Hockey Dad Posted October 3, 2021 Share Posted October 3, 2021 (edited) I am getting multiple email bounce backs from my email server (I operate my own entire rack) which are spawning from my forum site. It looks like spammers are trying to leverage some function within the software to spawn messages out of the system. Please review the information below. I believe we are going to need a software patch to fix this. I would appreciate feedback or a patch to prevent this abuse. I am running the most current version of the forum software. here are what the email logs look like: [02/Oct/2021 21:13:28] Recv: Queue-ID: 615903b8-00001b51, Service: SMTP, From: <forums@zzzz.net>, To: <unlyawapsor0e@mail.com>, Size: 10191, Sender-Host: ws.zzzyx.local, User: forums@zzzz.net, Subject: Did you forget to submit your content? [02/Oct/2021 21:13:30] Recv: Queue-ID: 615903ba-00001b52, Service: DSN, From: <>, To: <forums@zzzz.net>, Size: 2123, Report: failed, Subject: Returned email: Did you forget to submit your content?, Msg-Id: <189940140-896@mail.xxx.com> [02/Oct/2021 21:13:30] Sent: Queue-ID: 615903b8-00001b51, Recipient: <unlyawapsor0e@mail.com>, Result: failed, Status: 5.1.8 550-Requested action not taken: mailbox unavailable [02/Oct/2021 21:13:30] 550 invalid DNS MX or A/AAAA resource record, Remote-Host: mx00.mail.com [03/Oct/2021 10:44:31] Recv: Queue-ID: 6159c1cf-00001dab, Service: SMTP, From: <forums@zzzz.net>, To: <lojuggrufaecesranoz@mail.com>, Size: 10199, Sender-Host: ws.zzzyx.local, User: forums@zzzz.net, Subject: Did you forget to submit your content? [03/Oct/2021 10:44:33] Recv: Queue-ID: 6159c1d0-00001dad, Service: DSN, From: <>, To: <forums@zzzz.net>, Size: 2145, Report: failed, Subject: Returned email: Did you forget to submit your content?, Msg-Id: <238603140-3092@mail.xxx.com> [03/Oct/2021 10:44:33] Sent: Queue-ID: 6159c1cf-00001dab, Recipient: <lojuggrufaecesranoz@mail.com>, Result: failed, Status: 5.1.8 550-Requested action not taken: mailbox unavailable [03/Oct/2021 10:44:33] 550 invalid DNS MX or A/AAAA resource record, Remote-Host: mx01.mail.com this is the bounce back email content: This is an informative message sent by mail.xxx.com. The server was not able to deliver your email message Subject: Did you forget to submit your content? Date: Sun, 03 Oct 2021 14:44:31 +0000 to the following addresses: <lojuggrufaecesranoz@mail.com> (mx01.mail.com: 550-Requested action not take n: mailbox unavailable 550 invalid DNS MX or A/AAAA resource record) the string above comes from the file \www\applications\core\data\lang.xml <word key="mailsub__core_postBeforeRegisterFollowup" js="0">Did you forget to submit your content?</word> here are the web log files for the 10/3/21 10:44:31 incident: 2021-10-03 14:44:31 10.1.1.34 GET / - 443 - 172.58.206.209 Mozilla/5.0+(Linux;+Android+11;+Pixel+3a+XL)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/94.0.4606.61+Mobile+Safari/537.36 - 200 0 0 18706 609 2021-10-03 14:44:31 10.1.1.34 GET /uploads/javascript_core/front_front_core.js v=22d7bceccd1632874820 443 - 172.58.206.209 Mozilla/5.0+(Linux;+Android+11;+Pixel+3a+XL)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/94.0.4606.61+Mobile+Safari/537.36 https://www.zzzz.net/ 304 0 0 162 62 2021-10-03 14:44:31 10.1.1.34 GET /uploads/javascript_core/global_global_core.js v=22d7bceccd1632874820 443 - 172.58.206.209 Mozilla/5.0+(Linux;+Android+11;+Pixel+3a+XL)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/94.0.4606.61+Mobile+Safari/537.36 https://www.zzzz.net/ 304 0 0 161 62 2021-10-03 14:44:31 10.1.1.34 GET /uploads/javascript_forums/front_front_forum.js v=22d7bceccd1632874820 443 - 172.58.206.209 Mozilla/5.0+(Linux;+Android+11;+Pixel+3a+XL)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/94.0.4606.61+Mobile+Safari/537.36 https://www.zzzz.net/ 304 0 0 162 93 2021-10-03 14:44:34 10.1.1.34 GET /uploads/javascript_core/front_front_widgets.js v=22d7bceccd1632874820&csrfKey=&antiCache=22d7bceccd1632874820 443 - 172.58.206.209 Mozilla/5.0+(Linux;+Android+11;+Pixel+3a+XL)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/94.0.4606.61+Mobile+Safari/537.36 https://www.zzzz.net/ 304 0 0 162 62 2021-10-03 14:44:35 10.1.1.34 GET /index.php app=core&module=system&controller=serviceworker&v=22d7bceccd1632874820 443 - 172.58.206.209 Mozilla/5.0+(Linux;+Android+11;+Pixel+3a+XL)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/94.0.4606.61+Mobile+Safari/537.36 https://www.zzzz.net/index.php?app=core&module=system&controller=serviceworker&v=22d7bceccd1632874820 200 0 0 5317 171 Edited October 3, 2021 by Hockey Dad Link to comment Share on other sites More sharing options...
opentype Posted October 3, 2021 Share Posted October 3, 2021 Looks like a legitimate message that gets sent out for incomplete “post before register” submissions. If you want to prevent that, you would need to turn off Post before Register. If you allow guest submissions, you also get bounces like that. It’s in the nature of this functionality. Link to comment Share on other sites More sharing options...
Hockey Dad Posted October 3, 2021 Author Share Posted October 3, 2021 Just now, opentype said: Looks like a legitimate message that gets sent out for incomplete “post before register” submissions. If you want to prevent that, you would need to turn off Post before Register. If you allow guest submissions, you also get bounces like that. It’s in the nature of this functionality. Thanks for the quick reply. Where is this setting please? Link to comment Share on other sites More sharing options...
Solution Daniel F Posted October 3, 2021 Solution Share Posted October 3, 2021 1 hour ago, Hockey Dad said: Thanks for the quick reply. Where is this setting please? ACP => System => Postings. The setting is called "Post Before Registering" Hint: You can always use our ACP live search to find such stuff;) Miss_B 1 Link to comment Share on other sites More sharing options...
Recommended Posts