vb.org Archive
Page 7 of 39 « First 56 7 8917 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.5 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=113)
-   -   vBouncer: reduce server load by unsubscribing bouncing members from threads (https://vborg.vbsupport.ru/showthread.php?t=83486)

tamarian 06-28-2005 12:12 AM
Quote:
Originally Posted by merk
Great :)

Does PHP need to be compiled with some extra support to connect to POP mailboxes?
Yes, it needs "--with-IMAP". The good news is that control panel configurations (who mostly would need the POP method) usually compile a lot of stuff into PHP.

For those who need to check: See vB's control panel under the phpinfo part in the maintenance/diagnostic section. If you have IMAP compiled, it would have a section titled IMAP and show status as "enabled".

CB|Steffen 06-28-2005 06:37 PM
I like the idea, but there might be some kind of security problem: How do you make sure that the bounce is valid? I think this system could be abused to annoy users by selectively sending fake bounces resulting in account deactivation.

tamarian 06-28-2005 06:45 PM
Quote:
Originally Posted by CB|Steffen
I like the idea, but there might be some kind of security problem: How do you make sure that the bounce is valid? I think this system could be abused to annoy users by selectively sending fake bounces resulting in account deactivation.

That is true.

What I do is enabple a PM warning first, which means the member has 7 days to contact me if these are not really bounced emails.

I don't use the option to change user group, it was only added by request (I also made a warning under that option in the setting :) )


On my forums, the worst that can happen is to change subscription from instant email to "no email". Which means they can still see subscribed threads from the userCP.

merk 06-28-2005 11:12 PM
A random number/hash could be generated for each email sent and stored so that the system knows its a legimitate email?

Im much worse about bounced email, if it bounces once they get moved to awaiting email confirmation (and a big red warning appears on every page in that group).

tamarian 06-29-2005 02:42 PM
Quote:
Originally Posted by merk
A random number/hash could be generated for each email sent and stored so that the system knows its a legimitate email?
I gave this some thought, and concluded that it's best not to do that. Here's why: vBouncer is optimized not to do anything unless a bounced email is found. To implement a hash method, vBouncer will need to run an insert query for every email sent. The hash number will need to be stored in the database for every single thread notification sent. vBulletin will send multiple thread notifications for each new post, relative to the number of members subscribed to that thread, plus an extra qury when a bounced email is received, to match with the hash number sent. This is a huge number of queries, and will defeat the purpose of reducing the server load.

Quote:
Im much worse about bounced email, if it bounces once they get moved to awaiting email confirmation (and a big red warning appears on every page in that group).
That's why I don't like that option :) I much prefer to let vBouncer run it's course. Send a warning on the first run, and take action on the second run (defult run period is 7 days).

merk 06-30-2005 01:25 AM
Fair enough, though the system is open to abuse if you think about it. I wonder if there is another solution to either make it harder or impossible to abuse.

tamarian 06-30-2005 01:40 AM
Quote:
Originally Posted by merk
Fair enough, though the system is open to abuse if you think about it. I wonder if there is another solution to either make it harder or impossible to abuse.
I think the abuse would require all the following conditions:

1. Enabling auto processing option
2. And enabling usergroupid change option
3. And allowing members to see other members email addressess (or them finding out the email addresses from the members themselves)
4. And being able to forge emails with correct bounce syntax.

But an alternative would be to ignore forged email headers. I may write some pre-checks, and/or allow the option to call user-defined scripts, like SpamAssasin and the like, to allow returning a true or false answer, and ignore emails based on that answer.

merk 06-30-2005 01:43 AM
Quote:
Originally Posted by tamarian
I think the abuse would require all the following conditions:

1. Enabling auto processing option
2. And enabling usergroupid change option
3. And allowing members to see other members email addressess (or them finding out the email addresses from the members themselves)
4. And being able to forge emails with correct bounce syntax.

But an alternative would be to ignore forged email headers. I may write some pre-checks, and/or allow the option to call user-defined scripts, like SpamAssasin and the like, to allow returning a true or false answer, and ignore emails based on that answer.
Good point. I dont allow users to see other users email addresses, so that should be enough to make sure its okay?

Paul M 07-02-2005 03:37 AM
I am actually testing what seems a very simple answer to the above, which also gives me something consistant to look for in the returned mails.

I use the following code to add two headers to every outgoing e-mail

PHP Code:
$mycode "qwertyuiop"// change this to something unique //
$headers .= "X-Tracker-Dst: " $toemail $delimiter;
$headers .= "X-Tracker-Chk: "MD5($toemail $mycode) . $delimiter
Every system that bounces mail should return the original headers (all that I have tested do) so you get these headers back with all failures.

The bouncer code then scans the inbox looking for all the X-Tracker-Dst headers to get the original destination, and pulls the X-Tracker-chk for each one. It then does the same MD5 calculation and if it's a match it knows it was a genuine bounce. To spoof this - the spoofer would need to know your unique code in order to get the MD5 correct. It also means that all I need to look for in the rejects inbox is these two headers. :)

Paul M 07-02-2005 03:39 AM
On a seperate note - I'm going to see if I can figure out why the forum cannot see the mail box - since my vB can see my attachments folder, which is at the same level as the mail folder - it maybe nothing more than permissions.

Edit, okay, it's not permissions. A deeper look required over the weekend.


All times are GMT. The time now is 01:44 AM.
Page 7 of 39 « First 56 7 8917 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01394 seconds
  • Memory Usage 1,752KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php_printable
  • (6)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete