emails not sending from specific address

jimpett81 · January 18, 2017, 20:30:28 PM

Hi,

I have an odd issue with emails not sending to the administrator (or the customer) on order confirmation. I get all the relevant PayPal emails but not the confirmation from joomla, we send our own confirmation to the customer so the main issue is our copy. What makes this odd is that only when I use a specific email as the send from do I get the problems. The email address works fine in all other respects and I can use any other email to make it work. Could there be any restrictions as to what address we can send from?

Thanks,

James

Joomla! 3.6.3 VirtueMart 3.0.18

jenkinhill · January 18, 2017, 23:34:30 PM

Sounds like some anti-spam setting on the host server. VM/J don't discriminate against email addresses. I sssume that PayPal returns a confirmed order status so the mail could be triggered?

Quote
Joomla! 3.6.3

Did you miss the security releases?
https://www.joomla.org/announcements/release-news/5677-important-security-announcement-pre-release-364.html
https://www.joomla.org/announcements/release-news/5678-joomla-3-6-4-released.html
https://www.joomla.org/announcements/release-news/5693-joomla-3-6-5-released.html

http://forum.virtuemart.net/index.php?topic=118683.0

jimpett81 · January 23, 2017, 09:37:33 AM

Hi,

Sorry for my late reply and thanks for yours. I will check the spam settings and see what is going on there.

Will I need to update my Joomla to remain secure? Is there a way that I can update without changing my css?

Thanks,

James

jenkinhill · January 23, 2017, 11:30:48 AM

Yes, not updating Joomla does leave your site at serious risk. If you have left it this long there is a reasonable possibility that hackers have already called. One sign of this is the appearance of new admin users in the BE, although in some cases hackers have been able to register as admins, add site backdoors, and then delete the admin account. A webshop needs to be secure at all times.

Any custom CSS is related to your template, so would not get overwritten by a Joomla update.

jimpett81 · January 23, 2017, 12:52:11 PM

Okay,

Thanks for the help. I can see that the site has some random admin users in the BE. Should I delete them? Also, does joomla create any BE admin users for updates etc? I have some admin users called updater and joom.

We have had issues with security and by the sounds of it, this could be related to updates. Do you know of any services or procedures for spotting and removing the back doors we may have? I am worried that even after updating we will get issues.

Thanks,

James

Jörgen · January 23, 2017, 13:10:53 PM

Hello

Check out Your list of users.
You can order after userid and se when these bogus users registered. Then You have the date from when You should restore Your earliest backup. They could have made serious damage and have probably left some back doors and users then can login with. Inactivate ALL usérs that should not have admin rights. Delete thoose users or make them inactive asap.

Hope You will get out of this with the least of trouble.

regards

Jörgen @ Kreativ Fotografi

jenkinhill · January 23, 2017, 13:55:36 PM

OK your site has been hacked then, and you should consider that any shopper data stored on the site has been compromised. In any case it should be taken off-line. You could have a safety audit done by Phil Taylor at https://myjoomla.com (even though he appears to dislike VM) if you wish, but site recovery is usually not too difficult. The first recorded hacking attempts involving versions earlier than J3.6.4 were on 24th October 2016 so potentially you could install a backup taken before that date and then update it to latest versions.

I have recovered many sites from hacking on behalf of clients who did not have clean backups, and it does not take long to do as long as the database is OK - a check through the db tables is advised, though. The database contains all the site data and configuration.

You build a new site (I do this on localhost) using exactly the same versions of Joomla, VM and any other extensions, plugins etc, but with no content added. Then copy over the images directory from the compromised site (after checking that all files there are actual images or the blank index.php file that Joomla adds to every directory) and any custom css files & template overrides (after checking them for malicious code). Then attach that new installation to a copy of the original site database, update Joomla & any other extensions. Check functions are OK, and if so then shift it to the live server.

jimpett81 · January 23, 2017, 14:40:04 PM

Okay, I have nearly finished updating our sites and will look at any potential hacks. It seems that only the one site has the extra users, so that's good at least. Thankfully we don't have any shopper data on the site, all customers are unregistered and we do not store any details in the DB other than the orders, I realise this could still be sensitive though.

I think I can run through the process you describe so will give it a go asap.

Thanks,

James

GJC Web Design · January 23, 2017, 15:13:08 PM

QuoteIt seems that only the one site has the extra users

it isn't the fact of new admins that is the problem .. it is what the did and left behind while they were there!

Also they can have done their dirty work, installed call back scripts and back doors and then deleted all traces of being there.. so u have to consider that any site that wasn't updated immediately as potentially hacked

A large web studio I do work for also uses the https://myjoomla.com scans and for the many hacked sites I have fixed the reports were very valuable.
Never under estimate just how clever hackers are at covering their tracks, inserting seemingly perfectly kosher code or files with perfectly sensible names that get left there no matter how many times u think u refreshed Joomla etc

jimpett81 · January 23, 2017, 15:26:01 PM

Hi,

I will look in to scanning the sites as I agree that they are all at risk if they were left out of date.

Going back to my original email issue, I have just received an email that may shed some light but I am not sure how to proceed, it is below:

Please check your server that handles PayPal Instant Payment Notifications (IPN). Instant Payment Notifications sent to the following URL(s) are failing:

I will contact out hosting company to see if this is something for them but I wonder if it could be a joomla issue? My server is a plesk panel Virtual server.

Regards,

James

Studio 42 · January 24, 2017, 00:52:40 AM

n some case you need to add your website in the IPN setting in paypal directly. I Had some issue and paypal in some sites and this solved it 50% of case.
Another problem can be the paypals IP. I don't know if paypal added new IP for notifications last weeks ?

jimpett81 · January 24, 2017, 13:03:40 PM

Okay, thanks. I can see that in my PayPal account IPN's are disabled. Although, when I look at the other PP account we have, this is also disabled and we have no warnings for that site? Is this something that I need to do or is it not essential? I am not sure now if this is related to our email issue.

Thanks,

James

Studio 42 · January 24, 2017, 15:07:10 PM

paypal statut change send confirmation mails.
If the statut is changed to éconfirmed" then paypal work and the problem is your email settings or server.

jimpett81 · January 24, 2017, 18:26:26 PM

Hi,

Just to let you all know I have solved this issue by changing settings in my plesk panel. The issue was that server was sending them locally, I simply unchecked the Activate mail service on this domain setting and all is well.

Thanks for all the help, I've updated my Joomla and been through some useful information in the process.

Regards,

James

News:

emails not sending from specific address