Hi there, tried searching the forums to see if this was already discussed, but I didn't find anything so here I am
My request is about a roundcube plugin or something along those lines to allow supporting the "project honeypot" HTTP:BL API (Http:BL Application Programming Interface (API) | Project Honey Pot (http://www.projecthoneypot.org/httpbl_api.php)) the basic idea is having a plugin like the "dnsbl" one with support with the API; basically the lookup method is the same as the one used for regular DNSBLs but, with a tweak, that is, the request against the HTTP:BL should be prefixed with a "key" (which can be freely obtained after signing up to the "Project Honeypot" site), this also means that to use the API the code should be slightly changed
The idea is that HTTP:BL may be quite useful to avoid bots (bruteforcers, harvesters..) to "rattle" at the roundcube webmail doorknob by checking the incoming requests against the "honeypot" list and refusing access from listed IP addresses
I will modify the DNSBL plugin, so that it will be possible to prepend the required access key before the reversed IP. That's not a big thing. Remind me, if it is not available in next myroundcube plugins bundle release.
Quote from: rosali;34166I will modify the DNSBL plugin, so that it will be possible to prepend the required access key before the reversed IP. That's not a big thing. Remind me, if it is not available in next myroundcube plugins bundle release.
Thanks !! See, I'm not a PHP coder, but I thought at that; I mean, I tried to figure out how to add a syntax like foobar.$IP.somebldomain.ext so that the $IP if present would be expanded to contain the reversed IP address (while if not present, the regular BL lookup approach would be used)... but after scratching my head for a while I wasn't able to figure out how to do that, so... THANKS !
[edit]
Had a further look at the code for your dnsbl plugin; so... well, allow me to post a couple notes; first of all, it sounds like it's spawning "nslookup" to run checks against each DNSBL, now, not that it's bad, but since PHP seems to have its own built-in DNS lookup functions
Using PHP to Perform DNS Lookups :: v-nessa.net :: Programming is Sexy (http://www.v-nessa.net/2010/06/30/using-php-to-perform-dns-lookups)
and since the overhead of using them (and call directly the OS libraries) is lower than the one from a "spawn", I think changing the code to leverage such calls may be a good idea; next, and since we're at it, the default config for the plugin, carries some DNSBLs which may be perfectly ok in case you want to filter incoming SMTP hosts but which aren't so effective when it comes to webmail "rattlers", so, I'd suggest changing the default lists as follows
/* Services to check */
$rcmail_config['dnsblacklists'] = array(
"httpbl.abuse.ch",
"virbl.dnsbl.bit.nl",
"drone.abuse.ch",
"bogons.cymru.com"
);
for details, please see the "www" sites related to the above domains ;)
thanks again
Please test ...
http://mail4us.net/plugins/dnsbl.zip
... and let me know.
It is quickly tested on Windows OS. It should work on *NIX aswell.
Release is scheduled for next Sunday.
thanks for sharing.......
_____________________
hoc bong du hoc (http://tandaiduong.com.vn/duhoc-News,at,categories,catid,20.html) | du hoc singapore (http://tandaiduong.com.vn/duhoc-News,at,categories,catid,15.html) | tu van du hoc (http://tandaiduong.com.vn/duhoc-News,at,categories,catid,5.html) | noi that fami (http://www.noithat-fami.net)| nội thất fami (http://www.noithat-fami.net)| noi that 190 (http://www.noithat190.net.vn)| nội thất 190 (http://www.noithat190.net.vn)