Just had a few orders attempted using square and I received a complaint from a customer saying they received
RCPT TO not accepted from server!
After a bit of research and questioning it turns out they used my real domain as their email address i.e noreply@mydomain.com. Sure enough when I tried to run a transaction using the same it also received that RCPT TO not accepted from server! on the checkout page.
Suggestions on how to prevent this from happening when people put in my domain?
Thanks,
Mike
Are you saying that your customers are using your domain email address in the customers email field for checkout purposes ?
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
In OC2.0.2.3 did not set the mail headers for
$mail->setFrom or $mail->setReplyTo
I dont know condors version but I suspect it is still related.
You can download OC3.0.4.0 and check those against what you have to see if this is the issue.
catalog/model/checkout/order.php
catalog/controller/information/contact.php
catalog/model/catalog/review.php
That aside, I dont think it is good to allow that. Not due to the customers not wanting to put in an email address but spam reasons.
Personally I would resolve the issue using regex / validation to come up with an error if your store email is used.
$mail->setFrom or $mail->setReplyTo
I dont know condors version but I suspect it is still related.
You can download OC3.0.4.0 and check those against what you have to see if this is the issue.
catalog/model/checkout/order.php
catalog/controller/information/contact.php
catalog/model/catalog/review.php
That aside, I dont think it is good to allow that. Not due to the customers not wanting to put in an email address but spam reasons.
Personally I would resolve the issue using regex / validation to come up with an error if your store email is used.
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
It has nothing to do with the OC it self but rather with your host, Check your mail server , for example if you are using exim you want to allow domains rely etc.
Also let your customer use some google free account. Because if they spam others with their site it will be your ip which will be marked as spam origin.
Also let your customer use some google free account. Because if they spam others with their site it will be your ip which will be marked as spam origin.
Got an urgent question that’s keeping you up at night? There might just be a magical inbox ready to help: khnaz35@gmail.com
Enjoy nature 
Could you clarify? I don't restrict my customers from using any email account it just popped up as an issue when they used my domain as a bogus email...khnaz35 wrote: ↑Wed Nov 27, 2024 5:28 pmIt has nothing to do with the OC it self but rather with your host, Check your mail server , for example if you are using exim you want to allow domains rely etc.
Also let your customer use some google free account. Because if they spam others with their site it will be your ip which will be marked as spam origin.
Thank you,
Mike
cue4cheap not cheap quality
I'll have to look around for where to implement the regex check.by mona wrote: ↑Wed Nov 27, 2024 10:24 amIn OC2.0.2.3 did not set the mail headers for
$mail->setFrom or $mail->setReplyTo
I dont know condors version but I suspect it is still related.
You can download OC3.0.4.0 and check those against what you have to see if this is the issue.
catalog/model/checkout/order.php
catalog/controller/information/contact.php
catalog/model/catalog/review.php
That aside, I dont think it is good to allow that. Not due to the customers not wanting to put in an email address but spam reasons.
Personally I would resolve the issue using regex / validation to come up with an error if your store email is used.
Thank you for the suggestion.
Mike
cue4cheap not cheap quality
Sounds like for serious payment issues like this you should probably pay a developer from the Commercial Support Forum.
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
Got an urgent question that’s keeping you up at night? There might just be a magical inbox ready to help: khnaz35@gmail.com
Enjoy nature
It isn't a "serious payment issue"... it actually happens on all when someone tries to use my domain in their email address, just square is the only one that showed the alert. In the many years I've used opencart, and been with this webhost, this is the first time I've ever known of someone trying to use my domain for an order. Besides I wouldn't fill any order if someone was actually successful making an order and used my domain in their email address so I'm fine having it error but I'll take mona's suggestion to capture the email and make sure others don't use my domain or khnaz35 suggestion to check with my webhost.paulfeakins wrote: ↑Thu Nov 28, 2024 8:59 pmSounds like for serious payment issues like this you should probably pay a developer from the Commercial Support Forum.
Mike
cue4cheap not cheap quality
Your email validation for guest checkout (which is not condors version) is currently something like this
catalog/controller/checkout/guest
Presuming you are using php 8, you can use str_ends_with to check it is not your domain.
For simplicity just add "or entered an invalid domain" into the error_email in the language file.
No need to get into specifics or make life more complicated than that, anyone who does it will know it applies to them and why ! !
The only complication is if you need your store email for yourself for testing purposes, but there is gmail, there is modifications you can turn off temporarily - not a big deal imo. Personally I would not add a "whitelist" of any store emails, but you could do that.
catalog/controller/checkout/guest
Code: Select all
if ((utf8_strlen($this->request->post['email']) > 96) || !preg_match('/^[^\@]+@.*.[a-z]{2,15}$/i', $this->request->post['email'])) {
$json['error']['email'] = $this->language->get('error_email');
}
For simplicity just add "or entered an invalid domain" into the error_email in the language file.
No need to get into specifics or make life more complicated than that, anyone who does it will know it applies to them and why ! !
The only complication is if you need your store email for yourself for testing purposes, but there is gmail, there is modifications you can turn off temporarily - not a big deal imo. Personally I would not add a "whitelist" of any store emails, but you could do that.
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
If you allow other stores to use your email on their domain, your host must update configurations to ensure proper email delivery and avoid being flagged as spam. They need to modify DNS records like SPF (authorize sending domains), DKIM (add digital signatures), and DMARC (set email policies). Additionally, the mail server may require relaying permissions for authenticated senders. Mismanagement can lead to spam risks, so ensure secure setups and strict authentication.
Got an urgent question that’s keeping you up at night? There might just be a magical inbox ready to help: khnaz35@gmail.com
Enjoy nature
@khnaz35khnaz35 wrote: ↑Fri Nov 29, 2024 8:06 pmIf you allow other stores to use your email on their domain, your host must update configurations to ensure proper email delivery and avoid being flagged as spam. They need to modify DNS records like SPF (authorize sending domains), DKIM (add digital signatures), and DMARC (set email policies). Additionally, the mail server may require relaying permissions for authenticated senders. Mismanagement can lead to spam risks, so ensure secure setups and strict authentication.
Maybe I missed it, but I dont see anywhere that Mike said other sites use his store address, he said that his customers use his store address in there email field
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
He mentioned they used my real domain as their email address i.e noreply@mydomain.com.
Got an urgent question that’s keeping you up at night? There might just be a magical inbox ready to help: khnaz35@gmail.com
Enjoy nature
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
Ah a little confusion I think...khnaz35 wrote: ↑Fri Nov 29, 2024 10:51 pmHe mentioned they used my real domain as their email address i.e noreply@mydomain.com.
This is a customer using our domain in their email they provided for the order, not other sites. So instead of customer@gmail.com they used customer@mydomain.com. Sorry for the confusion.
Mike
cue4cheap not cheap quality
Awesome. Now I don't need to figure it out! With thanksgiving family, and black friday this was going to be looked at later.by mona wrote: ↑Fri Nov 29, 2024 3:40 pmYour email validation for guest checkout (which is not condors version) is currently something like this
catalog/controller/checkout/guestPresuming you are using php 8, you can use str_ends_with to check it is not your domain.Code: Select all
if ((utf8_strlen($this->request->post['email']) > 96) || !preg_match('/^[^\@]+@.*.[a-z]{2,15}$/i', $this->request->post['email'])) { $json['error']['email'] = $this->language->get('error_email'); }
For simplicity just add "or entered an invalid domain" into the error_email in the language file.
No need to get into specifics or make life more complicated than that, anyone who does it will know it applies to them and why ! !
The only complication is if you need your store email for yourself for testing purposes, but there is gmail, there is modifications you can turn off temporarily - not a big deal imo. Personally I would not add a "whitelist" of any store emails, but you could do that.
Thank you Mona!
Mike
cue4cheap not cheap quality
Who is online
Users browsing this forum: Semrush [Bot] and 108 guests
