Changeset

2890:6412595e2046

mod_register_dnsbl: Use async support in trunk to actually block registration if a positive match is found in the DNSBL
author Kim Alvefur <zash@zash.se>
date Fri, 23 Feb 2018 21:56:42 +0100
parents 2889:7fb82481b3db
children 2891:84670bac7348
files mod_register_dnsbl/README.markdown mod_register_dnsbl/mod_register_dnsbl.lua
diffstat 2 files changed, 30 insertions(+), 16 deletions(-) [+]
line wrap: on
line diff
--- a/mod_register_dnsbl/README.markdown	Fri Feb 23 21:50:47 2018 +0100
+++ b/mod_register_dnsbl/README.markdown	Fri Feb 23 21:56:42 2018 +0100
@@ -1,8 +1,8 @@
 Introduction
 ============
 
-This module checks the IP address of newly registered users against a
-DNS block list. If a positive match is found, it gets logged.
+This module checks the IP addresses attempting to register an account
+against a DNSBL, blocking the attempt if there is a hit.
 
 Configuration
 =============
@@ -11,4 +11,8 @@
   ------------------- -------- ------------
   registration\_rbl   string   *Required*
 
+Compatibility
+=============
 
+Prosody Trunk
+[1a0b76b07b7a](https://hg.prosody.im/trunk/rev/1a0b76b07b7a) or later.
--- a/mod_register_dnsbl/mod_register_dnsbl.lua	Fri Feb 23 21:50:47 2018 +0100
+++ b/mod_register_dnsbl/mod_register_dnsbl.lua	Fri Feb 23 21:56:42 2018 +0100
@@ -1,4 +1,6 @@
 local adns = require "net.adns";
+local async = require "util.async";
+
 local rbl = module:get_option_string("registration_rbl");
 
 local function reverse(ip, suffix)
@@ -7,19 +9,27 @@
 	return ("%d.%d.%d.%d.%s"):format(d,c,b,a, suffix);
 end
 
--- TODO async
--- module:hook("user-registering", function (event) end);
+module:hook("user-registering", function (event)
+	local session, ip = event.session, event.ip;
+	if not ip then
+		session.log("debug", "Unable to check DNSBL when IP is unknown");
+		return;
+	end
+	local rbl_ip, err = reverse(ip, rbl);
+	if not rbl_ip then
+		session.log("debug", "Unable to check DNSBL for ip %s: %s", ip, err);
+		return;
+	end
 
-module:hook("user-registered", function (event)
-	local session = event.session;
-	local ip = session and session.ip;
-	local rbl_ip = ip and reverse(ip, rbl);
-	if rbl_ip then
-		local log = session.log;
-		adns.lookup(function (reply)
-			if reply and reply[1] then
-				log("warn", "Account %s@%s registered from IP %s found in RBL (%s)", event.username, event.host or module.host, ip, reply[1].a);
-			end
-		end, rbl_ip);
-	end
+	local wait, done = async.waiter();
+	adns.lookup(function (reply)
+		if reply and reply[1] and reply[1].a then
+			session.log("debug", "DNSBL response: %s IN A %s", rbl_ip, reply[1].a);
+			session.log("info", "Blocking %s from registering %s (dnsbl hit)", ip, event.username);
+			event.allowed = false;
+			event.reason = "Blocked by DNSBL";
+		end
+		done();
+	end, rbl_ip);
+	wait();
 end);