DNSBL for Horde

By David Hrbáč | Published: 5 January 2011

Here we go with a small patch to implement DNSBL for Horde. I have again used PEAR package, this time it is the Net_DNSBL, and as usually CentOS package is in my repos – http://fs12.vsb.cz/hrb33/el5/hrb/stable/i386/repoview/php-pear-Net-DNSBL.html.

The first patch is the important one. We let the attacker to log in, just to make sure he/she owns valid stolen credentials.

--- imp/lib/Auth/imp.php.orig   2011-01-05 10:21:05.224155622 +0100
+++ imp/lib/Auth/imp.php        2011-01-05 10:39:24.699438519 +0100
@@ -146,6 +146,36 @@
             return false;
         }
 
+        # DNSBL START
+        ini_set('include_path', ini_get('include_path').':/usr/share/php');
+        require_once 'Net/DNSBL.php';
+        $dnsbl = new Net_DNSBL();
+        #$remoteIP = '41.206.12.1';
+        $remoteIP = $_SERVER['REMOTE_ADDR'];
+        $dnsbl->setBlacklists(array(
+                'sbl-xbl.spamhaus.org',
+                'bl.spamcop.net',
+                'b.barracudacentral.org',
+                'spam.spamrats.com',
+                'dyna.spamrats.com',
+                'noptr.spamrats.com',
+                'bl.tiopan.com'
+                ));
+        if ($dnsbl->isListed($remoteIP, true)) {
+            $data=$dnsbl->getListingBls($remoteIP);
+            sort($data);
+            $entry = "LOGIN SUCCESS FROM BLACKLISTED IP [$remoteIP] FOR $userID: " . implode(", ", $data);
+            Horde::logMessage($entry, __FILE__, __LINE__, PEAR_LOG_ERR);
+
+            unset($_SESSION['imp']);
+            if (isset($prefs)) {
+                $prefs->cleanup(true);
+            }
+            $this->_setAuthError(AUTH_REASON_BADLOGIN);
+            return false;
+        }
+        # DNSBL END
+
         return true;
     }

The second one is just to log only access from blocked IPs.

--- imp/login.php.orig  2011-01-05 09:08:44.510891298 +0100
+++ imp/login.php       2011-01-05 10:34:26.763968526 +0100
@@ -449,6 +449,33 @@
     'var nomenu = ' . intval(empty($conf['menu']['always'])),
 ));
 
+# DNSBL START
+ini_set('include_path', ini_get('include_path').':/usr/share/php');
+require_once 'Net/DNSBL.php';
+$dnsbl = new Net_DNSBL();
+#$remoteIP = '41.206.12.1';
+$remoteIP = $_SERVER['REMOTE_ADDR'];
+$dnsbl->setBlacklists(array(
+        'sbl-xbl.spamhaus.org',
+        'bl.spamcop.net',
+        'b.barracudacentral.org',
+        'spam.spamrats.com',
+        'dyna.spamrats.com',
+        'noptr.spamrats.com',
+        'bl.tiopan.com'
+        ));
+if ($dnsbl->isListed($remoteIP, true)) {
+    $data=$dnsbl->getListingBls($remoteIP);
+    sort($data);
+    $entry = "BLACKLISTED IP $remoteIP: " . implode(", ", $data);
+    Horde::logMessage($entry, __FILE__, __LINE__, PEAR_LOG_ERR);
+} else {
+    $entry = "Not blacklisted ip $remoteIP" . implode(", ", $data);
+    Horde::logMessage($entry, __FILE__, __LINE__, PEAR_LOG_INFO);
+}
+
+# DNSBL END
+
 // ZMENA
 ini_set('include_path', ini_get('include_path').':/usr/share/php');
This entry was posted in CentOS, horde, mailing, php. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="" highlight="">