bad behaviour spamhaus lookup (2 posts)

  1. whooami
    Posted 9 years ago #

    Im curious .. has anyone here actually confirmed that bad behaviours current spamhaus lookup actually works? Or can anyone reccomend the necessary changes in the function below that I might use?

    The reason I'm asking is because Ive yet to come across any configuration of the function that actually results in my seeing a positive catch.

    I have emailed ioerror about this and he corrected me on one thing I had been doing wrong.. I had originally been using an IP that wasnt listed in the DNSBL (i had switched it out for another one).

    However using an IP that does exist in the blacklist hasnt helped either.

    here is the function:

    // Look up address on various blackhole lists.
    // These cannot be used for GET requests under any circumstances!
    function bb2_blackhole($package) {
    // Only conservative lists
    $bb2_blackhole_lists = array(
    // "dnsbl.sorbs.net", // Old useless data.
    // "list.dsbl.org", // Old useless data.
    // Things that shouldn't be blocked, from aggregate lists
    $bb2_blackhole_exceptions = array(
    "sbl-xbl.spamhaus.org" => array(),
    "dnsbl.sorbs.net" => array("",), // Dynamic IPs only
    "list.dsbl.org" => array(),
    "opm.blitzed.org" => array(),
    // Check the blackhole lists
    $ip = $package['ip'];
    $find = implode('.', array_reverse(explode('.', $ip)));
    foreach ($bb2_blackhole_lists as $dnsbl) {
    $result = gethostbynamel($find . "." . $dnsbl . ".");
    if (!empty($result)) {
    // Got a match and it isn't on the exception list
    $result = @array_diff($result, $bb2_blackhole_exceptions[$dnsbl]);
    if (!empty($result)) {
    return '136673cd';
    return false;

    I have tried setting the ip as follows, substituting:
    $ip = "";
    $ip = $package['ip'];

    Ive tried changing $package variables..

    Nothing seems to be working, and Ive yet to verify this as working for me.

    Anyone have a suggestion?

  2. whooami
    Posted 9 years ago #

    well, Ive done this to try to prove _something_ out, working or not

    the IP is gotten inside core.inc.php at line 112:

    $ip = $_SERVER['REMOTE_ADDR'];
    I can change that line to read:
    $ip = "";

    and having verbose logging on I see the hit logged into the bad behaviour table in mysql, complete with that IP as the one recorded. As that IP is clearly listed in the SBL and yet doesnt return a positive, I can conclude that the spamhaus lookup isnt working the way it ought to be.

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.