Add a feature to block IP or MX domains after analyzed the SMTP response before to record the registration in DB

[ROBERT-MCDOWELL]

Describe the problem to be solved

I'm facing an attack since one week on my 2 PT instances. Registration flooding from (faked?) @outlook.com. is there a way for PT to wait the SMTP server to check if the relay was ok or not and send the registration confirmation? for now it omits it and record the registration into the database without to take care of it.

Describe the solution you would like

if the SMTP answer after the registration confirmation is NOT OK, so check the error response and eventually block the IP or MX domain after X tries...

[Chocobozzz]

Hello,

https://github.com/Chocobozzz/PeerTube/blob/develop/config/default.yaml#L444 doesn't resolve your problem?

[ROBERT-MCDOWELL]

Hi Choco, tell me if I'm wrong but when the email is fake and bounced to my postmaster and this is done as flooding, does it save it on the DB before confirmation? if yes so it's a double issue.. 1) how to stop the flood, even with email verification or moderation 2) how to avoid to flood the db

thanks!

[Chocobozzz]

I think we can add hooks so developers can create a plugin that automatically delete registrations if the verification email is bounced because the remote address doesn't exist