Wordpress - Contact Form 7 - Blacklist "Reply To" email address

Discussion in 'Installation/Configuration' started by HappierTimesAhead, Sep 12, 2021.

  1. HappierTimesAhead

    HappierTimesAhead New Member

    Hi,

    We have a couple of Wordpress sites on different domains that use the "Contact Form 7" plugin. We also have the "ReCaptcha v2 for Contact Form 7" plugin active. We are receiving untold amounts of spam from one email address - [email protected]

    I am having problems creating a blacklist for this email address as Contact Form 7 forwards the messages to an internal email address as the "From" email address which I obviously cannot blacklist!

    My question is how can I ban a "Reply To" email address which contains the offending email address?

    As always many thanks in advance for any help on this

    HTA
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  3. HappierTimesAhead

    HappierTimesAhead New Member

    Hi,

    My apologies for that - I thought I had the info in my Signature!

    We are not using Wordfence.

    TBH I do not use Wordpress myself - this is for a couple of clients.

    The issue is that Contact Form 7 sends the form message to an internal email address belonging to each domain. This is from the Headers of the received email: -

    (Authenticated sender: ###[email protected])
    Date: Sun, 12 Sep 2021 08:56:42 +0000
    To: ### ## <###[email protected]>
    From: ### ## <###[email protected]>
    Reply-To: [email protected]

    We really need to be able to BlackList the Reply-To: [email protected]

    As always, many thanks for your kind help

    HTA
     
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Adding this under Email -> Content filter should work:
    /^Reply-To: [email protected]/

    upload_2021-9-12_16-53-59.png
     
    HappierTimesAhead likes this.
  5. HappierTimesAhead

    HappierTimesAhead New Member

    Hi Thom,

    Many thanks for your kind help.

    I have implemented your solution and hopefully that will have sorted the issue.

    Very kind of you to take the time out and provide a solution

    With kind regards

    HTA
     
    Th0m likes this.
  6. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    just discarding the mail, to me, seems to be hiding the symptoms, rather the solving the problem.

    can you not check the website logs, see if all these requests for the feedback form page are coming from the same ip, or a limited set of ip's and then block those ip's? this is also something wordfence may help with.
    another option is to update the recaptcha to v3, it may be more effective at blocking this form submission than v2.

    these options, if they work, should reduce the load on both the website and the mail system, and you still have the option of discarding mails using that reply-to address if they do fail for any reason.
     
    HappierTimesAhead likes this.
  7. HappierTimesAhead

    HappierTimesAhead New Member

    @nhybgtvfr
    Hi, thanks for the update.
    I hear what you are saying but this guy ([email protected]) is a prolific spam / con artist!
    Google his email address and you will see he has been at it for years!
    No chance of blocking his IP Address as it keeps changing!
    I am not very savvy with Regexp Patterns but could do to add a couple more examples that he is using in the body of the emails: -
    Telephone Number: 555-555-1212
    Talk With Web Visitor
    https:// talkwithwebvisitors . com
    Imagine how powerful this could be
    FREE 14 days trial

    The above are some samples from his emails that I'd love to check for
    Kind regards
    HTA
     
    Last edited by a moderator: Sep 13, 2021
  8. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Postfix isn't the right place to start writing custom spam filtering rules, write those in your spamfilter's language (amavisd+spamassassin or rspamd). Postfix's body rules are very limited compared to those, can't compensate for false positives, and don't scale well.

    I concur with working on stopping it at the wordpress level if at all possible. If you aren't using google recaptcha v3 on those forms, I would start with that. If you aren't allowed to fix the sites yourself, consider shutting them down, or blocking all mail from them until the site owners fix the problem.
     
    HappierTimesAhead likes this.
  9. HappierTimesAhead

    HappierTimesAhead New Member

    Hi Jesse,

    Many thanks for the update.
    I was actually referring to ispconfig -> Email -> Content filter as suggested by @Th0m
    I have just finished updating the sites from recaptcha v2 to recaptcha v3 so fingers crossed this will also help?
    With kind regards
    HTA
     
  10. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Yes, that's an interface which creates postfix header_checks and body_checks in the back end.

    I see very little contact form spam with recaptcha v3 in effect (and didn't use v2 due to the user interface). You might also verify that the mail is coming through the contact form, maybe it's being sent in another manner.
     
    HappierTimesAhead likes this.

Share This Page