Running with shared hosting security [#431376]

I realize that this issue has come up before. My host has fscokopen() open on port 80. (I contacted my host regarding message that appeared after adding the Email Verification Module.)

Is it possible to change the port reference in the coding? Or create a patch that allows the fscokopen() to
(a) work on either open port 25 or 80, or
(b) work on any open port?

Thanks!

Comment	File	Size	Author
#6	_email_verify_431376-6.patch	2.72 KB	DrewMathers

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

ronliskey CreditAttribution: ronliskey commented 18 April 2009 at 19:36

I'm having this problem too using HostGator. Looking forward to a solution.

Comment #2

dbr CreditAttribution: dbr commented 27 April 2009 at 13:52

Assigned:	Unassigned	» dbr
Status:	Active	» Postponed (maintainer needs more info)

For information: does it work in your setup if you manually change the code to use port 80 instead of 25?

Comment #3

SDM-MINK CreditAttribution: SDM-MINK commented 12 May 2009 at 07:55

Where in setup can I make this change? Can you give me the file name & line number so that I can test? Thanks!

Comment #4

dbr CreditAttribution: dbr commented 13 May 2009 at 07:29

There are two occurences of the port number "25" to change:

email_verify.inc.php line 39: $connect = @fsockopen($smtp, 25, $errno, $errstr, 15);
email_verify.install line 41: $connect = @fsockopen($smtp, 25, $errno, $errstr, 15);

Comment #5

DrewMathers CreditAttribution: DrewMathers commented 16 April 2011 at 14:15

Unfortunately, changing the fsockopen() port number will not allow this module to work correctly, even though the change may allow you to enable the module. The problem is that this module must use a technique called Recipient Address Verification, which requires it to connect to the recipient mail server, not your mail server. The recipient mail server will always be listening in port 25. Many shared hosts block port 25 as a security measure against spambots. Hosting your own site locally may not help either, as many ISPs also block port 25 for the same reason.

Comment #6

DrewMathers CreditAttribution: DrewMathers commented 18 April 2011 at 01:44

Title:

fscokopen() not open on port 25

» Running with shared hosting security

File	Size
_email_verify_431376-6.patch	2.72 KB

This patch will adapt Email Verify in secure shared hosting environments. If the fsockopen() function is disabled or port 25 is blocked, Email Verify will still enable, but it will check only the address syntax and the validity of the domain name. The mailbox name will not be checked.

If port 25 is blocked, the first-time enable will take a long time because you have to wait for the connection to time out. If this happens, the fact will be stored in a variable so this time-consuming check can be skipped on subsequent enable/disable cycles. If your host should later open port 25, you can clear this variable by disabling the module and running /admin/build/modules/uninstall

The patch is built on the current -dev snapshot. However the -dev snapshot first requires this patch in order to run #508004-20: Email Verify requires the server of a version of PHP 5.3 on Windows?

The patch was created in the new -p1 format

Comment #7

DrewMathers CreditAttribution: DrewMathers commented 18 April 2011 at 01:45

Status:

Postponed (maintainer needs more info)

» Needs review

Comment #8

oadaeh CreditAttribution: oadaeh at Hook 42 commented 25 February 2016 at 18:33

Assigned:	dbr	» Unassigned
Issue summary:	View changes
Status:	Needs review	» Closed (won't fix)

Due to Drupal 6's EOL, I am closing this with "won't fix." If you feel this is still valid for any of the 7.x branches, feel free to re-open and update this issue.