Scan contact messages for domains and look them up against DNS spam lists

endpoints/net.contactspam.php

@@ -10,6 +10,8 @@ const BANNED_WORDLIST = __DIR__ . "/../resources/net.contactspam/bannedwords.txt
 const BANNED_DOMAINS = __DIR__ . "/../resources/net.contactspam/banneddomains.txt";
 const BANNED_IP_LIST = __DIR__ . "/../resources/net.contactspam/bannedips.txt";
 const BANNED_IP_CIDR = __DIR__ . "/../resources/net.contactspam/toxic_ip_cidr.txt";
+// Domains to skip looking up for SURBL
+const WHITELIST_DOMAINS = __DIR__ . "/../resources/net.contactspam/whitelistdomains.txt";
 
 $message = $VARS["message"] ?? "";
 $fromemail = $VARS["email"] ?? "";
@@ -132,6 +134,59 @@ try {
 
 }
 
+//
+// Check domains in message against blacklists
+//
+$lists = [
+    "multi.surbl.org",
+    "dbl.spamhaus.org",
+    "black.uribl.com"
+];
+try {
+    // Matches domain names
+    $regex = "/([a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9](?:\.[a-zA-Z]{2,})+)/i";
+
+    preg_match_all($regex, urldecode($message), $matches);
+
+    // Remove any domains on the whitelist before doing lookup
+    $domainlist = [];
+    $whitelistdomainlist = file(WHITELIST_DOMAINS, FILE_IGNORE_NEW_LINES);
+    foreach ($matches[0] as $match) {
+        $match = strtolower($match);
+        $found = false;
+        foreach ($whitelistdomainlist as $domain) {
+            if ($domain == $match) {
+                $found = true;
+            }
+        }
+        if (!$found) {
+            $domainlist[] = $match;
+        }
+    }
+
+    foreach ($domainlist as $d) {
+
+        foreach ($lists as $blacklist) {
+            $url = "$d.$blacklist";
+
+            // Cache IPs so we don't do a DNS lookup each time
+            $cacheresp = $memcache->get("net.contactspam.$url");
+            if ($cacheresp !== false) {
+                $dns_result = $cacheresp;
+            } else {
+                $dns_results = dns_get_record($url);
+                $dns_result = count($dns_results) > 0;
+                $memcache->set("net.contactspam.$url", "$dns_result", 60 * 60 * 24);
+            }
+            if ($dns_result) {
+                exitWithJson(["status" => "OK", "clean" => false, "filter" => "$blacklist", "hit" => $d, "message" => "Your message contains a domain ($d) that has been linked to recent spam or criminal activity. Message not sent."]);
+            }
+        }
+    }
+} catch (Exception $ex) {
+
+}
+
 // Check local spammer database
 if (env("require_database")) {
     if (!empty($clientip)) {

resources/net.contactspam/whitelistdomains.txt

@@ -0,0 +1,200 @@
+126.com
+163.com
+2o7.net
+4at1.com
+5iantlavalamp.com
+about.com
+adelphia.net
+adobe.com
+advertising.com
+agora-inc.com
+agoramedia.com
+akamai.net
+akamaitech.net
+amazon.com
+ancestry.com
+aol.com
+apache.org
+apple.com
+arcamax.com
+astrology.com
+atdmt.com
+att.net
+aweber.com
+bbc.co.uk
+bcentral.com
+beliefnet.com
+bellsouth.net
+bfi0.com
+blogspot.com
+bridgetrack.com
+cafe24.com
+charter.net
+chtah.com
+citibank.com
+citizensbank.com
+cjb.net
+classmates.com
+click-url.com
+clickbank.net
+cnet.com
+cnn.com
+com.com
+com.ne.kr
+comcast.net
+constantcontact.com
+corporate-ir.net
+cox.net
+cs.com
+custhelp.com
+daum.net
+dd.se
+debian.org
+dell.com
+directtrack.com
+domain.com
+doubleclick.net
+dsbl.org
+earthlink.net
+ebay.co.uk
+ebay.com
+ebayimg.com
+ebaystatic.com
+ed10.net
+ed4.net
+edgesuite.net
+ediets.com
+egroups.com
+emode.com
+exacttarget.com
+excite.com
+exct.net
+f-secure.com
+flowgo.com
+free.fr
+freebsd.org
+freelotto.com
+gentoo.org
+geocities.com
+gmail.com
+gmx.net
+go.com
+google.com
+googleadservices.com
+grisoft.com
+hallmark.com
+hinet.net
+hotbar.com
+hotmail.com
+hotpop.com
+hp.com
+ibm.com
+ientrymail.com
+incredimail.com
+investorplace.com
+ivillage.com
+joingevalia.com
+juno.com
+kernel.org
+livejournal.com
+lycos.com
+m0.net
+m7z.net
+mac.com
+macromedia.com
+mail.com
+mail.ru
+mailscanner.info
+marketwatch.com
+mcafee.com
+mchsi.com
+mediaplex.com
+messagelabs.com
+microsoft.com
+military.com
+mindspring.com
+mit.edu
+monster.com
+msn.com
+nate.com
+netatlantic.com
+netflix.com
+netscape.com
+netscape.net
+netzero.net
+norman.com
+nytimes.com
+optonline.net
+osdn.com
+overstock.com
+p0.com
+pacbell.net
+pandasoftware.com
+partner2profit.com
+paypal.com
+peoplepc.com
+plaxo.com
+pm0.net
+postdirect.com
+prodigy.net
+radaruol.com.br
+real.com
+redhat.com
+regions.com
+regionsnet.com
+rm04.net
+rogers.com
+rr.com
+rs6.net
+rsvp0.net
+sbcglobal.net
+sec.gov
+sf.net
+shaw.ca
+shockwave.com
+smileycentral.com
+smithbarney.com
+sourceforge.net
+spamcop.net
+speedera.net
+sportsline.com
+sun.com
+suntrust.com
+sympatico.ca
+t-online.de
+tails.nl
+telus.net
+terra.com.br
+ticketmaster.com
+tickle.com
+tinyurl.com
+tiscali.co.uk
+tom.com
+tone.co.nz
+topica.com
+tux.org
+uol.com.br
+ups.com
+verizon.net
+vistaprint.com
+w3.org
+wamu.com
+wanadoo.fr
+washingtonpost.com
+weatherbug.com
+web.de
+webshots.com
+webtv.net
+wsj.com
+xmr3.com
+yahoo.ca
+yahoo.co.kr
+yahoo.co.uk
+yahoo.com
+yahoo.com.br
+yahoogroups.com
+yimg.com
+yopi.de
+yourfreedvds.com
+yoursite.com
+zdnet.com