https://github.com/tootsuite/mastodon/commit/63c7b9157274f57c496399a1a5c728b32415034c Block the registration SPAM in Mastodon from mxsrv.mailasrvs.pw

Block the registration SPAM in Mastodon from mxsrv.mailasrvs.pw

Last Update: 2018/05/27

Block the registoration SPAM in Mastodon from random e-mail addresses which have MX record of "mxsrv.mailasrvs.pw".

Apply this the patch. https://github.com/KnzkDev/mastodon/commit/c8054875d485152cc71f2bac84b4b9d339f46f3b

EmailMXValidator.patch


diff -uprN live_org/app/models/user.rb live/app/models/user.rb
--- live_org/app/models/user.rb 2018-05-26 01:39:55.687311131 +0000
+++ live/app/models/user.rb     2018-05-26 01:49:41.557463048 +0000
@@ -65,6 +65,7 @@ class User < ApplicationRecord

   validates :locale, inclusion: I18n.available_locales.map(&:to_s), if: :locale?
   validates_with BlacklistedEmailValidator, if: :email_changed?
+  validates_with EmailMXValidator, if: :email_changed?

   scope :recent, -> { order(id: :desc) }
   scope :admins, -> { where(admin: true) }
diff -uprN live_org/app/validators/email_mx_validator.rb live/app/validators/email_mx_validator.rb
--- live_org/app/validators/email_mx_validator.rb       1970-01-01 00:00:00.000000000 +0000
+++ live/app/validators/email_mx_validator.rb   2018-05-26 01:48:09.054176037 +0000
@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+require 'resolv'
+class EmailMXValidator < ActiveModel::Validator
+  def validate(user)
+    domain = user.email.split('@', 2).last
+    mxs = Resolv::DNS.new.getresources(domain, Resolv::DNS::Resource::IN::MX).to_a.map { |e| e.exchange.to_s }
+
+    user.errors.add(:email, "Email address does not appear to be valid. Please check that you've typed it correctly.") if mxs.empty? || blocked_mx?(mxs)
+  end
+
+  private
+
+  def blocked_mx?(mxs)
+    EmailDomainBlock.where('domain IN (?)', mxs).exists?
+  end
+end

Set domain "mxsrv.mailasrvs.pw" in Moderation -> E-mail blacklist after patch.

Additional infomation

Same patch commited to Mastodon master.

https://github.com/tootsuite/mastodon/commit/63c7b9157274f57c496399a1a5c728b32415034c