Roundcube Community Forum

Third Party Contributions => Old Style Plug-Ins => Topic started by: rosali on April 08, 2009, 01:24:56 PM

Title: Please test DNSBL Block function
Post by: rosali on April 08, 2009, 01:24:56 PM
I'm running a self-registration script for MyRoundCube and have trouble with spammers.

I have already disallowed SMTP connection others than established by Webmail. Also I have limited the Webmail to accept only 5 recipients per outgoing message. It seems still to be attractive for spammers.

I plan to code a plugin to deny sending out messages by webmail in case of a positive DNSBL result.

I have tested the following code on WINDOWS. Could you please be so kind and test the  function if it works on UNIX systems aswell?



//$check_ip = dnsbl_getVisitorIP();
$check_ip = "217.20.240.19"; // blacklisted IP

$dnsbl_lists = array("bl.spamcop.net", "list.dsbl.org", "sbl-xbl.spamhaus.org");

function dnsbl_blacklisted($ip) {
  global $dnsbl_lists;
  $reverse_ip = implode(".", array_reverse(explode(".", $ip)));
  $on_win = substr(PHP_OS, 0, 3) == "WIN" ? 1 : 0;
  foreach ($dnsbl_lists as $dnsbl_list){
    if (function_exists("checkdnsrr")) {
      if (checkdnsrr($reverse_ip . "." . $dnsbl_list . ".", "A")) {
        return $reverse_ip . "." . $dnsbl_list;
      }
    } else if ($on_win == 1) {
      $lookup = "";
      @exec("nslookup -type=A " . $reverse_ip . "." . $dnsbl_list . ".", $lookup);
      foreach ($lookup as $line) {
        if (strstr($line, $dnsbl_list)) {
           return $reverse_ip . "." . $dnsbl_list;
        }
      }
    }
  }
  return false;
}

function dnsbl_getVisitorIP() {
   //Regular expression pattern for a valid IP address
   $ip_regexp = "/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})/";

   //Retrieve IP address from which the user is viewing the current page
   if (isset ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]) && !empty ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"])) {
      $visitorIP = (!empty ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"])) ? $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] : ((!empty ($HTTP_ENV_VARS['HTTP_X_FORWARDED_FOR'])) ? $HTTP_ENV_VARS['HTTP_X_FORWARDED_FOR'] : @ getenv ('HTTP_X_FORWARDED_FOR'));
   }
   else {
      $visitorIP = (!empty ($HTTP_SERVER_VARS['REMOTE_ADDR'])) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ((!empty ($HTTP_ENV_VARS['REMOTE_ADDR'])) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : @ getenv ('REMOTE_ADDR'));
   }

   return $visitorIP;
}


if(dnsbl_blacklisted($check_ip))
  echo $check_ip . ": banned";
else
  echo $check_ip . ": pass";

?>


_____ EDIT _____
Outgoing messages are passed to SA aswell ... that's the final trap to catch them ...
How do you deal with an open back door (self-registration) ???
Any other recommendations are very appreciated !!!
Title: Please test DNSBL Block function
Post by: JohnDoh on April 09, 2009, 03:23:20 AM
i just tried it on my Debian Lenny box and it works fine, I tried a couple of good and bad IPs as well as the IP detection.
Title: Please test DNSBL Block function
Post by: rosali on April 09, 2009, 04:18:58 AM
Thanks - This function should be implemented into the forum code aswell. I've noticed that most of spam posts are submitted by blacklisted IP's.