbl.ini"

Add the following service description to your /etc/icinga2/conf.d/services.conf:

apply Service "rbl" {
  import "generic-service"
  check_command = "rbl"
  assign where host.vars.rbl_address

And a rbl_address variable to all hosts you want to check:

vars.rbl_address = ""

Restart the icinga2 service and see the results in icinga-web.