I'm running a self-registration script for MyRoundCube and have trouble with spammers.
I have already disallowed SMTP connection others than established by Webmail. Also I have limited the Webmail to accept only 5 recipients per outgoing message. It seems still to be attractive for spammers.
I plan to code a plugin to deny sending out messages by webmail in case of a positive DNSBL result.
I have tested the following code on WINDOWS. Could you please be so kind and test the function if it works on UNIX systems aswell?
<?php
//$check_ip = dnsbl_getVisitorIP();
$check_ip = "217.20.240.19"; // blacklisted IP
$dnsbl_lists = array("bl.spamcop.net", "list.dsbl.org", "sbl-xbl.spamhaus.org");
function dnsbl_blacklisted($ip) {
global $dnsbl_lists;
$reverse_ip = implode(".", array_reverse(explode(".", $ip)));
$on_win = substr(PHP_OS, 0, 3) == "WIN" ? 1 : 0;
foreach ($dnsbl_lists as $dnsbl_list){
if (function_exists("checkdnsrr")) {
if (checkdnsrr($reverse_ip . "." . $dnsbl_list . ".", "A")) {
return $reverse_ip . "." . $dnsbl_list;
}
} else if ($on_win == 1) {
$lookup = "";
@exec("nslookup -type=A " . $reverse_ip . "." . $dnsbl_list . ".", $lookup);
foreach ($lookup as $line) {
if (strstr($line, $dnsbl_list)) {
return $reverse_ip . "." . $dnsbl_list;
}
}
}
}
return false;
}
function dnsbl_getVisitorIP() {
//Regular expression pattern for a valid IP address
$ip_regexp = "/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})/";
//Retrieve IP address from which the user is viewing the current page
if (isset ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]) && !empty ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"])) {
$visitorIP = (!empty ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"])) ? $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] : ((!empty ($HTTP_ENV_VARS['HTTP_X_FORWARDED_FOR'])) ? $HTTP_ENV_VARS['HTTP_X_FORWARDED_FOR'] : @ getenv ('HTTP_X_FORWARDED_FOR'));
}
else {
$visitorIP = (!empty ($HTTP_SERVER_VARS['REMOTE_ADDR'])) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ((!empty ($HTTP_ENV_VARS['REMOTE_ADDR'])) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : @ getenv ('REMOTE_ADDR'));
}
return $visitorIP;
}
if(dnsbl_blacklisted($check_ip))
echo $check_ip . ": banned";
else
echo $check_ip . ": pass";
?>
_____ EDIT _____
Outgoing messages are passed to SA aswell ... that's the final trap to catch them ...
How do you deal with an open back door (self-registration)
Any other recommendations are very appreciated !!!