Rotating IPs and web hook security

Lakjin

Active Member
I'm getting ready to update to v2 of MailWizz and thought I should provide a suggestion for two features which I think MailWizz needs. I've been manually adding this to MailWizz myself every time I upgrade, but having the features natively into MailWizz would be awesome.

1. The ability to rotate the IPs that are used to make API calls. Some service providers limit the number of API calls per IP address per minute. For high senders, that means you need more than one IP address to use API calls. It would be great if MailWizz added a feature that allowed us to do that. Right now, I accomplish this by editing `/apps/common/models/DeliveryServerXXXWebApi.php` as follows:

Code:
            /* STUFF I ADDED START */
            $ipAddress = array('xxx',
                                    'yyy',
                                    'zzz');
            shuffle($ipAddress);
            /* STUFF I ADDED END */
              
            $response = (new GuzzleHttp\Client())->post('https://api.xxx', [
                'headers'   => [
                    'Content-Type'          => 'application/json',
                    'X-xxx-ApiKey' => $this->password,
                ],
                'timeout'   => (int)$this->timeout,
                'json'      => $postData,
                /* ADDED THIS */ 'curl' => [
                    CURLOPT_INTERFACE => $ipAddress[0]
                ]
            ]);

2. The ability to add some basic authentication for the web hooks. Right now, anyone can send a web hook request to my MailWizz server and basically unsubscribe people. I only want my email service provider to be able to do that. So, the following code helps with that in `apps/frontend/controllers/DswhController.php`:

Code:
        /* I ADDED THIS */
        $protection_key = $request->getQuery('key');
        if ($protection_key != 'xxx') {
            app()->end();
            return;
        }
        /* I ADDED THIS END */

However, this requires your email service provider to support custom queries with web hooks. In other words, you tell your email service provider to include `key=xxx' in their web hook requests when pinging your MailWizz instance.
 
Instead of rotating between network IPs, It would be best if we can add a list of https/socks proxy and rotate out going requests from them. This would be really helpful to bypass API limits and also it can help from leaking server IP in e-mail header. @twisted1919 What do you think on it?
 
Why not just use round robin DNS? Add multiple IP addresses and use a URL to access your API.
 
Back
Top