falon /
RBL
@@ -26,17 +26,17 @@ discard block |
||
| 26 | 26 | |
| 27 | 27 | /* Conf */ |
| 28 | 28 | if (!isset($_GET['conf'])) { |
| 29 | - syslog(LOG_ALERT, |
|
| 30 | - sprintf('%s: you must insert the config file name as a GET parameter, such as %s?conf=listEmail.conf', |
|
| 31 | - $user, $_SERVER['SCRIPT_NAME']) ); |
|
| 32 | - exit(254); |
|
| 29 | + syslog(LOG_ALERT, |
|
| 30 | + sprintf('%s: you must insert the config file name as a GET parameter, such as %s?conf=listEmail.conf', |
|
| 31 | + $user, $_SERVER['SCRIPT_NAME']) ); |
|
| 32 | + exit(254); |
|
| 33 | 33 | } |
| 34 | 34 | $fileconf = $_GET['conf']; |
| 35 | 35 | if ( !file_exists(dirname(__FILE__) . '/../' . $fileconf) ) { |
| 36 | - syslog(LOG_ALERT, |
|
| 37 | - sprintf('%s: the configuration file <%s> doesn\'t exist.', |
|
| 38 | - $user, $fileconf )); |
|
| 39 | - exit(254); |
|
| 36 | + syslog(LOG_ALERT, |
|
| 37 | + sprintf('%s: the configuration file <%s> doesn\'t exist.', |
|
| 38 | + $user, $fileconf )); |
|
| 39 | + exit(254); |
|
| 40 | 40 | } |
| 41 | 41 | |
| 42 | 42 | closelog(); |
@@ -64,8 +64,8 @@ discard block |
||
| 64 | 64 | |
| 65 | 65 | /* check you select a blocklist */ |
| 66 | 66 | if ( !$tables["$typedesc"]['bl'] ) { |
| 67 | - syslog(LOG_EMERG,"$user: <$typedesc> is not a blocklist. Are you stupid? Do you want to whitelist a spammer? I refuse to continue."); |
|
| 68 | - exit (254); |
|
| 67 | + syslog(LOG_EMERG,"$user: <$typedesc> is not a blocklist. Are you stupid? Do you want to whitelist a spammer? I refuse to continue."); |
|
| 68 | + exit (254); |
|
| 69 | 69 | } |
| 70 | 70 | |
| 71 | 71 | |
@@ -95,15 +95,15 @@ discard block |
||
| 95 | 95 | if (preg_match_all('/^https?\:\/\/(?<splunkhost>[\w\.\-]+)\:8000(?:\/[\w\-\_\d]+)*\/app\/(?<splunkapp>[\w\.\-\_\d]+)\/\@go\?sid=(?<job>[\w\.\-\d]+)$/', |
| 96 | 96 | $webhook['results_link'], $out, PREG_PATTERN_ORDER) === FALSE) { |
| 97 | 97 | syslog(LOG_ALERT, |
| 98 | - sprintf('%s: unexpected error: can\'t parse the results link returned by webhook (<%s>).', |
|
| 98 | + sprintf('%s: unexpected error: can\'t parse the results link returned by webhook (<%s>).', |
|
| 99 | 99 | $user, $webhook['results_link']) ); |
| 100 | 100 | return 255; |
| 101 | 101 | } |
| 102 | 102 | |
| 103 | 103 | if ( $webhook['app'] != $out['splunkapp'][0] ) { |
| 104 | 104 | syslog(LOG_ALERT, |
| 105 | - sprintf('%s: unexpected error: the APP returned by webhook (<%s>) doesn\'t match the app (<%s>) in result link.', |
|
| 106 | - $user, $webhook['app'], $out['splunkapp'][0] ) ); |
|
| 105 | + sprintf('%s: unexpected error: the APP returned by webhook (<%s>) doesn\'t match the app (<%s>) in result link.', |
|
| 106 | + $user, $webhook['app'], $out['splunkapp'][0] ) ); |
|
| 107 | 107 | return 255; |
| 108 | 108 | } |
| 109 | 109 | |
@@ -137,14 +137,14 @@ discard block |
||
| 137 | 137 | |
| 138 | 138 | $nr = count ($results); |
| 139 | 139 | for ($i=1; $i<$nr; $i++) { /* We skip first header line (i=0) */ |
| 140 | - $data = str_getcsv($results[$i], ','); |
|
| 141 | - $thisVal = $data[1]; |
|
| 142 | - unset($data[1]); |
|
| 143 | - $data = array_values($data); |
|
| 144 | - if ( !in_array($thisVal,array_keys($tolist)) ) |
|
| 145 | - $tolist["$thisVal"] = $data; |
|
| 146 | - else if ($data[3]>$tolist[$thisVal][3]) |
|
| 147 | - $tolist["$thisVal"] = $data; |
|
| 140 | + $data = str_getcsv($results[$i], ','); |
|
| 141 | + $thisVal = $data[1]; |
|
| 142 | + unset($data[1]); |
|
| 143 | + $data = array_values($data); |
|
| 144 | + if ( !in_array($thisVal,array_keys($tolist)) ) |
|
| 145 | + $tolist["$thisVal"] = $data; |
|
| 146 | + else if ($data[3]>$tolist[$thisVal][3]) |
|
| 147 | + $tolist["$thisVal"] = $data; |
|
| 148 | 148 | } |
| 149 | 149 | |
| 150 | 150 | /* Make MYSQL connection */ |
@@ -154,34 +154,34 @@ discard block |
||
| 154 | 154 | exit (254); |
| 155 | 155 | |
| 156 | 156 | foreach ( array_keys($tolist) as $value) { |
| 157 | - $quantity = $conf['quantity']; |
|
| 158 | - $reason = 'On ['.$tolist["$value"][0]."] <$value> sent ".$tolist["$value"][1].' messages to '.$tolist["$value"][2].' recipients.'; |
|
| 159 | - if ( $tolist["$value"][3] >= $threshold ) { |
|
| 160 | - if ( searchAndList ($mysqli,$user,$tables,$typedesc,$value,$unit,$quantity,$reason) ) { |
|
| 161 | - syslog (LOG_INFO, "$user: ".'Listing reason: '.$reason); |
|
| 162 | - /* Send a email to domain admin if you list an email */ |
|
| 163 | - if ( ( $tables["$typedesc"]['field'] == 'email' ) OR ( $tables["$typedesc"]['field'] == 'username' ) ) { |
|
| 164 | - /* Sometime uid are in the form of <user>@<domain> ... */ |
|
| 165 | - if ( strpos($value, '@') !== FALSE ) { |
|
| 166 | - $domain = substr(strrchr($value, '@'), 1); |
|
| 167 | - if ( strpos($domain, '@') === FALSE ) { |
|
| 168 | - $recip = emailToNotify($domainNotify_file,$domain); |
|
| 169 | - $subject = sprintf('%s <%s> is now blocked because exceedes limits on outgoing emails', |
|
| 170 | - $tables["$typedesc"]['field'], $value); |
|
| 171 | - if (!empty($recip)) |
|
| 172 | - if ( sendEmailWarn($tplfile,'[email protected]',$recip, |
|
| 173 | - $subject,$value,"$quantity $unit",$reason) ) |
|
| 174 | - syslog(LOG_INFO, "$user: \"$recip\" was notified about the \"$value\" abuse."); |
|
| 175 | - } |
|
| 176 | - else syslog(LOG_ERR,"$user: <$domain> contains the '@' char. Notification cannot be sent."); |
|
| 177 | - } |
|
| 178 | - } |
|
| 179 | - } |
|
| 180 | - } |
|
| 181 | - else { |
|
| 182 | - $reason .= " But it has NOT been listed because it doesn't apply to the trigger condition."; |
|
| 183 | - syslog (LOG_INFO, "$user: ".$reason); |
|
| 184 | - } |
|
| 157 | + $quantity = $conf['quantity']; |
|
| 158 | + $reason = 'On ['.$tolist["$value"][0]."] <$value> sent ".$tolist["$value"][1].' messages to '.$tolist["$value"][2].' recipients.'; |
|
| 159 | + if ( $tolist["$value"][3] >= $threshold ) { |
|
| 160 | + if ( searchAndList ($mysqli,$user,$tables,$typedesc,$value,$unit,$quantity,$reason) ) { |
|
| 161 | + syslog (LOG_INFO, "$user: ".'Listing reason: '.$reason); |
|
| 162 | + /* Send a email to domain admin if you list an email */ |
|
| 163 | + if ( ( $tables["$typedesc"]['field'] == 'email' ) OR ( $tables["$typedesc"]['field'] == 'username' ) ) { |
|
| 164 | + /* Sometime uid are in the form of <user>@<domain> ... */ |
|
| 165 | + if ( strpos($value, '@') !== FALSE ) { |
|
| 166 | + $domain = substr(strrchr($value, '@'), 1); |
|
| 167 | + if ( strpos($domain, '@') === FALSE ) { |
|
| 168 | + $recip = emailToNotify($domainNotify_file,$domain); |
|
| 169 | + $subject = sprintf('%s <%s> is now blocked because exceedes limits on outgoing emails', |
|
| 170 | + $tables["$typedesc"]['field'], $value); |
|
| 171 | + if (!empty($recip)) |
|
| 172 | + if ( sendEmailWarn($tplfile,'[email protected]',$recip, |
|
| 173 | + $subject,$value,"$quantity $unit",$reason) ) |
|
| 174 | + syslog(LOG_INFO, "$user: \"$recip\" was notified about the \"$value\" abuse."); |
|
| 175 | + } |
|
| 176 | + else syslog(LOG_ERR,"$user: <$domain> contains the '@' char. Notification cannot be sent."); |
|
| 177 | + } |
|
| 178 | + } |
|
| 179 | + } |
|
| 180 | + } |
|
| 181 | + else { |
|
| 182 | + $reason .= " But it has NOT been listed because it doesn't apply to the trigger condition."; |
|
| 183 | + syslog (LOG_INFO, "$user: ".$reason); |
|
| 184 | + } |
|
| 185 | 185 | } |
| 186 | 186 | |
| 187 | 187 | /* Close connection */ |
