Roundcube Community Forum

 

Please test DNSBL Block function

Started by rosali, April 08, 2009, 01:24:56 PM

Previous topic - Next topic

rosali

I'm running a self-registration script for MyRoundCube and have trouble with spammers.

I have already disallowed SMTP connection others than established by Webmail. Also I have limited the Webmail to accept only 5 recipients per outgoing message. It seems still to be attractive for spammers.

I plan to code a plugin to deny sending out messages by webmail in case of a positive DNSBL result.

I have tested the following code on WINDOWS. Could you please be so kind and test the  function if it works on UNIX systems aswell?


<?php

//$check_ip = dnsbl_getVisitorIP();
$check_ip "217.20.240.19"// blacklisted IP

$dnsbl_lists = array("bl.spamcop.net""list.dsbl.org""sbl-xbl.spamhaus.org");

function 
dnsbl_blacklisted($ip) {
  global 
$dnsbl_lists;
  
$reverse_ip implode("."array_reverse(explode("."$ip))); 
  
$on_win substr(PHP_OS03) == "WIN" 0;
  foreach (
$dnsbl_lists as $dnsbl_list){
    if (
function_exists("checkdnsrr")) {
      if (
checkdnsrr($reverse_ip "." $dnsbl_list ".""A")) {
        return 
$reverse_ip "." $dnsbl_list;
      } 
    } else if (
$on_win == 1) {
      
$lookup "";
      @
exec("nslookup -type=A " $reverse_ip "." $dnsbl_list "."$lookup);
      foreach (
$lookup as $line) {
        if (
strstr($line$dnsbl_list)) {
           return 
$reverse_ip "." $dnsbl_list;
        }
      }
    } 
  }
  return 
false;
}

function 
dnsbl_getVisitorIP() { 
   
//Regular expression pattern for a valid IP address 
   
$ip_regexp "/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})/"

   
//Retrieve IP address from which the user is viewing the current page 
   
if (isset ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]) && !empty ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"])) { 
      
$visitorIP = (!empty ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"])) ? $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] : ((!empty ($HTTP_ENV_VARS['HTTP_X_FORWARDED_FOR'])) ? $HTTP_ENV_VARS['HTTP_X_FORWARDED_FOR'] : @ getenv ('HTTP_X_FORWARDED_FOR')); 
   } 
   else { 
      
$visitorIP = (!empty ($HTTP_SERVER_VARS['REMOTE_ADDR'])) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ((!empty ($HTTP_ENV_VARS['REMOTE_ADDR'])) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : @ getenv ('REMOTE_ADDR')); 
   } 

   return 
$visitorIP
}


if(
dnsbl_blacklisted($check_ip))
  echo 
$check_ip ": banned";
else
  echo 
$check_ip ": pass";

?>


_____ EDIT _____
Outgoing messages are passed to SA aswell ... that's the final trap to catch them ...
How do you deal with an open back door (self-registration) ???
Any other recommendations are very appreciated !!!
Regards,
Rosali

JohnDoh

i just tried it on my Debian Lenny box and it works fine, I tried a couple of good and bad IPs as well as the IP detection.
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and more...

rosali

Thanks - This function should be implemented into the forum code aswell. I've noticed that most of spam posts are submitted by blacklisted IP's.
Regards,
Rosali

gA2134afs

Anyone looking for similar plugin can use this: https://packagist.org/packages/nemavi/dnsbl
It was based on this code :)
Also thanks @rosali let me know your details can include in info :)