cancel
Showing results for 
Search instead for 
Did you mean: 

Spam using sendmail.php

Spam using sendmail.php

Hi. 

I just installed magento 2.1.x , i have configured my postfix dovecot to use TLS/SSL . although i been struggling to get the contact us page to send emails ( keeps sending to example.com) . i just noticed spammers directly accessing this path to spam . 

/vendor/magento/zendframework1/library/Zend/Mail/Transport/Sendmail.php

content of the spam is encrypted .. and looks like is been created to reroute from contact us page to other email users not on my server. 

File folder permission are set as per magento 2 doc .. so im wondering what is really going on .. 

 any info would be appreciated. 

1 REPLY 1

Re: Spam using sendmail.php

As of 2.2.6, this is still happening.  Verified by:

 

- mail.add_X_header=on in php.ini

- restart apache

- wait for days to finally catch one that hangs

- mailq to get the unique mail ID of the queued spam

- postcat -q <ID>

- Looked for X-PHP-Originating-Script:  header

- Found Sendmail.php