Page 1 of 1

Problem with OnSMTPData filter script

Posted: 2020-10-06 14:27
by bagu
Hello,

I have this on my EventHandler.vbs :

Code: Select all

'   Sub OnClientConnect(oClient)
Function ListedInAbuseIPDB(strIP) : ListedInAbuseIPDB = false
	With CreateObject("AbuseIPDBComponent.AbuseIPDBRestClient")
		.SetApiKey("MyAPIKey")
		.SetMaxConfidenceScore(40)
		.SetMaxAgeInDays(90)
		On Error Resume Next
		ListedInAbuseIPDB = .BlockEndpoint(strIP)
		If (ListedInAbuseIPDB) then
			'EventLog.Write("AbuseIPDB Score:" & .GetConfidenceScore(strIP))
		End If
		If Err.Number <> 0 Then
			'EventLog.Write("AbuseIPDB Error: " & Err.Description)
		End If
		On Error Goto 0
	End With
End Function

Sub OnClientConnect(oClient)
	' GeoIP
	Dim geoip
	Result.Value = 0
	set geoip = CreateObject("GeoIPCOMEx.GeoIPEx")
	geoip.set_db_path("D:\geoip\")
	geoip.find_by_addr(oClient.IPAddress)
	country = geoip.country_code

	Select Case country
		Case "AE","AG","AL","AR","AZ","BA","BB","BD","BG","BN","BO","BR","BY","BZ","CM","CI","CN","CO","CZ","DO","EC","EE","EG","GE","GH","GR","GT","HK","ID","IL","IN","IR","IS","JO","JP","KE","KH","KR","KZ","LA","LB","LT","MA","MD","MG","MO","MN","MV","MW","MX","MY","MZ","NC","NE","NG","NI","NP","PA","PE","PK","PH","PY","RO","RU","RS","RW","SA","SC","SD","SG","SI","SK","SV","TH","TJ","TT","TR","TW","TZ","UA","UG","UZ","VE","VN","ZA","ZM"
			Result.Value = 1
			EventLog.Write("Geo-IP (country) rejected:" & vbTab & vbTab & vbTab & oClient.IPAddress & ":" & oClient.Port & vbTab & geoip.country_code & vbTab & geoip.country_name)
		Case Else
			If (oClient.IPAddress = "127.0.0.1") Then Exit Sub '** Localhost
			If (Left(oClient.IPAddress, 9) = "172.16.0.") Then Exit Sub '** Local LAN clients
			If ((oClient.Port = 993) And (country <> "FR") AND (country <> "LN")) Then
				EventLog.Write("Geo-IP (port) rejected:" & vbTab & vbTab & vbTab & oClient.IPAddress & ":" & oClient.Port & vbTab & geoip.country_code & vbTab & geoip.country_name)	
				Result.Value = 1
				Exit Sub
			End If
			If (oClient.Port <> 25) Then
				If ListedInAbuseIPDB(oClient.IPAddress) Then
					EventLog.Write("AbuseIPDB rejected:" & vbTab & vbTab & vbTab & vbTab & oClient.IPAddress & ":" & oClient.Port & vbTab & country & vbTab & geoip.country_name)	
					Result.Value = 1
					Exit Sub
				End If
			End If
	End Select
End Sub
'   End Sub

'   Sub OnSMTPData(oClient, oMessage)
Sub OnSMTPData(oClient, oMessage)
	Result.Value = 0
	blockedVarLenEnd = Array(".bid", ".best", ".casa", ".club", ".com.au", ".cn", ".cyou", ".date", ".loan", ".md", ".ml", ".science", ".site", ".stream", ".top", ".trade", ".ua", ".br", ".review", ".website", ".win", ".xyz", ".top", "octelio.emsecure.net", "hosting-by.directwebhost.org", ".pro", ".icu", ".ru", "plateformpro.fr", ".pro", ".online", ".guru", ".world", ".live", ".today", ".digital", ".co", ".monster", ".pt", ".work", ".network", ".buzz", ".io", "sbcglobal.net", "maxijob.net")
	For Each bEmail in blockedVarLenEnd
		If right(oMessage.FromAddress,len(bEmail)) = bEmail Then 
			Result.Value = 1
			EventLog.Write("OnSMTPData rejected:" & vbTab & vbTab & vbTab & oClient.IPAddress & ":" & oClient.Port & vbTab & oMessage.FromAddress)
			Exit Sub
		Else
			EventLog.Write("OnSMTPData accepted:" & vbTab & vbTab & vbTab & oClient.IPAddress & ":" & oClient.Port & vbTab & oMessage.FromAddress)
		End If
	Next
End Sub
As you can see, in the OnSMTPData section, .monster may be blocked.
But, i have this on my logs :
6924 "2020-10-06 02:34:17.453" "OnSMTPData accepted: 89.144.29.9:25 root.canal-secret=secret@bringerdaring.monster"
6924 "2020-10-06 02:34:17.453" "OnSMTPData accepted: 89.144.29.9:25 root.canal-secret=secret@bringerdaring.monster"
6924 "2020-10-06 02:34:17.453" "OnSMTPData accepted: 89.144.29.9:25 root.canal-secret=secret@bringerdaring.monster"
Can you help me to understand how this can happen ?
Thanks

Re: Problem with OnSMTPData filter script

Posted: 2020-10-06 15:33
by palinka
bagu wrote:
2020-10-06 14:27

Code: Select all

'   Sub OnSMTPData(oClient, oMessage)
Sub OnSMTPData(oClient, oMessage)
	Result.Value = 0
	blockedVarLenEnd = Array(".bid", ".best", ".casa", ".club", ".com.au", ".cn", ".cyou", ".date", ".loan", ".md", ".ml", ".science", ".site", ".stream", ".top", ".trade", ".ua", ".br", ".review", ".website", ".win", ".xyz", ".top", "octelio.emsecure.net", "hosting-by.directwebhost.org", ".pro", ".icu", ".ru", "plateformpro.fr", ".pro", ".online", ".guru", ".world", ".live", ".today", ".digital", ".co", ".monster", ".pt", ".work", ".network", ".buzz", ".io", "sbcglobal.net", "maxijob.net")
	For Each bEmail in blockedVarLenEnd
		If right(oMessage.FromAddress,len(bEmail)) = bEmail Then 
			Result.Value = 1
			EventLog.Write("OnSMTPData rejected:" & vbTab & vbTab & vbTab & oClient.IPAddress & ":" & oClient.Port & vbTab & oMessage.FromAddress)
			Exit Sub
		Else
			EventLog.Write("OnSMTPData accepted:" & vbTab & vbTab & vbTab & oClient.IPAddress & ":" & oClient.Port & vbTab & oMessage.FromAddress)
		End If
	Next
End Sub
I'm not the vbs expert, so don't blame me if I send you off on a wild goose chase. :lol:

Is there an error log? You haven't declared the variables. That always ends up with errors in my logs.

Are any other messages getting blocked by this script?

Re: Problem with OnSMTPData filter script

Posted: 2020-10-06 15:39
by bagu
Hello,

No problem.
There is no error message. That's why it strange.
But, i think i may rewrite the OnSMTPData as this :

Code: Select all

'   Sub OnSMTPData(oClient, oMessage)
Sub OnSMTPData(oClient, oMessage)
	Result.Value = 0
	blockedVarLenEnd = Array(".bid", ".best", ".casa", ".club", ".com.au", ".cn", ".cyou", ".date", ".loan", ".md", ".ml", ".science", ".site", ".stream", ".top", ".trade", ".ua", ".br", ".review", ".website", ".win", ".xyz", ".top", "octelio.emsecure.net", "hosting-by.directwebhost.org", ".pro", ".icu", ".ru", "plateformpro.fr", ".pro", ".online", ".guru", ".world", ".live", ".today", ".digital", ".co", ".monster", ".pt", ".work", ".network", ".buzz", ".io", "sbcglobal.net", "maxijob.net")
	For Each bEmail in blockedVarLenEnd
		If right(oMessage.FromAddress,len(bEmail)) = bEmail Then 
			Result.Value = 1
			EventLog.Write("OnSMTPData rejected:" & vbTab & vbTab & vbTab & oClient.IPAddress & ":" & oClient.Port & vbTab & oMessage.FromAddress)
			Exit Sub
		End If
	Next
	EventLog.Write("OnSMTPData accepted:" & vbTab & vbTab & vbTab & oClient.IPAddress & ":" & oClient.Port & vbTab & oMessage.FromAddress)
End Sub
Because (i'm not a vbs expert too), i think the "OnSMTPData accepted" should only happen if the loop (each/Next) don't match anything.
But i'm not sure it's the right solution

P.S. : It's not my script, and i don't know how to make a good vbs script, so i only try to adapt what i find for my own purpose

Re: Problem with OnSMTPData filter script

Posted: 2020-10-06 16:16
by palinka
I would use regex. That may only be because i know i could make it work.

Also, are you sure that declaring result value = 0 at the top is not what's tripping you up?

Re: Problem with OnSMTPData filter script

Posted: 2020-10-06 16:33
by SorenR
Perhaps a bit simpler?

And NO, I chose on purpose NOT to include your blocklist - that one you can do yourself. It's standard RegEx using standard RegEx rules. :mrgreen:

Code: Select all

Function oLookup(strRegEx, strMatch, bGlobal)
   With CreateObject("VBScript.RegExp")
      .Pattern = strRegEx
      .Global = bGlobal
      .MultiLine = True
      .IgnoreCase = True
      Set oLookup = .Execute(strMatch)
   End With
End Function


Sub OnSMTPData(oClient, oMessage)
   Dim strRegEx, Match, Matches 
   '
   ' Reject "From:"
   '
   strRegEx = "(Sweetme)|(Kira Johns)|(July Girl)|(Hot Mama)|(Little Miss)|" & _
              "(Baby Boobs)|(Booby Girl)|(Booby Booms)|" & _
              "(\.bid|\.kim|\.men|\.top|\.win|\.xyz|\.zip)(|\>)$"
   Set Matches = oLookup(strRegEx, oMessage.From, False)
   If Matches.Count > 0 Then
      For Each Match In Matches
         Result.Value = 1
         EventLog.Write("OnSMTPData rejected:" & vbTab & vbTab & vbTab & oClient.IPAddress & ":" & oClient.Port & vbTab & oMessage.FromAddress)
         Exit Sub
      Next
   End If
NB:! There is a "False" passed in oLookup so only ONE match will be returned despite the "For Each Match In Matches" ... :wink:

Re: Problem with OnSMTPData filter script

Posted: 2020-10-06 17:09
by bagu
I'm not familiar with regex.

That's why i don't use it (an error can come sooooo quick if there is a mistake in regex ^^)