#!/usr/bin/perl
#
# This is a sample script to download the spambag HTTP rewrite file and
# install it.  Before you run this script you must install
# the wget utility, if you don't already have it installed, then:
#
# 1. Import the spambag.org GPG key - http://www.spambag.org/GPGKEY.txt
#
# 2. Set URL, below, to one of the mirrors of the spambag HTTP rewrite file
#
# 3. Set REWRITEURL, below, to the URL you want the listed IP addresses to
#    be bumped to.  In a pinch, you can leave it at the default setting of
#    http://www.spambag.org/cgi-bin/spambag, however you should consider
#    setting up your own page, with an explanation, and an alternate means
#    for contact.
#
# 4. Set FILE, below, to the filename of your apache rewrite file.
#
# 5. If you can, download and install the Net::DNS Perl module from CPAN
#    (www.cpan.org - if you do not already have Net::DNS installed).  This
#    script will work without Net::DNS, except that Net::DNS will prevent a
#    lot of unnecessary processing.
#
# 6. Set up a periodic job to run this script (from its current directory),
#    and then reload the apache processes (so that they can pick up the
#    updated rewrite file).
#    For example, if this script is installed as /usr/share/spambag/httpmirror:
#
#        cd /usr/share/spambag && ./httpmirror

$ZONE="blacklist.spambag.org";
$URL="http://www.spambag.org/export";
$REWRITEURL="http://www.spambag.org/cgi-bin/spambag";
$FILE="/path/to/apache-rewrite.conf";

# See if we have Net::DNS

eval "use Net::DNS;";

if ($@ == 0)  # Net::DNS is installed.
{
# If SOA serial number hasn't changed, don't even bother.

    my $serial="X";

    my $res= new Net::DNS::Resolver;

    my $query = $res->query($ZONE, "SOA");

    my $rr;

    if (defined $query)
    {
	foreach $rr ($query->answer)
	{
	    next unless $rr->type eq "SOA";

	    $serial=$rr->serial . "\n";
	}
    }
    else
    {
	print STDERR "DNS query failure for $ZONE\n";
	exit 0;
    }

    if (open(IN, $FILE))
    {
	my $line=<IN>;

	chomp $line;

	close(IN);

	exit 0 if $line eq "#SERIAL=$serial";
    }
}

system("wget -N $URL/spambag.http");

exit 1 if $?;

system("wget -N $URL/spambag.http.sig");

exit 1 if $?;

system("gpg --verify spambag.http.sig spambag.http");

exit 1 if $?;

open (IN, "spambag.http") || exit 1;

open (OUT, ">spambag.http.new") || exit 1;

while (<IN>)
{
    s/\@URL\@/$REWRITEURL/ge;
    print OUT;
}

close(IN) || exit 1;
close (OUT) || exit 1;

system("mv spambag.http.new $FILE");   # Let mv deal with cross-device moves