Registration email domain blacklisting
-
@Annihil Is there an option to use a whitelist instead?
-
Hi, sorry to up this old topic, but is it possible to update this plugin. Or is there an other plugin which is able to blacklist a email or a domain ?
Indeed, I have regularly new members with an email @dl.quirkymeme.com. I have blacklisted all their IP (about 44) but they always come. I think it will be more simple to block the domain @dl.quirkymeme.com.PS : sorry for my english, I'm french.
-
No response...
For waiting, if someone wants my whole list of blacklisted IP (I update it when A find new IP), you can find it here https://www.lereboot.com/topic/13832/bloquer-blacklister-les-bots-dl-quirkymeme-com
It's not perfect, but it's better than nothing. -
@julian said in Registration email domain blacklisting:
@Raccoon -- we can probably take over this plugin, it seems quite popular
What's the problem with it, doesn't start?
There is this error on console, the plugin doesn't load the template
-
@Maleficent heureusement que tu as des réflexes de développeuse
-
@Raccoon @Maleficent
The plugin is tested and seems to work fine. In your case @Maleficent, you need to run
./nodebb build
after activating the plugin.I sent over a PR to fix up a typo in the library, but that version (with the typo) was never published to npm, so the existing version on npm should still work with latest NodeBB.
-
@julian Have you tested recently with isTempMail enabled? No API token required? I was expecting to need one but seems I am missing something?
In any case, it is blocking manually added domains but does not appear to be blocking via isTempMail domains, e.g. an temp-mail.org address, and I did not find anywhere to add my isTempMail API token.
I am still on 1.12.
TIA.
-
Did a bit more investigating. Plugin is definitely broken using isTempMail API. Evidently when first coded the public api was free and did not require an api key.
{"error":"no_token","error_description":"Please add API token to your request."}
I am a freak and do not code Javascript. Given that, I do not grok anywhere in this code that generates an opportunity to provide one:
https://github.com/Annihil/nodebb-plugin-email-blacklist/blob/master/library.js
Query url needs to look like this:
https://www.istempmail.com/api/check/YOUR-isTempMail-API-KEY/example.com (or can also handle full [email protected]).
Update: I can confirm the URL string above works via manual submission, but not via simple edit of nodebb-plugin-email-blaclist/library.js's isTempMail function's path.
-
Well looks like I was an ID10T on this one. npm install pulls the original Annihil version cuz that is where package.json tells it to grab it from.
-
Manual installation of Julian's/NodeBB 3rd Party forked version, available here: https://github.com/NodeBB-Community/nodebb-plugin-email-blacklist
-
Coupled with my URL query string update above and ... voila! Now works dandy w/both manually added addresses and istempmail.org API key.
The function isTempMail's path var needs to be thusly:
path: '/api/check/Your-API-Key-Here/' + email
Or maybe I neglected the trailing slash first time around. In any event, geronimo, there ya' go.
-
-
hi @julian , will this plugin be updated to work with NodeBB 1.19.0 ?
https://github.com/NodeBB-Community/nodebb-plugin-email-blacklist
currently, it does not prevent registration addresses from the blacklisted domains...
Additionally, the original repository is gone but the broken link is in the package.json, I guess it makes sense to update that too. Thanks in advance.
-
@crazycells said in Registration email domain blacklisting:
hi @julian , will this plugin be updated to work with NodeBB 1.19.0 ?
https://github.com/NodeBB-Community/nodebb-plugin-email-blacklist
currently, it does not prevent registration addresses from the blacklisted domains...
Additionally, the original repository is gone but the broken link is in the package.json, I guess it makes sense to update that too. Thanks in advance.
Usually opencollective is used to finance the support of third-party plugins. Without such support, it is impossible for a small team to support all plugins.
Example:
https://opencollective.com/flarum
https://opencollective.com/discourse
@baris, what do you think about it? Open an account for podderki third-party plugins and nodebb in general. -
@crazycells The plugin has now been updated to support v2.
The
isTempMail
portion is now disabled as that API is no longer free. -
@julian said in Registration email domain blacklisting:
The isTempMail portion is now disabled as that API is no longer free.
Damn. Well, that sucks!
Good to know, though. I have not kept up w/the isTempMail "news".
Now the question becomes... how to replicate it as true ROSS plugin? Hmm...
-
@gotwf chasing after temporary mail domains is like playing whack-a-mole. There's no way to do it cheaply because there's some human element involved..
I wonder if anyone maintains a GitHub gist of temp mail domains ... Hmm
Edit: a ha! https://github.com/disposable-email-domains/disposable-email-domains
-
@julian said in Registration email domain blacklisting:
@gotwf chasing after temporary mail domains is like playing whack-a-mole.
Yep. Hence the "thinking" emoji.
I was pondering how isTempMail might be handling this on the backend. I presumed it must be automated/ai in some way because....
There's no way to do it cheaply because there's some human element involved..
I wonder if anyone maintains a GitHub gist of temp mail domains ... Hmm
Edit: a ha! https://github.com/disposable-email-domains/disposable-email-domains
Yes, "they" do.
Many such specialized black lists, actually. Issue is the veracity thereof. Many of these miscreant types are able to leverage large discontinuous IP blocks. Ever fsck'ing evolution of the arms race 'twixt good and evil. And of course, the latter always has the advantage.
-
@julian Just found this:
https://www.npmjs.com/package/burner-email-providers
There are several others. That one looks to be the most "recently" maintained. Maybe worth a gander?