Netsyms/data.netsyms.net
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Scan contact messages for domains and look them up against DNS spam lists

Browse Source
This commit is contained in:
Skylar Ittner 2021-07-20 19:54:28 -06:00
parent b4dd530ba0
commit b78c7181ef
2 changed files with 255 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
endpoints/net.contactspam.php
View File

@ -10,6 +10,8 @@ const BANNED_WORDLIST = __DIR__ . "/../resources/net.contactspam/bannedwords.txt
const BANNED_DOMAINS = __DIR__ . "/../resources/net.contactspam/banneddomains.txt"; const BANNED_DOMAINS = __DIR__ . "/../resources/net.contactspam/banneddomains.txt";
const BANNED_IP_LIST = __DIR__ . "/../resources/net.contactspam/bannedips.txt"; const BANNED_IP_LIST = __DIR__ . "/../resources/net.contactspam/bannedips.txt";
const BANNED_IP_CIDR = __DIR__ . "/../resources/net.contactspam/toxic_ip_cidr.txt"; const BANNED_IP_CIDR = __DIR__ . "/../resources/net.contactspam/toxic_ip_cidr.txt";
// Domains to skip looking up for SURBL
const WHITELIST_DOMAINS = __DIR__ . "/../resources/net.contactspam/whitelistdomains.txt";
$message = $VARS["message"] ?? ""; $message = $VARS["message"] ?? "";
$fromemail = $VARS["email"] ?? ""; $fromemail = $VARS["email"] ?? "";
@ -132,6 +134,59 @@ try {
} }
//
// Check domains in message against blacklists
//
$lists = [
"multi.surbl.org",
"dbl.spamhaus.org",
"black.uribl.com"
];
try {
// Matches domain names
$regex = "/([a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9](?:\.[a-zA-Z]{2,})+)/i";
preg_match_all($regex, urldecode($message), $matches);
// Remove any domains on the whitelist before doing lookup
$domainlist = [];
$whitelistdomainlist = file(WHITELIST_DOMAINS, FILE_IGNORE_NEW_LINES);
foreach ($matches[0] as $match) {
$match = strtolower($match);
$found = false;
foreach ($whitelistdomainlist as $domain) {
if ($domain == $match) {
$found = true;
}
}
if (!$found) {
$domainlist[] = $match;
}
}
foreach ($domainlist as $d) {
foreach ($lists as $blacklist) {
$url = "$d.$blacklist";
// Cache IPs so we don't do a DNS lookup each time
$cacheresp = $memcache->get("net.contactspam.$url");
if ($cacheresp !== false) {
$dns_result = $cacheresp;
} else {
$dns_results = dns_get_record($url);
$dns_result = count($dns_results) > 0;
$memcache->set("net.contactspam.$url", "$dns_result", 60 * 60 * 24);
}
if ($dns_result) {
exitWithJson(["status" => "OK", "clean" => false, "filter" => "$blacklist", "hit" => $d, "message" => "Your message contains a domain ($d) that has been linked to recent spam or criminal activity. Message not sent."]);
}
}
}
} catch (Exception $ex) {
}
// Check local spammer database // Check local spammer database
if (env("require_database")) { if (env("require_database")) {
if (!empty($clientip)) { if (!empty($clientip)) {

200
resources/net.contactspam/whitelistdomains.txt Normal file
View File

@ -0,0 +1,200 @@
126.com
163.com
2o7.net
4at1.com
5iantlavalamp.com
about.com
adelphia.net
adobe.com
advertising.com
agora-inc.com
agoramedia.com
akamai.net
akamaitech.net
amazon.com
ancestry.com
aol.com
apache.org
apple.com
arcamax.com
astrology.com
atdmt.com
att.net
aweber.com
bbc.co.uk
bcentral.com
beliefnet.com
bellsouth.net
bfi0.com
blogspot.com
bridgetrack.com
cafe24.com
charter.net
chtah.com
citibank.com
citizensbank.com
cjb.net
classmates.com
click-url.com
clickbank.net
cnet.com
cnn.com
com.com
com.ne.kr
comcast.net
constantcontact.com
corporate-ir.net
cox.net
cs.com
custhelp.com
daum.net
dd.se
debian.org
dell.com
directtrack.com
domain.com
doubleclick.net
dsbl.org
earthlink.net
ebay.co.uk
ebay.com
ebayimg.com
ebaystatic.com
ed10.net
ed4.net
edgesuite.net
ediets.com
egroups.com
emode.com
exacttarget.com
excite.com
exct.net
f-secure.com
flowgo.com
free.fr
freebsd.org
freelotto.com
gentoo.org
geocities.com
gmail.com
gmx.net
go.com
google.com
googleadservices.com
grisoft.com
hallmark.com
hinet.net
hotbar.com
hotmail.com
hotpop.com
hp.com
ibm.com
ientrymail.com
incredimail.com
investorplace.com
ivillage.com
joingevalia.com
juno.com
kernel.org
livejournal.com
lycos.com
m0.net
m7z.net
mac.com
macromedia.com
mail.com
mail.ru
mailscanner.info
marketwatch.com
mcafee.com
mchsi.com
mediaplex.com
messagelabs.com
microsoft.com
military.com
mindspring.com
mit.edu
monster.com
msn.com
nate.com
netatlantic.com
netflix.com
netscape.com
netscape.net
netzero.net
norman.com
nytimes.com
optonline.net
osdn.com
overstock.com
p0.com
pacbell.net
pandasoftware.com
partner2profit.com
paypal.com
peoplepc.com
plaxo.com
pm0.net
postdirect.com
prodigy.net
radaruol.com.br
real.com
redhat.com
regions.com
regionsnet.com
rm04.net
rogers.com
rr.com
rs6.net
rsvp0.net
sbcglobal.net
sec.gov
sf.net
shaw.ca
shockwave.com
smileycentral.com
smithbarney.com
sourceforge.net
spamcop.net
speedera.net
sportsline.com
sun.com
suntrust.com
sympatico.ca
t-online.de
tails.nl
telus.net
terra.com.br
ticketmaster.com
tickle.com
tinyurl.com
tiscali.co.uk
tom.com
tone.co.nz
topica.com
tux.org
uol.com.br
ups.com
verizon.net
vistaprint.com
w3.org
wamu.com
wanadoo.fr
washingtonpost.com
weatherbug.com
web.de
webshots.com
webtv.net
wsj.com
xmr3.com
yahoo.ca
yahoo.co.kr
yahoo.co.uk
yahoo.com
yahoo.com.br
yahoogroups.com
yimg.com
yopi.de
yourfreedvds.com
yoursite.com
zdnet.com