-
-
Notifications
You must be signed in to change notification settings - Fork 6.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change e-mail domain blocks to block IPs dynamically #17635
Conversation
9c90c2e
to
febace7
Compare
febace7
to
06b30a9
Compare
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
def with_dns_records? | ||
@with_dns_records | ||
def history | ||
@history ||= Trends::History.new('email_domain_blocks', id) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm maybe that needs some refactoring, because email domain blocks depending on trends code feels very wrong.
# Used for adding multiple blocks at once | ||
attr_accessor :other_domains |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Feels weird to have that in the model since it's purely a form/controller thing.
other_email_domain_block = EmailDomainBlock.create!(domain: domain, parent: @email_domain_block) | ||
log_action :create, other_email_domain_block |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is going to cause issues as soon as two blocked email domains share MX records, right?
end | ||
end | ||
|
||
email_domain_block.update(ips: ips, last_refresh_at: Time.now.utc) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just got TypeError: can't cast Resolv::DNS::Resource::IN::A
When adding a new e-mail domain block, do not block any resolved DNS records silently; instead, display them as options in the form, turning the form into a two-step wizard. Add ability to delete e-mail domain blocks in batches. Instead of recording IPs of domains and MX records as separate blocks, add periodic refreshing for IPs for each entry, since IPs are not permanent. When an e-mail domain block prevents a registration attempt, track it in history and display number of attempts over the last 7 days in the admin UI.
Having explicit IP blocks in the e-mail domain blocks should be considered dangerous and deprecated. We may need to consider a migration that removes them. The IP addresses that the blocked domains resolve to will still be checked for matches, which should help for cases where one mail server is masked using different MX records or domains.