[2.0.17] Live Email Validate (LEV)
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations
On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
READ: phpBB.com Board-Wide Rules and Regulations
On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
I'm a little paranoid about this MOD not allowing genuine members to join. No offence to you or your scripting Wulf; I'm not questioning your skills, in fact I'm questioning mine. The thing is I don't actually know a huge deal about SMTP, so I'm not too sure how it works. On the configuration settings of the Admin CP, I have the checkbox set to 'no' and the three boxes under it empty. Do I need to change this before the MOD will work? And what are the chances of this MOD not recognising an e-mail address that's valid? Oh and one last question, are you able to manually validate an e-mail address if it's unrecognised but you know it to be genuine? Thanks in advance for any and all feedback you give me on this.
Hi,
Genuine questions are always welcome
My contention is, in these uncertain times, that it's better to keep a 'closed door policy' and have to deal with one or two users manually, than allowing anyone (or anything, e.g. spambots) to gain entry. I don't know which 3 checkboxes you're referring to, LEV has one setting button in the ACP which is Yes or No, click the relevant one to enable or disable it.
As you may have noticed if you've been following this thread, there is always a chance that a real email address won't be 'checkable' due to port 25 blocking, or users on webmail hosts, however you as Admin of your board can email them at their supplied registration address and if they reply you can activate their accounts yourself. This answers your last question too
Genuine questions are always welcome
My contention is, in these uncertain times, that it's better to keep a 'closed door policy' and have to deal with one or two users manually, than allowing anyone (or anything, e.g. spambots) to gain entry. I don't know which 3 checkboxes you're referring to, LEV has one setting button in the ACP which is Yes or No, click the relevant one to enable or disable it.
As you may have noticed if you've been following this thread, there is always a chance that a real email address won't be 'checkable' due to port 25 blocking, or users on webmail hosts, however you as Admin of your board can email them at their supplied registration address and if they reply you can activate their accounts yourself. This answers your last question too
`
"It's not the things you do right that matter, it's the things you don't do wrong"
"It's not the things you do right that matter, it's the things you don't do wrong"
Ah, thanks a lot man. I just wanted to check that I could manually add people that this MOD blocked. And yeah, you're right. Better to have too much security than to have not enough security. As for the three boxes? I was talking about the SMTP options at the bottom of the configuration menu in the ACP. Just wondering if I needed to fill them in before this MOD would work. Now that I look back, I'm not too sure why I thought that I might have to... *Shrugs* Hehehehe...
Just follow the instructions in the MOD script, there are several files which need changing, they should be uploaded to the same locations as the originals so they're overwritten with the updated ones, but make backups BEFORE you start editing, just in case
You then upload the lev_mod_db_setup.php script to your forum root and run it by accessing it in your browser, once it's completed it should show you a green 'successful' message stating that the config table has been updated. From this point on LEV is enabled by default, nothing else to do except delete the setup script 8)
You then upload the lev_mod_db_setup.php script to your forum root and run it by accessing it in your browser, once it's completed it should show you a green 'successful' message stating that the config table has been updated. From this point on LEV is enabled by default, nothing else to do except delete the setup script 8)
`
"It's not the things you do right that matter, it's the things you don't do wrong"
"It's not the things you do right that matter, it's the things you don't do wrong"
-
lanesharon
- Registered User
- Posts: 400
- Joined: Fri Dec 05, 2003 9:33 pm
- Location: º• Confused! •º
- Contact:
I have my hosting account on a shared server who sometimes lets spammers through the door and then fights the fires after everyone's emails get banned. It is annoying, but necessary with my very limited income.
My forum is setup for account validation prior to membership. So, a welcome email goes out and they need to respond to it with pertinent info. With all the banning that has occured, many do not get these Welcome emails and I get no email from the email service saying it has been banned (AOL, Yahoo, etc).
Currently, I am sending out additional emails, a week later, from another email account I have. I am concerned that with all these emails I have to send out, that some email service providers will start banning that email address too. It is frustrating, to say the least, because I am dealing with cancer patients.
So, my question is, will this mod let me know if my forum email address is getting banned at the other end?
My forum is setup for account validation prior to membership. So, a welcome email goes out and they need to respond to it with pertinent info. With all the banning that has occured, many do not get these Welcome emails and I get no email from the email service saying it has been banned (AOL, Yahoo, etc).
Currently, I am sending out additional emails, a week later, from another email account I have. I am concerned that with all these emails I have to send out, that some email service providers will start banning that email address too. It is frustrating, to say the least, because I am dealing with cancer patients.
So, my question is, will this mod let me know if my forum email address is getting banned at the other end?
Hi Sharon,
The only info that LEV will provide is when it connects to a mailserver but the 'send' fails, e.g. wrong email address or other verification failure - in this case the actual server response code is displayed as part of the error message. To see what's happening on the outside of your mail host you'll have to find a way of reading your server logs (cPanel or vDeck hosts) or ask them to send you the info by email. LEV won't automatically tell you why the connect failed, but you can try a sneaky trick - use the board email address as the user email then submit the form and if it fails, look at the server response code. If it's a simple username or domain error, correct the email address and try again, if it's a 'network type' error, you will have to ask your hosting service how to resolve it, sometimes they use 'port 25 blocking' to deter spam, if this is the case LEV will always fail as it has to connect directly to a mailserver on port 25, it mimics an email client in 'send' mode.
Sorry I can't be more help, you're doing a great service
The only info that LEV will provide is when it connects to a mailserver but the 'send' fails, e.g. wrong email address or other verification failure - in this case the actual server response code is displayed as part of the error message. To see what's happening on the outside of your mail host you'll have to find a way of reading your server logs (cPanel or vDeck hosts) or ask them to send you the info by email. LEV won't automatically tell you why the connect failed, but you can try a sneaky trick - use the board email address as the user email then submit the form and if it fails, look at the server response code. If it's a simple username or domain error, correct the email address and try again, if it's a 'network type' error, you will have to ask your hosting service how to resolve it, sometimes they use 'port 25 blocking' to deter spam, if this is the case LEV will always fail as it has to connect directly to a mailserver on port 25, it mimics an email client in 'send' mode.
Sorry I can't be more help, you're doing a great service
`
"It's not the things you do right that matter, it's the things you don't do wrong"
"It's not the things you do right that matter, it's the things you don't do wrong"
-
DigitalBrains
- Registered User
- Posts: 1
- Joined: Tue Apr 11, 2006 3:36 pm
Little optimization
Great MOD, thanks a lot!
I have a suggestion for a little optimization: right now, the first thing done in validate_email (apart from the syntax preg_match) is your LEV. It seems to me it's cheaper to first check banlists and existing addresses and only then start doing the LEV, since this involves networking and external hosts. A very tiny change, with little side-effects, I think.
And a little side note; perhaps it's best to use MX preferences in the order to try hosts; from high priority to low priority. Not only is this more standards (and common use) conformant, it also stops false positives: lower-preference MX's often only check the domain-part of an e-mail address, and only the highest-preference MX actually has knowledge about which local parts are actually valid. Example: my primary MX is mail.digitalbrains.com, my secondary is mx2.zoneedit.com. If I connect to mx2.zoneedit.com and use a random local part, like "[email protected]", it will pass the LEV test, because zoneedit has no knowledge of which local parts actually exist, and will just accept and queue anything. However, if I connect to mail.digitalbrains.com, it will (correctly) get rejected because that host has knowledge about which local parts exist, and the address will fail the LEV test.
I have a suggestion for a little optimization: right now, the first thing done in validate_email (apart from the syntax preg_match) is your LEV. It seems to me it's cheaper to first check banlists and existing addresses and only then start doing the LEV, since this involves networking and external hosts. A very tiny change, with little side-effects, I think.
And a little side note; perhaps it's best to use MX preferences in the order to try hosts; from high priority to low priority. Not only is this more standards (and common use) conformant, it also stops false positives: lower-preference MX's often only check the domain-part of an e-mail address, and only the highest-preference MX actually has knowledge about which local parts are actually valid. Example: my primary MX is mail.digitalbrains.com, my secondary is mx2.zoneedit.com. If I connect to mx2.zoneedit.com and use a random local part, like "[email protected]", it will pass the LEV test, because zoneedit has no knowledge of which local parts actually exist, and will just accept and queue anything. However, if I connect to mail.digitalbrains.com, it will (correctly) get rejected because that host has knowledge about which local parts exist, and the address will fail the LEV test.
I use the GNU Privacy Guard. You can download my public key here.
Wonderfull MOD, I put it into one of the three forums I'm currently running to see how well it worked. I am decided now on putting it into the other 2 as well. Not only stopped alot of BS accounts, but it stopped dead nearly all bot registrations as well.
Good work, and thanks.
Good work, and thanks.
Forum Admin for www.nsrealm.com.
A Neverwinter Nights Persistant World Community
A Neverwinter Nights Persistant World Community
Re: Little optimization
And how exactly do you do that?DigitalBrains wrote: And a little side note; perhaps it's best to use MX preferences in the order to try hosts; from high priority to low priority. Not only is this more standards (and common use) conformant, it also stops false positives: lower-preference MX's often only check the domain-part of an e-mail address, and only the highest-preference MX actually has knowledge about which local parts are actually valid. Example: my primary MX is mail.digitalbrains.com, my secondary is mx2.zoneedit.com. If I connect to mx2.zoneedit.com and use a random local part, like "[email protected]", it will pass the LEV test, because zoneedit has no knowledge of which local parts actually exist, and will just accept and queue anything. However, if I connect to mail.digitalbrains.com, it will (correctly) get rejected because that host has knowledge about which local parts exist, and the address will fail the LEV test.
-
soonergirl
- Registered User
- Posts: 39
- Joined: Sun Jul 23, 2006 11:07 pm
Great idea...
Wulf_9 wrote: LEV won't automatically tell you why the connect failed, but you can try a sneaky trick - use the board email address as the user email then submit the form and if it fails, look at the server response code. If it's a simple username or domain error, correct the email address and try again, if it's a 'network type' error, you will have to ask your hosting service how to resolve it, sometimes they use 'port 25 blocking' to deter spam, if this is the case LEV will always fail as it has to connect directly to a mailserver on port 25, it mimics an email client in 'send' mode.
I was always getting "Could not connect to the mail server, see the FAQ page for further info gsmtp183.google.com : no route to this domain, host unavailable", even for valid emails.
I tried using the board email, and that didn't work. When the board email was set to local mail, the email worked, but LEV checking still failed. When I set the SMTP server for email (in the ACP), I also had to change the port from 25 to 1352 in smtp.php. Now the board email worked!
Then I changed the port in functions_validate.php ( if ($connect = @fsockopen($hostname, 1352, $errno, $errstr, 15)) )
Now it works except for the gmail & yahoo mail accounts. They do not get accepted.
Have you thought of a solution, or is the MOD restricted to POP accounts?
thanks, and nice job...