Software /
code /
prosody-modules
Changeset
2890:6412595e2046
mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 23 Feb 2018 21:56:42 +0100 |
parents | 2889:7fb82481b3db |
children | 2891:84670bac7348 |
files | mod_register_dnsbl/README.markdown mod_register_dnsbl/mod_register_dnsbl.lua |
diffstat | 2 files changed, 30 insertions(+), 16 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_register_dnsbl/README.markdown Fri Feb 23 21:50:47 2018 +0100 +++ b/mod_register_dnsbl/README.markdown Fri Feb 23 21:56:42 2018 +0100 @@ -1,8 +1,8 @@ Introduction ============ -This module checks the IP address of newly registered users against a -DNS block list. If a positive match is found, it gets logged. +This module checks the IP addresses attempting to register an account +against a DNSBL, blocking the attempt if there is a hit. Configuration ============= @@ -11,4 +11,8 @@ ------------------- -------- ------------ registration\_rbl string *Required* +Compatibility +============= +Prosody Trunk +[1a0b76b07b7a](https://hg.prosody.im/trunk/rev/1a0b76b07b7a) or later.
--- a/mod_register_dnsbl/mod_register_dnsbl.lua Fri Feb 23 21:50:47 2018 +0100 +++ b/mod_register_dnsbl/mod_register_dnsbl.lua Fri Feb 23 21:56:42 2018 +0100 @@ -1,4 +1,6 @@ local adns = require "net.adns"; +local async = require "util.async"; + local rbl = module:get_option_string("registration_rbl"); local function reverse(ip, suffix) @@ -7,19 +9,27 @@ return ("%d.%d.%d.%d.%s"):format(d,c,b,a, suffix); end --- TODO async --- module:hook("user-registering", function (event) end); +module:hook("user-registering", function (event) + local session, ip = event.session, event.ip; + if not ip then + session.log("debug", "Unable to check DNSBL when IP is unknown"); + return; + end + local rbl_ip, err = reverse(ip, rbl); + if not rbl_ip then + session.log("debug", "Unable to check DNSBL for ip %s: %s", ip, err); + return; + end -module:hook("user-registered", function (event) - local session = event.session; - local ip = session and session.ip; - local rbl_ip = ip and reverse(ip, rbl); - if rbl_ip then - local log = session.log; - adns.lookup(function (reply) - if reply and reply[1] then - log("warn", "Account %s@%s registered from IP %s found in RBL (%s)", event.username, event.host or module.host, ip, reply[1].a); - end - end, rbl_ip); - end + local wait, done = async.waiter(); + adns.lookup(function (reply) + if reply and reply[1] and reply[1].a then + session.log("debug", "DNSBL response: %s IN A %s", rbl_ip, reply[1].a); + session.log("info", "Blocking %s from registering %s (dnsbl hit)", ip, event.username); + event.allowed = false; + event.reason = "Blocked by DNSBL"; + end + done(); + end, rbl_ip); + wait(); end);