Need to ban email domains

brooklynhaxx

I've been using OSticket for a couple months now and everything works great and was very easy to set up and configure. The only problem I'm having is that you can only ban specific email addresses and not entire domains. I receive copious amounts of spam from yahoo email addresses and would like to ban the entire yahoo domain from submitting tickets. I'm currently using the email piping system, so blocking the emails before they get to OSticket or switching back to POP is not an option unfortunately.

Elsewhere in the forums I read about the hack to turn the banlist into a whitelist but this won't work for me because I don't know what addresses the clients will be using, only the domain. I've tried everything I can find on Google and in the forums with no success. If anyone has any ideas it would be greatly appreciated.

Thanks!

B14CK_H4WK

ive also need this feature, i have tried *@domain.com but that doesnt work

dohcjs

Doman Ban

Class.banlist.php, change the last function to

function isbanned($email) {

return db_num_rows(db_query('SELECT id FROM '.BANLIST_TABLE.' WHERE email LIKE '.db_input('%'.$email)))?true;

}

Admin.php under the scp directory, remove the email validation or change the function in class.validator.php to accept "@example.com"

case 'banlist': //BanList.

require_once(INCLUDE_DIR.'class.banlist.php');

switch(strtolower($_POST)) {

case 'add':

if(!$_POST || !Validator:($_POST))

$errors='Please enter a valid email.';

elseif(BanList:($_POST))

$errors='Email already banned';

else{

if(BanList:($_POST,$thisuser->getName()))

$msg='Email added to banlist';

else

$errors='Unable to add email to banlist. Try again';

}

break;

That should allow you to ban domains.

lawtonca

db query

Shouldn't the DB query for the isbanned function be something more like:

return db_num_rows(db_query('SELECT id FROM '.BANLIST_TABLE.' WHERE email='.db_input($email).' OR email=SUBSTRING('.db_input($email).',LOCATE(\'@\','.db_input($email).'),LENGTH('.db_input($email).'))'))?true;

This removes the username from the incoming email address and tries to match it to the database entry as well as trying to match the whole email address

GPVL2

This should work too, you just need to make the admin changes so it will accept a * wildcard in the email.

function isbanned($email) {

$banned_domain = null;

$email_elements = (preg_split("/@/", $email));

if (strcmp($email_elements,'*')==0) {

$banned_domain= sprintf("%%@%s",$email_elements);

}

if (!empty($banned_domain)) {

return db_num_rows(db_query('SELECT id FROM '.BANLIST_TABLE.' WHERE email LIKE '.db_input($banned_domain)))?true;

} else {

return db_num_rows(db_query('SELECT id FROM '.BANLIST_TABLE.' WHERE email='.db_input($email)))?true;

}