Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x
Author Message
zeromechanic
Hangin' Around


Joined: Dec 15, 2005
Posts: 40
Location: Netherlands

PostPosted: Mon Dec 04, 2006 4:09 pm Reply with quote

When I installed Sentinel on a website, i was wandering why no block emails where sent, no mails at all from site. the PHP mail() function enabled.

After some research i figured out that the host(PCEXTREME.nl) has some anti_SPAM measurements built in the mail() function.

The problem was that the From: header has to be a known domain with the host, eg the hosted domain.
That was causing not sending mails, i used my gmail account as admincontact (nuke and sentinel)

after changing the mail adress in nuke i was receiving the reg. emails, but still no sentinel mails.
Sentinel uses the admincontacts as sender, and not the hosted domain email, so nothing was send.

This what i did:

open ROOT/includes/nuksentinel.php
find (row 902) :
Code:
@mail($admincontact[$i], $subject, $message,"From: $admincontact[$i]\r\nX-Mailer: "._AB_NUKESENTINEL);


and changed the From: header to the hosted domain email and the emails where coming in Very Happy
(think i could also use the adminemail from the nuke dbase Confused )

just for information if someone has the same problem.
 
View user's profile Send private message
redhairz
Worker
Worker


Joined: Nov 17, 2006
Posts: 222

PostPosted: Mon Dec 04, 2006 6:45 pm Reply with quote

i may have that problem before when testing and upgrading to 2429pl to 250. no email were sent......so zeromechanic by replacing the code above will it help?

_________________
Jesus is Alive, He is our joy, be it good times or bad time. 
View user's profile Send private message
zeromechanic
PostPosted: Tue Dec 05, 2006 2:39 pm Reply with quote

Not sure if it is version dependent. Did not check the older versions code(i did a fresh install 2.5.03, so no need).

This was a host depending issue, they added a anti-SPAM measure to the mail() function.
If this is so in your case, i don't know. Ask your host if they have this kind of anti-SPAM in the mail() option.

No mails where send at all, no feedback, no registration etc.
After fixing these, only sentinel was not sending mail.(if the admincontact email was not from the hosted domein email, in my case gmail account)

I wanted to share this with the community in case of others might have the same problem.

At first de mail() option HAS to be enabled by the host.

I think you can always try the code edit with the hosted domain mail address.

(copy and paste the original line, make the edit and comment out the original line, just in case Wink )
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Tue Dec 05, 2006 2:57 pm Reply with quote

Thats certainly an interesting post.
So what you are saying then is that your host has restricted php mail() to only allow mail to be sent where the 'from' address matches the domain name - intersting as it's not something I have come across before!
 
View user's profile Send private message Send e-mail
zeromechanic
PostPosted: Tue Dec 05, 2006 3:37 pm Reply with quote

The host created an application which is a shell around the mail() function.
This shell prevents malicious header injection so emails from another domain than the hosted one cannot be send.

reason : poorly secured websites that didn't check for code.

this measure is only applied to the mail sending from the site and if the site is running on one of their webclusters.

Now the next thing.
Maybe it is possible to add another security to Sentinel, that checks this kind of abuse.
Checking if the "From" is the God-admin and not another "domain".
just a wild guess, i'm not a PHP(nuke)/security expert.
But it may help the world a little to get rid of the SPAM

And maybe change the Sentinel code to use the God-Admin email as sender and not the admincontacts in sentinel.
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Tue Dec 05, 2006 8:19 pm Reply with quote

Well, the interesting thing is that look how easy it was for you to change your code to get this to work. It really isn't much protection for them. The most important thing for them to do is lock down the server's sendmail daemon (or whatever they are using as the mail server) to only accept connects from localhost. That will at least stop spammers from connecting remotely to send. However, just as you have seen, it doesn't take much to get a script running on your site to pass their "shell".

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©