Hi!
I have a small online Moodle test site which is getting very low traffic. Since updating to Moodle 4.0 I am regularly getting spam messages from the Contact site support link on my site home page.
The messages I get clearly state "Be careful with this message. The sender was not logged in, so their identity has not been confirmed."
But I'd rather find a way to totally remove the Contact site support link, as it is useless on my site.
Any ideas?
What theme are you using? Am not seeing a contact support link at bottom of
tinker site using Classic.
in a 4.0, Site Admin -> Server -> Outgoing mail configuration
there is a noreply address, which, if I recall, when I upgraded that site to 4.0 complained about the 'false noreply' I had in config.
There is now an Email Diverting config box which has this comment/diz:
"Used as a safeguard in development environments when testing emails and should not be used in production."
Other settings there as well.
One could add a line to config.php
$CFG->divertallemailsto='nouser@FQDNofserver';
where 'nouser' is really 'non-existent' and the @FQDNofserver is the true FQDN of your server.
The test sending of mail tool does not work then.
You might also check your server web server logs for the IP addresses hitting that support email address on your server ... and use your servers firewall to drop the ip or the range of IP addresses that IP includes (drop zone). Am using the drop zone quite often now for my 'tinker sites'! (5358 entries over the last few years)
'SoS', Ken
In Boost, ? icon does show and does have a 'contact' link contained in popup box ... not in Classic. Have set a course to Boost and ? is there but one must login to see it.
Good to know, though! Thanks!
'SoS', Ken
Well ... appears I've not followed what I use to 'preach' .... RATS (Read All the Screen!) ... there is a ? icon ... lower right on login form page - have seen it, but it didn't register with my feeble!
For the OP ... did read the tracker submission ... kinda complicated setup there.
Simpler? ....
the access to look for in your server logs:
/user/contactsitesupport.php and it is a POST
fgrep "POST" /var/log/httpd/ssl_access_log
should show IP, date/time it was called.
With:
$CFG->divertallemailsto='nouser@FQDNofSERVER';
There is no 'nouser' on that system.
Tested without logging on.
It was logged and can the reference in the logs.
The form reported successfully sending, but ... no mail.
Should you ever want to use that feature on your sandbox server, easy fix is to comment out that divert line in config.php.
'SoS', Ken
"The sender was not logged in" ... that's not good! :|
Still have one of those messages in your inbox? If so, please look at the full header
There should be a line below Subject line that shows:
X-Moodle-Originating-Script
Also read from subject line upwards ... initial reference should be to your servers phpmailer (default if no SMTP setup) and note each 'received by' line.
Also, check your apache logs ... see if you can determine an IP address that used any php script involved.
'SoS', Ken
