Please consider donating: https://www.corelan.be/index.php/donate/


5,730 views

Free Tool – Cisco Ironport C350 Safelist / Blocklist merge utility

If you have multiple Cisco Ironport C350 devices, you may have noticed that safelist / blocklist entries are bound to an individual device. So if your Ironport devices are both installed to handle incoming mails, end users need to manage safelists/blocklists on both devices in order to be sure that both devices operate in the same way.

This is a problem, because, to an end user, it should not matter where they manage the safelist/blocklist, they only want to do it just one time and on one device, and not multiple times. 

In order to capture the safelist/blocklist database from multiple devices, merge the lists, and then activate the merged lists on all devices, you would need to use the backup & restore features.

The Cisco Ironport CLI allows admins to create a backup of the configuration, but surprisingly this does not include the safelist/blocklist database.  The management GUI allows administrators to backup & restore safelists/blacklists, but it cannot be scheduled.   Cisco Ironport support has told me that there is no way to do this.

So I wrote a small utility that will allow you to

  • backup of the safelist / blocklist database of a Cisco Ironport C350 device. You can run this against any number of Cisco Ironport devices
  • merge the backup files into 1 big file
  • copy the merged file back to all of your Ironport devices and activate/restore the merged file

All of these actions are CLI commands, so you can build a batch script file and use Windows Scheduled Tasks to run this at any given time.

Requirements :

In order for the application to run, the following requirements must be met :

1. The server/computer running the script must have access to the Ironport interfaces that are activated for management.

2. The Ironport must be configured for management over HTTPS and SSH, and must allow FTP access as well. If there is a firewall between the server/computer running the scripts and the interface that hosts the management ports, the ports for HTTPS, SSH and FTP must be open

3. The user account used in the script must have admin access

4. pscp.exe (Putty) needs to be present in the working directory

 

 

This is how it works :

 

If you run the tool without parameters, you’ll get this :

------------------------------------------------------- PVE Cisco Ironport Safelist and Blocklist Merge utility http://freetools.corelan.be peter.ve@telenet.be July 2008 Version 1.0.0.1 ------------------------------------------------------- Current date & time : 27/07/2008 13:09 ------------------------------------------------------- ===== Unlicensed copy ===== Usage : ------- Create request for license file : -lic Get Safelist & blocklist from device : -h <Ironport host> -p <https port> -fp <ftp port> _

-u <username> -pw <password> -m backup _

-fe <export_list_as_filename>
[-w ] (optional parameter, default=30, so max wait time will be 30 x 10 seconds
Merge multiple files : -fm "file1,file2,file3,file4,..." -m merge _

-smf <save_merged_file_as> Put safelist & blocklist back onto device: -h <Ironport host> -p <https port> -sp <ssh port> _

-u <username> -pw <password> -m restore -fi <slbl_filename_to_import> Notes : In order for the backup to work, the device must be reachable

over HTTPS and FTP

In order for the restore to work, the device must be reachable

over HTTPS and SSH, and pscp.exe

(http://the.earth.li/~sgtatham/putty/latest/x86/pscp.exe) must

be in the current directory as well

Finally, the import file must start with slbl_ and have .csv extension

In all cases, the useraccount must be member of the operators or administrators

 

Before you can use the tool, you’ll have to create a license request and send the request to me.  The tool is free, but I will process your request faster if you donate something/anything at all using paypal (send to peter.ve@telenet.be), or if you pick something off my Amazon wish lists (BooksElectronics).  In the email that contains the license request, you should either mention a reference to the paypal or amazon transaction, or you should include "I do not wish to donate at this time". Don’t feel obliged to donate.

You can create a license request by running

PVEIronportSafeBlockListMerger.exe -lic

Next, take the .req file, and send it to peter.ve@telenet.be (don’t forget the small text that either includes the donation information as explained above, or the text "I do not want to donate at this time").  Also, please specify the username/company name and email address that should be used in the license file).  If these entries are not in the email, I won’t be able to create a license file.

When you receive the license file, just put it in the same folder as the .exe file.  If the .lic file is present and if you run the tool again, you should see the license information :

-------------------------------------------------------
PVE Cisco Ironport Safelist and Blocklist Merge utility
http://freetools.corelan.be
peter.ve@telenet.be
July 2008
Version 1.0.0.0
-------------------------------------------------------
Current date & time : 27/07/2008 13:11
-------------------------------------------------------

=================================================
Licensed copy
Licensed to : Peter Van Eeckhoutte
Email address : peter.ve@telenet.be
=================================================

 

A. Get the safelist/blocklist database and save it locally on your server/computer into a csv file

(run this against all of your Ironports, and save the files into unique, separate files)

PVEIronportSafeBlockListMerger.exe -h ironport1.domain.com _

-p 443 -fp 21 -u admin -pw YourAdminPassword -m backup _

-fe Ironport1.csv ------------------------------------------------------- PVE Cisco Ironport Safelist and Blocklist Merge utility http://freetools.corelan.be peter.ve@telenet.be July 2008 Version 1.0.0.1 ------------------------------------------------------- Current date & time : 27/07/2008 13:12 ------------------------------------------------------- ================================================= Licensed copy Licensed to : Peter Van Eeckhoutte Email address : peter.ve@telenet.be ================================================= [+] Task Summary Mode : backup Ironport host : ironport1.domain.com HTTPS port : 443 FTP port : 21 Username : admin Password : <hidden> Export list to : Ironport1.csv Max wait time  : 40 times 10 secs [+] Logging in to Ironport ironport1.domain.com:443 as user admin [ ] Logged in [+] Creating backup of safelist and blocklist and copying backup to this machine as file Ironport1.csv [ ] Please wait until device finishes backup - This can take a while... (I'll wait 10 seconds to start with) [+] Generating blacklist/safelist file [+] Verifying that file doesn't grow anymore Current size : 179 bytes [+] File size is stable now [+] Saving Safelist/Blocklist file as Ironport1.csv [+] Backup complete. [ ] File downloaded : slbl-<XXXXXXXXXXXXXX>-20080727T111250.csv (27/07/2008 13:12) Number of other (old) slbl*.csv files removed : 0

 

 

dir *.csv Volume in drive C has no label. Volume Serial Number is 585F-8B81 Directory of C:\ironport 27/07/2008 13:13 179 Ironport1.csv 1 File(s) 179 bytes 0 Dir(s) 25.898.405.888 bytes free

 

Once you have downloaded all safelist/blocklist files to individual files, you can merge the files together and then upload them back to the various devices.

Of course, you can also use this command to only create a backup of the safelist/blocklist databases.

 

B. Merge the safelist/blocklist

Suppose you have 2 Ironport devices, and you have saved the individual files to Ironport1.csv and Ironport2.csv, then this is the command to use :

PVEIronportSafeBlockListMerger.exe -fm "Ironport1.csv,Ironport2.csv" _

-m merge -smf "IronportMerged.csv" ------------------------------------------------------- PVE Cisco Ironport Safelist and Blocklist Merge utility http://freetools.corelan.be peter.ve@telenet.be July 2008 Version 1.0.0.1 ------------------------------------------------------- Current date & time : 27/07/2008 13:40 ------------------------------------------------------- ================================================= Licensed copy Licensed to : Peter Van Eeckhoutte Email address : peter.ve@telenet.be ================================================= [+] Task Summary Mode : merge Merge files : Ironport1.csv,Ironport2.csv Save merged output to : IronportMerged.csv [+] Reading input files [ ] Opening file Ironport1.csv [ ] Opening file Ironport2.csv [+] Merging input files to IronportMerged.csv [+] Output written to IronportMerged.csv

 

C. Deploy the merged file back to your Ironports

The last step is to copy the file back to the Ironports and to activate/restore this file. This mode requires pscp.exe to be present in the working directory.  If, for any reason, the application appears to hang at "Copying file to….", then download plink.exe from PuTTY Download Page, put it in the same folder, and use plink.exe to connect to the Ironports.  This will allow you to save the ssh key for each Ironport device.  From that point forward, the merge utility should work just fine (and you can even remove plink.exe again if you want to)

PVEIronportSafeBlockListMerger.exe -h ironport1.domain.com _

-p 443 -sp 22 -u admin -pw YourAdminPassword -m restore _

-fi IronportMerged.csv ------------------------------------------------------- PVE Cisco Ironport Safelist and Blocklist Merge utility http://freetools.corelan.be peter.ve@telenet.be July 2008 Version 1.0.0.1 ------------------------------------------------------- Current date & time : 27/07/2008 13:43 ------------------------------------------------------- ================================================= Licensed copy Licensed to : Peter Van Eeckhoutte Email address : peter.ve@telenet.be ================================================= [+] Task Summary Mode : restore Ironport host : ironport1.domain.com HTTPS port : 443 SSH port : 22 Username : admin Password : <hidden> Import from file : IronportMerged.csv [+] Copying file IronportMerged.csv to Ironport ironport1.domain.com using SCP (port 22) [+] File copied to Ironport [+] Logging in to Ironport ironport1.domain.com:443 as user admin [ ] Logged in [+] Activating restored safelist/blacklist file IronportMerged.csv [ ] Please wait until device finishes restore - This can take a little while... [+] Done.

 

Run this command against all Ironports, and you should be all set.

 

Download the utility

You can download the utility from http://users.telenet.be/internet.activities/freetools

After downloading the zip file, extract it to a folder (e.g. c:\ironport) and run the utility from the command line

(or from a batch script)

 

 

Version history

1.0.0.1 : released on 21 oct 2008.

Added parameter to allow users to set wait time (in case it takes longer than 10 seconds to generate the safelist/blocklist file on the appliance)

1.0.0.0 : released on 27 july 2008

© 2008 – 2009, Peter Van Eeckhoutte (corelanc0d3r). All rights reserved.

Comments are closed.

Corelan Training

We have been teaching our win32 exploit dev classes at various security cons and private companies & organizations since 2011

Check out our schedules page here and sign up for one of our classes now!

Donate

Want to support the Corelan Team community ? Click here to go to our donations page.

Want to donate BTC to Corelan Team?



Your donation will help funding server hosting.

Corelan Team Merchandise

You can support Corelan Team by donating or purchasing items from the official Corelan Team merchandising store.

Protected by Copyscape Web Plagiarism Tool

Corelan on Slack

You can chat with us and our friends on our Slack workspace:

  • Go to our facebook page
  • Browse through the posts and find the invite to Slack
  • Use the invite to access our Slack workspace
  • Categories