Author Topic: PHPIDS: mailserver blacklisted, mails from: test@test.com.invalid (Read 1173 times)

Onsemeliot · February 26, 2015, 07:46:26 am

On two CiviCRM installations on our server we just found out tousands of emails get sent out each day from the address: "test@test.com". We found the mailaddress: "test@test.com.invalid" in the following file: "domain.com/web/sites/all/modules/civicrm/packages/IDS/Config/Config.ini.php". PHPIDS seems to be a tool for dedecting intrusions. But why does it send out emails?

The skript seems to not use the common mail()-function. Therefore we do not get the normal error reporting. Only some very old non-related output to: "domain.com/web/sites/all/modules/civicrm/packages/IDS/tmp/phpids_log.txt".

But our server "Mail Queue" contains hundreds of lines like this:

Quote

AC959528C51 1210 Wed Feb 25 06:28:20 test@test.com
(host mx2.virgilio.it[212.48.24.40] refused to talk to me: 550 smtp-40.iol.local bizsmtp IP blacklisted by CSI. For remediation please use http://csi.cloudmark.com/reset-request/?ip=212.232.31.59 [smtp-40.iol.local; VIR_102])
pellegrino-roberta@virgilio.it

Mostly ".it"-domains seem to be the targeted. Unfortunately our mail server got blacklisted already.

Can anyone offer clues?

Onsemeliot · March 09, 2015, 06:41:47 am

We managed to get rid of the spam by allowing SMPT-Mails only if the sender is authentificated properly. Therefore we blocked such spam to originate from our server, but I still have no clue how CiviMail has been abused and what I could possibly do to avoid such things in the future as well from CiviCRM side without relying on our SMTP configuration only.

CiviCRM Community Forums (archive)

News:

Author Topic: PHPIDS: mailserver blacklisted, mails from: test@test.com.invalid (Read 1173 times)

Onsemeliot

PHPIDS: mailserver blacklisted, mails from: test@test.com.invalid

Onsemeliot

Re: PHPIDS: mailserver blacklisted, mails from: test@test.com.invalid