I brought this to attention some years ago and I got the run around about spam prevention horse s&*@, etc. So if I'm going to send an email I'll use my email client with the gmail email I have configured for the board in that method rather than the board. Plus, I worked damn hard to hide my origin IP behind CloudFlare to have my origin exposed like that which is ripe for a DDoS or syn flood, etc.KYPREO wrote: ↑Fri Feb 14, 2020 3:56 amEven if you had sent email from your IP, this origin IP would not be disclosed if it was sent via a conventional mail or web client. ISP-based mail would be sent through the ISP's mail server. The end-user origin IP is only disclosed if email is generated from the device using a direct mail client like an application sending through SMTP or PHP mail.
There is a hidden quirk in phpBB that if you generate an email through the ACP - for example, you click "Remind User" in Inactive Users to remind them to activate their account - the email header will not only have the phpBB server address, but also the origin IP address of the admin user who initiated the email. IMHO this is a completely unnecessary and is a lure for a hacker to potentially target forum administrators directly. This should be removed from phpBB or at the very least there should be text warning administrators that their personal IP is included in any ACP-generated email...but that's for another day.
I racked my brains trying to figure out how my home IP could be disclosed in an email header and concluded that it was impossible other than through email generated through the phpBB ACP. I went through the logs in the ACP and all forum generated emails and I had never used this IP address in that way nor did the IP in any email headers.
That's crazy because I use a VPN and if anything would get blocked it be my VPN and I'd have very little recourse on that. I'd have to use another location.Lumpy Burgertushie wrote: ↑Thu Feb 13, 2020 8:46 pmHi all,
I just spent two days trying to get my IP released by spamhaus.
I made a post and then a few minutes later I get this error when trying to make another post:finally today, I got my ISP support to contact spamhaus and get it released. at first the ISP support was telling me I had to deal with spamhaus but what they wanted were things that I don't have access to in order to make changes.Your IP 126.96.36.199 has been blocked because it is blacklisted. For details please see http://www.spamhaus.org/query/bl?ip=188.8.131.52.
If you click on the link it will tell you the problems.
anyway, what I wonder is why in the world is phpbb.com using spamhaus to help with spam? it has a reputation for having many false positives and other problems.
I also wonder why it would all of a suddent show up with that IP as being blacklisted after a week of working just fine.
I also wonder why it would flag it when trying to make a post. I do not have any notifications set for email etc so why would making a post set it off?
anyway, My ISP contacted spamhaus and got it removed so I can post again.
sorry for the rant.
I am totally with you there. I got fed up with running my own mail server on my webhost server. Quite apart from the issue you raise with origin IP exposure, having a mail server exposes you to constant brute force attacks on mail ports. I use hmail server and even with auto-IP bans etc as well as using IPBan (another service watching for brute force attacks and autobanning IPs), there are hundreds of login attempts a minute. Even with inbuilt virus scanning etc, I still get paranoid about the threat of viruses and malware. Then, if your IP is falsely blacklisted and it shares an IP with your web server, it can cause all sorts of havoc. I don't use phpBB for mass emails either - it is only for forum generated transactional emails.John connor wrote: ↑Fri Feb 14, 2020 4:52 amI brought this to attention some years ago and I got the run around about spam prevention horse s&*@, etc. So if I'm going to send an email I'll use my email client with the gmail email I have configured for the board in that method rather than the board. Plus, I worked damn hard to hide my origin IP behind CloudFlare to have my origin exposed like that which is ripe for a DDoS or syn flood, etc.
If you want to send a mass email look at Mail Chimp. I use the user details extension and make sure I list all users that allow emails from Admins and use that list of emails. I run two boards... the other is of an adult nature and not listed here.
Well that was a waste of time - https://tracker.phpbb.com/browse/WEBSITE-1378