Please test DNSBL Block function

rosali · #1 04-08-2009, 06:24 PM

I'm running a self-registration script for MyRoundCube and have trouble with spammers.

I have already disallowed SMTP connection others than established by Webmail. Also I have limited the Webmail to accept only 5 recipients per outgoing message. It seems still to be attractive for spammers.

I plan to code a plugin to deny sending out messages by webmail in case of a positive DNSBL result.

I have tested the following code on WINDOWS. Could you please be so kind and test the function if it works on UNIX systems aswell?

PHP Code:


			
<?php



//$check_ip = dnsbl_getVisitorIP();

$check_ip = "217.20.240.19"; // blacklisted IP



$dnsbl_lists = array("bl.spamcop.net", "list.dsbl.org", "sbl-xbl.spamhaus.org");



function dnsbl_blacklisted($ip) {

  global $dnsbl_lists;

  $reverse_ip = implode(".", array_reverse(explode(".", $ip))); 

  $on_win = substr(PHP_OS, 0, 3) == "WIN" ? 1 : 0;

  foreach ($dnsbl_lists as $dnsbl_list){

    if (function_exists("checkdnsrr")) {

      if (checkdnsrr($reverse_ip . "." . $dnsbl_list . ".", "A")) {

        return $reverse_ip . "." . $dnsbl_list;

      } 

    } else if ($on_win == 1) {

      $lookup = "";

      @exec("nslookup -type=A " . $reverse_ip . "." . $dnsbl_list . ".", $lookup);

      foreach ($lookup as $line) {

        if (strstr($line, $dnsbl_list)) {

           return $reverse_ip . "." . $dnsbl_list;

        }

      }

    } 

  }

  return false;

}



function dnsbl_getVisitorIP() { 

   //Regular expression pattern for a valid IP address 

   $ip_regexp = "/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})/"; 



   //Retrieve IP address from which the user is viewing the current page 

   if (isset ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]) && !empty ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"])) { 

      $visitorIP = (!empty ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"])) ? $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] : ((!empty ($HTTP_ENV_VARS['HTTP_X_FORWARDED_FOR'])) ? $HTTP_ENV_VARS['HTTP_X_FORWARDED_FOR'] : @ getenv ('HTTP_X_FORWARDED_FOR')); 

   } 

   else { 

      $visitorIP = (!empty ($HTTP_SERVER_VARS['REMOTE_ADDR'])) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ((!empty ($HTTP_ENV_VARS['REMOTE_ADDR'])) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : @ getenv ('REMOTE_ADDR')); 

   } 



   return $visitorIP; 

}





if(dnsbl_blacklisted($check_ip))

  echo $check_ip . ": banned";

else

  echo $check_ip . ": pass";



?>

_____ EDIT _____
Outgoing messages are passed to SA aswell ... that's the final trap to catch them ...
How do you deal with an open back door (self-registration)

Any other recommendations are very appreciated !!!

JohnDoh · #2 04-09-2009, 08:23 AM

i just tried it on my Debian Lenny box and it works fine, I tried a couple of good and bad IPs as well as the IP detection.

rosali · #3 04-09-2009, 09:18 AM

Thanks - This function should be implemented into the forum code aswell. I've noticed that most of spam posts are submitted by blacklisted IP's.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)