Contact Form 7 mails are being marked like spam - wordpress

All the mails sent from a Contact Form 7 form are being marked by gmail as spam.
A hint: I looked at the option "Show Original" and I found stuff like this:
Return-Path: <www-data#localhost>
....
Received-SPF: none (google.com: www-data#localhost does not designate permitted sender hosts) client-ip=178.216.103.114;
....
Authentication-Results: mx.google.com;
spf=neutral (google.com: www-data#localhost does not designate permitted sender hosts) smtp.mail=www-data#localhost;
dmarc=fail (p=NONE dis=NONE) header.from=gmail.com
See all thos www-data#localhost ? My guess is that they have something to do with the problem (but I could be wrong).
What could I do to solve this problem on the server side?

This is a common issue with Contact Form 7 and some php mail or server settings on some hosts.
Try hardcoding the sender name in the ‘From:’ field in the ‘Mail’ section like Webmail <a-valid-address#mydomain.com> This means you won't see the sender name or email as names and return emails in your incoming mail box, but that doesn't matter much, as the sender's email will be in the body of the message.
If that doesn't work, try https://wordpress.org/plugins/wp-mail-smtp/ to use SMTP instead of php mail.
And see http://contactform7.com/faq/ and http://buzztone.com.au/contact-form-7-email-issues/

This can be solved via using "WP Mail SMTP" plugin which is for enabling SMTP auth in wordpress. Just install the plugin via wordpress admin or download and extract the plugin zip file to wordpres plugins folder. Correct permissions.
Activate "WP-Mail-SMTP" plugin in wordpress admin >> Plugins. Then go to Wordpress Admin >> Settings >> Email
Enter your email settings as mentioned in the screen shot. Make sure you have turned ON "Use SMTP authentication". If you are using remote MX, specify the remote MX instead of "localhost" in SMTP Host.

This month i had the same problem, after suffering for two weeks I found the problem.
The WordPress default CONFIG -> DISCUSSION is applying the disallowed words list to the CF7 forms.
Try adding this code snippet to your child theme functions.php file:
/**
* CONTACT FORM 7
* Disable WP Disallowed List for SPAM validation
*/
add_filter( 'wpcf7_submission_has_disallowed_words', '__return_false', 10, 2 );
It worked for me.

Related

Brute force attack / user enumeration

Since last week I keep getting alerts about failed login attempts on my wordpress site.
The first couple of days the attacker used wrong username and subsequently was locked out after 3 attempts. I use the sucuri free and wp-security plugins. The later one has a login lockdown function.
My surprise came when after a couple of days the attacker found and used my username. I immediately changed it to a new username thinking that I would be safe. I also used most of the hardening options on both plugins. I specifically checked that the string
?author=n, does not provide any results on my website.
Regardless, today I got 3 more alerts that someone tried to login with this new username, which means I am locked out of my own site for 24 hours.
This leaves me wondering:
a) how is it possible for someone to find my username?
b) is there any other plugin like cerber security that prevents these exploits?
c) is there any rule I can add to htaccess? (although I believe that sucuri and wp-security have added several rules)
many thanks!
listing users
A user can list your usernames using :
yoursite.com?author=1
Where the ID is a user_id.
You can prevent it by detecting the author page, and redirect it with this for example (put in your theme function.php):
// Disable access to author page
function remove_author_pages_page() {
global $wp_query;
if ( is_author() ) {
$wp_query->set_404();
status_header(404);
wp_redirect(get_option('home'));
}
}
add_action( 'template_redirect', 'remove_author_pages_page' );
Find username from wp-admin
A attacker can find username by tring to login on wp-admin
If a attacker enter a good username, even with a wrong password, wordpress error message changes so attacker knows that the username exist
You can add this code to your function.php to prevent wp-admin wrong login error messages giving any pieces of information.
code:
function no_wordpress_errors() {
return '<strong>Error</strong>: check your logins';
}
add_filter( 'login_errors', 'no_wordpress_errors' );
prevent wp-admin bruteforce
This is a solution I really like:
It use the wp-fail2ban plugin
Your server needs the fail2ban package installed and configured
This package allows you to ban (from iptables) IP that fails to many time to connect SSH, or brute-force a port
the wp-fail2ban plugin gives you a custom fail2ban jail to add to your fail2ban jails (wp plugin have a complete documentation about it)
with both installed, fail2ban will ban IP that fails too much on WP-admin (on the IPtable level, so PHP is not even reached. Attacker, in the end, won't use much server resources as the server will block his IP. He cannot even reach PHP)
Some other plugin (like Wordfence) also provides some security, but as it reaches PHP attacker use much more resources. But it needs less technical knowledge to implement.

WordPress contact 7 with negative response

I have created a website using WordPress. I use a GoDaddy hosting and a plugin WP-Mail-SMTP, which helps me to configure SMTP. I have disable all cache plugins.
Right now I have a problem with my contact form (plugin Contact form 7). When I fill all fields and click a submit button, I get messages: "There was an error trying to send your message. Please try again later."
I get next JSON answer from my server:
captcha:null
into:"#wpcf7-f31-p1401-o1"
mailSent: false
message: "There was an error trying to send your message. Please try again later."
I receive emails from this forms, but I can not fix issues with server response and negative answers under my form: https://www.screencast.com/t/ReyXMwJLRS. I try to disable/enable captcha, but it does not help.
Can somebody advice with this. I have checked all recommendation from https://contactform7.com/, but can not find a solution.
Best regards.
Make sure the mail on the contact form is added as an authorized email sender on your hosting server.
In WordPress the default CONFIG -> DISCUSSION is applying the disallowed words list to the CF7 forms.
Try adding this code snippet to your theme functions.php file to block it from applying to CF7:
/**
* CONTACT FORM 7
* Disable WP Disallowed List for SPAM validation
*/
add_filter( 'wpcf7_submission_has_disallowed_words', '__return_false', 10, 2 );
It worked for me.

Wordpress: Contact Form 7 Plugin Error: This email address does not belong to the same domain as the site

My wordpress installation was working fine all this time, until it upgraded contact form 7 to Version 4.4 now it has a configuration error.
"Contact Form 7 Plugin Error: This email address does not belong to the same domain as the site"
Try this, because it worked for me:
From: [first-name] [last-name] <donotreply#your-site.com>
Of course your-site.com is your domain and you might not have first and last names.
It's said that you to create a #mysite.com email with your host, maybe something like do-not-reply#mysite.com.
Hope that helps,
Change the current “your-email” to admin#yourdomain.com OR the email address that you receive messages from. It is also possible to create a new email address specifically for this purpose, you could name it “no-reply#yoursite.com”. You can drill-down more here.
Contact Form 7 Issues

Stop wordpress from sending out moderation emails

I'm having trouble with my wordpress installation sending out emails to the site admin
every time a comment is up for moderation.
This also goes for spam comments which results in the site admin getting alot of junk emails in his inbox.
Every time I google this problem I end up with the answer "Just go to Settings -> Discussion and unclick 'A comment is held for moderation'" but unfortunately this is not helping me.
So, here are my settings (some of these may be irrelevant):
I'm using wordpress' built in comment-system. No disqus or facebook comments.
I've installed the Akismet-plugin. I did try to disable the plugin, but I still get the emails.
Both "Anyone posts a comment" and "A comment is held for moderation" is NOT checked under "Settings" -> "Discussion" -> "E-mail me whenever" on the sites.
You do not have to be logged in to write a comment
The WP installation is originally a Wordpress MU installation, but I've upgraded to 3.x so it's now build into the regular wordpress installation. The installation run many blogs with different domain names and the problem occurs on all blogs AFAIK.
Most of the blogs are using the "Yashfa BRANDED!" theme
The moderation email looks like this:
Subject: [SITENAME] Please moderate: "Test spam comments"
Body:
A new comment on the post 78 "Test spam comments" is waiting for your approval
http://url/test-spam-comments/
Author : djqw21208ryfg23 (IP: XXX.XXX.XXX.XXX , XXX.XXX.XXX.XXX)
E-mail : fweuh3298f9wefg923g329#jkg23ru89g9werhj239r8h238t923.asdfhio
URL : http://feg239r239f9fg7329rfg322379fg23f3
Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=XXX.XXX.XXX.XXX
Comment:
ugly spam comment goes here...
Approve it: http://url/wp-admin/comment.php?action=mac&c=XXXXX
Delete it: http://url/wp-admin/comment.php?action=cdc&c=XXXXX
Spam it: http://url/wp-admin/comment.php?action=cdc&dt=spam&c=XXXXX
Currently 0 comments are waiting for approval.
Please visit the moderation panel:
http://url/wp-admin/moderation.php
Is there a setting I've forgotten to check?
Why do I keep on getting these emails even though I've turned off the email-settings under "Settings" -> "Discussion"?
I'm having the same problem: wordpresses sending out mails. I host some wordpress blogs for other people, who sometimes drop off the planet and don't look after them any more. I do have full access to the database, so this is my method of closing wordpress down for comments and disabeling the mail:
(this assumes the default table-prefix of wp_*)
There are two options that influence the sending of mail: comments_notify and moderation_notify. I set both to false:
UPDATE wp_options SET option_value=0 WHERE option_name LIKE "%notify";
I also delete all the un-approved comments:
DELETE FROM `wp_comments` WHERE `comment_approved` = 0;
and close all the posts and pages for further comments:
UPDATE `wp_posts` SET comment_status='closed';
and then there's still the mailqueue to clean up .... :-(

Notification mail in open atrium

I have a problem on how to send mail on notification while editing or creating any contents in open atrium.
I have followed as mentioned in below link
https://community.openatrium.com/documentation-en/node/28
but was not successful in sending mail to notified user on creating or editing of contents.
And also i wanted to send a mail to user when his credentials is changed or edited.
May can anyone help me in rectifying this issues.
Is your server/PHP enabled to send mails?
Maybe that is not the case and this is why no messages are sent.
In any way you can do a couple of tests to check that out what is wrong. For some, you will need the devel module installed:
Check if your server has the SMTP functionality installed and running (how to check this changes a lot from server to server)
Check if your PHP installation manages to send mail. There are plenty of available scripts to do this on the internet. I C&P one below.
Check if you can send mails with drupal (with the develop module installed, visit http://example.com/devel/php and use the drupal_mail() function.
Change the setting from the devel module and put the mail to "log only": this will show you if Open Atrium is at least trying to send them.
Example PHP script to test mail functionality.
$to = "recipient#example.com";
$subject = "Hi!";
$body = "Hi,\n\nHow are you?";
if (mail($to, $subject, $body)) {
echo("<p>Message successfully sent!</p>");
}
else {
echo("<p>Message delivery failed...</p>");
}
?>
HTH!
According to the OpenAtrium Installation docs, all you need to do is enable the [standard Drupal cron job]. That worked for me in my OpenAtrium installation. Just to be clear, I did not have to alter php.ini or install the Drupal SMTP module.
Documentation is not realistic. Take a look to this post:
https://community.openatrium.com/issues/node/79
Fixed installing smtp module and letting openatrium mail with PHPMailer.

Resources