checkdnsrr always checks true?

[nevesgodnroc]

one of my clients has just recently started getting spam emails through his contact form that i put on his website. the attacker using very obviously bad domain for email address. and my checkdnsrr function always returns true.

 

I have hosted this site for about two years now and this just started happening in the last few months.

[R0bb0b]

What are you currently doing to prevent header injection?  Do you know if this person is actually using form at all?

[nevesgodnroc]

no i am not sure whether they are using the form but i will look into header injection right away.

 

do you have any idea why the checkdnsrr function would always returrn true?

 

if(eregi ("^[[:alnum:]][a-z0-9_.-]*@[a-z0-9.-]+\.[a-z]{2,6}$", stripslashes(trim($email)))){
$test = 0;
}else{  
$test = 1;
}// endif

if ($test == 0){
list($userName, $mailDomain) = split("@", $email); 					
   
  if (!checkdnsrr($mailDomain, "MX")) { 
    echo ("<br><h1>email address appears to be invalid!</h1><br>");
    return false;
  }else { 
    return true;

  } // end if

}else{ //test must = 1 (contains bad character)
echo ("<br><h1>email address appears to be invalid!</h1><br>");
return false;
}//end if $test==0 clause

 

hope you can see something.

Thanks

[R0bb0b]

I don't know about the checkdnsrr function but one thing that I would consider is putting a captcha on the form.  Are you calling the function with the entire email address or are you doing something like this:

<?
list($user, $host) = explode("@", $_POST['email']);
$hostvalid = checkdnsrr($host, "MX");
?>

[nevesgodnroc]

yes i am just calling the checkdnsrr function with the domain name only

[PFMaBiSmAd]

So check what your code is actually doing. See what is in $mailDomain and then check out that domain and see if there is an MX record.