Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Spam using sendmail.php

‎08-05-2018 12:25 PM
‎08-05-2018 12:25 PM

Spam using sendmail.php

Hi. 

I just installed magento 2.1.x , i have configured my postfix dovecot to use TLS/SSL . although i been struggling to get the contact us page to send emails ( keeps sending to example.com) . i just noticed spammers directly accessing this path to spam . 

/vendor/magento/zendframework1/library/Zend/Mail/Transport/Sendmail.php

content of the spam is encrypted .. and looks like is been created to reroute from contact us page to other email users not on my server. 

File folder permission are set as per magento 2 doc .. so im wondering what is really going on .. 

 any info would be appreciated. 

Labels:
0 Kudos
Reply
1 REPLY 1
‎11-26-2018 09:13 AM
‎11-26-2018 09:13 AM

Re: Spam using sendmail.php

As of 2.2.6, this is still happening.  Verified by:

 

- mail.add_X_header=on in php.ini

- restart apache

- wait for days to finally catch one that hangs

- mailq to get the unique mail ID of the queued spam

- postcat -q <ID>

- Looked for X-PHP-Originating-Script:  header

- Found Sendmail.php

0 Kudos
Reply