You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
as an introductory note, please do accept my apologies for opening this issue - I'm neither a developer or user reporting, but a sysadmin with a spam problem at hand.
One of our customers is relying on your extension to curate their member area for their customers.
Due to yet unknown circumstances, they managed to send one (yes, a single) sign-up mail to a mailserver with probably a very eager postmaster and protected with the UCEPROTECT blacklist, because we spotted this log message:
status=bounced (host mailgate1.xxx[77.235.x.x] said: 550 Your IP will be reported for abuse - better watch out next time.
Obviously, being blacklisted caused troubles for other customers until outbound mail-traffic was re-routed.
After checking the logs, we found this entry in the PHP mail log:
Dear maintainers,
as an introductory note, please do accept my apologies for opening this issue - I'm neither a developer or user reporting, but a sysadmin with a spam problem at hand.
One of our customers is relying on your extension to curate their member area for their customers.
Due to yet unknown circumstances, they managed to send one (yes, a single) sign-up mail to a mailserver with probably a very eager postmaster and protected with the UCEPROTECT blacklist, because we spotted this log message:
Obviously, being blacklisted caused troubles for other customers until outbound mail-traffic was re-routed.
After checking the logs, we found this entry in the PHP mail log:
Obfuscated are only the recipient, the sender and the hostname in the message-ID. The
Reply-To
is unaltered - and matches your default settings:The customer has already been notified about the incident and has been asked to change the defaults as well not to rely on sendmail any more.
For future releases, I'd like to urge you to completely remove the default reply-to setting:
From
.example.com
will also result in wrong-routed responses, if users do not fully pay attention.I will provide a PR as well, if this is desired.
Thank you very much for considering sane defaults for the webmaster - and please again accept my apologies for opening this issue at all.
Best,
Anton
The text was updated successfully, but these errors were encountered: