Author Topic: Please test DNSBL Block function  (Read 5664 times)

Offline rosali

  • Hero Member
  • *****
  • Posts: 2,533
Please test DNSBL Block function
« on: April 08, 2009, 01:24:56 PM »
I'm running a self-registration script for MyRoundCube and have trouble with spammers.

I have already disallowed SMTP connection others than established by Webmail. Also I have limited the Webmail to accept only 5 recipients per outgoing message. It seems still to be attractive for spammers.

I plan to code a plugin to deny sending out messages by webmail in case of a positive DNSBL result.

I have tested the following code on WINDOWS. Could you please be so kind and test the  function if it works on UNIX systems aswell?


<?php

//$check_ip = dnsbl_getVisitorIP();
$check_ip "217.20.240.19"// blacklisted IP

$dnsbl_lists = array("bl.spamcop.net""list.dsbl.org""sbl-xbl.spamhaus.org");

function 
dnsbl_blacklisted($ip) {
  global 
$dnsbl_lists;
  
$reverse_ip implode("."array_reverse(explode("."$ip))); 
  
$on_win substr(PHP_OS03) == "WIN" 0;
  foreach (
$dnsbl_lists as $dnsbl_list){
    if (
function_exists("checkdnsrr")) {
      if (
checkdnsrr($reverse_ip "." $dnsbl_list ".""A")) {
        return 
$reverse_ip "." $dnsbl_list;
      } 
    } else if (
$on_win == 1) {
      
$lookup "";
      @
exec("nslookup -type=A " $reverse_ip "." $dnsbl_list "."$lookup);
      foreach (
$lookup as $line) {
        if (
strstr($line$dnsbl_list)) {
           return 
$reverse_ip "." $dnsbl_list;
        }
      }
    } 
  }
  return 
false;
}

function 
dnsbl_getVisitorIP() { 
   
//Regular expression pattern for a valid IP address 
   
$ip_regexp "/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})/"

   
//Retrieve IP address from which the user is viewing the current page 
   
if (isset ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]) && !empty ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"])) { 
      
$visitorIP = (!empty ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"])) ? $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] : ((!empty ($HTTP_ENV_VARS['HTTP_X_FORWARDED_FOR'])) ? $HTTP_ENV_VARS['HTTP_X_FORWARDED_FOR'] : @ getenv ('HTTP_X_FORWARDED_FOR')); 
   } 
   else { 
      
$visitorIP = (!empty ($HTTP_SERVER_VARS['REMOTE_ADDR'])) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ((!empty ($HTTP_ENV_VARS['REMOTE_ADDR'])) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : @ getenv ('REMOTE_ADDR')); 
   } 

   return 
$visitorIP
}


if(
dnsbl_blacklisted($check_ip))
  echo 
$check_ip ": banned";
else
  echo 
$check_ip ": pass";

?>


_____ EDIT _____
Outgoing messages are passed to SA aswell ... that's the final trap to catch them ...
How do you deal with an open back door (self-registration) ???
Any other recommendations are very appreciated !!!
« Last Edit: April 08, 2009, 04:30:39 PM by rosali »
Regards,
Rosali
__________________
MyRoundcube Project (commercial)

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,845
Please test DNSBL Block function
« Reply #1 on: April 09, 2009, 03:23:20 AM »
i just tried it on my Debian Lenny box and it works fine, I tried a couple of good and bad IPs as well as the IP detection.
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and moreā€¦

Offline rosali

  • Hero Member
  • *****
  • Posts: 2,533
Please test DNSBL Block function
« Reply #2 on: April 09, 2009, 04:18:58 AM »
Thanks - This function should be implemented into the forum code aswell. I've noticed that most of spam posts are submitted by blacklisted IP's.
Regards,
Rosali
__________________
MyRoundcube Project (commercial)