[eoc_Jason]

Skydancer - I agree with your statements about how DNS "should" cache the info, however, not knowing what all RBLs set their TTL to, or also any mis-configurations, having one little bit of info stored locally makes sense (to me).

The current RBL lookup in the code is spamhaus' list, which is actually a combined open proxy list from 3 sources. So you get a 3-fer-1 in the query.

Lastly, the session info for vB is a HEAP table (meaning it's only stored in memory, not on the HD). vB does a "SELECT *" from the table when doing it's inital session stuff, so there is no added overhead in that case.

Like I said in a previous post, the worst-case scenario that I can think of is if the RBL goes does or does not respond in a timely fashion. I did not put in any timeout / exception handing.

Quote:

Originally Posted by skydancer

Nice work! I had kludged something together earlier, but a plugin is a lot better. I've installed it and will test it out

I'm not sure I agree with the comments on caching. This plugin uses gethostbyname() to do a DNS request to the blocklist servers. This DNS request will be issued to the (colo provider's) DNS cache and that server will already cache the answer for you. This server will keep it in the cache as long as the TTL of the record in the blocklist, so you are caching it as long as the blocklist specifies it, which is often hours or days, and you have the best chance of having an up to date result, because your DNS takes care of caching and retrieving.

Caching would also make the code more complex and prone to errors, also it costs extra time for a feature that DNS already provides. A network DNS lookup is also often faster than a database table lookup and does not stress the disk.

When you check one blocklist, the network load is comparable to doing HostnameLookups On in Apache, which is minimal for all but the largest sites. If needed, I would advise checking a composite blocklist that mirrors many other lists, so you only spend one DNS packet in and out.

cnutter - Yes, I had the same issue with a couple of my members getting dumped with bad dynamic IPs. However, all the sites that spamhaus uses has extremely simple (one-click removal) links, which will remove the IP and by the next update (hourly) should no longer be blocked. An IP exclusion would not work for most people as they have dynamic IPs. Instead you might want to consider doing it by usergroups, as I posted a snip of code above about bypassing the check for certain groups.