Page 1 of 1
Interesting RCPT TO not accepted from server! Condor version 2.3.0.2 order email with my own domain
Posted: Wed Nov 27, 2024 7:36 am
by Cue4cheap
Just had a few orders attempted using square and I received a complaint from a customer saying they received
RCPT TO not accepted from server!
After a bit of research and questioning it turns out they used my real domain as their email address i.e
noreply@mydomain.com. Sure enough when I tried to run a transaction using the same it also received that RCPT TO not accepted from server! on the checkout page.
Suggestions on how to prevent this from happening when people put in my domain?
Thanks,
Mike
Re: Interesting RCPT TO not accepted from server! Condor version 2.3.0.2 order email with my own domain
Posted: Wed Nov 27, 2024 8:46 am
by by mona
Are you saying that your customers are using your domain email address in the customers email field for checkout purposes ?
Re: Interesting RCPT TO not accepted from server! Condor version 2.3.0.2 order email with my own domain
Posted: Wed Nov 27, 2024 9:58 am
by Cue4cheap
by mona wrote: ↑Wed Nov 27, 2024 8:46 am
Are you saying that your customers are using your domain email address in the customers email field for checkout purposes ?
That is correct. I have zero idea why but it did show an issue with the site.
Mike
Re: Interesting RCPT TO not accepted from server! Condor version 2.3.0.2 order email with my own domain
Posted: Wed Nov 27, 2024 10:24 am
by by mona
In OC2.0.2.3 did not set the mail headers for
$mail->setFrom or $mail->setReplyTo
I dont know condors version but I suspect it is still related.
You can download OC3.0.4.0 and check those against what you have to see if this is the issue.
catalog/model/checkout/order.php
catalog/controller/information/contact.php
catalog/model/catalog/review.php
That aside, I dont think it is good to allow that. Not due to the customers not wanting to put in an email address but spam reasons.
Personally I would resolve the issue using regex / validation to come up with an error if your store email is used.
Re: Interesting RCPT TO not accepted from server! Condor version 2.3.0.2 order email with my own domain
Posted: Wed Nov 27, 2024 5:28 pm
by khnaz35
It has nothing to do with the OC it self but rather with your host, Check your mail server , for example if you are using exim you want to allow domains rely etc.
Also let your customer use some google free account. Because if they spam others with their site it will be your ip which will be marked as spam origin.
Re: Interesting RCPT TO not accepted from server! Condor version 2.3.0.2 order email with my own domain
Posted: Wed Nov 27, 2024 11:14 pm
by Cue4cheap
khnaz35 wrote: ↑Wed Nov 27, 2024 5:28 pm
It has nothing to do with the OC it self but rather with your host, Check your mail server , for example if you are using exim you want to allow domains rely etc.
Also let your customer use some google free account. Because if they spam others with their site it will be your ip which will be marked as spam origin.
Could you clarify? I don't restrict my customers from using any email account it just popped up as an issue when they used my domain as a bogus email...
Thank you,
Mike
Re: Interesting RCPT TO not accepted from server! Condor version 2.3.0.2 order email with my own domain
Posted: Wed Nov 27, 2024 11:16 pm
by Cue4cheap
by mona wrote: ↑Wed Nov 27, 2024 10:24 am
In OC2.0.2.3 did not set the mail headers for
$mail->setFrom or $mail->setReplyTo
I dont know condors version but I suspect it is still related.
You can download OC3.0.4.0 and check those against what you have to see if this is the issue.
catalog/model/checkout/order.php
catalog/controller/information/contact.php
catalog/model/catalog/review.php
That aside, I dont think it is good to allow that. Not due to the customers not wanting to put in an email address but spam reasons.
Personally I would resolve the issue using regex / validation to come up with an error if your store email is used.
I'll have to look around for where to implement the regex check.
Thank you for the suggestion.
Mike
Re: Interesting RCPT TO not accepted from server! Condor version 2.3.0.2 order email with my own domain
Posted: Thu Nov 28, 2024 8:59 pm
by paulfeakins
Cue4cheap wrote: ↑Wed Nov 27, 2024 7:36 am
Just had a few orders attempted using square and I received a complaint from a customer saying they received
RCPT TO not accepted from server!
Sounds like for serious payment issues like this you should probably pay a developer from the
Commercial Support Forum.
Re: Interesting RCPT TO not accepted from server! Condor version 2.3.0.2 order email with my own domain
Posted: Thu Nov 28, 2024 10:01 pm
by khnaz35
Cue4cheap wrote: ↑Wed Nov 27, 2024 11:14 pm
Could you clarify?
Do you manage your own mail server ?
Re: Interesting RCPT TO not accepted from server! Condor version 2.3.0.2 order email with my own domain
Posted: Fri Nov 29, 2024 2:15 am
by Cue4cheap
khnaz35 wrote: ↑Thu Nov 28, 2024 10:01 pm
Cue4cheap wrote: ↑Wed Nov 27, 2024 11:14 pm
Could you clarify?
Do you manage your own mail server ?
I do not. I am on a shared webhost and they manage.
Mike
Re: Interesting RCPT TO not accepted from server! Condor version 2.3.0.2 order email with my own domain
Posted: Fri Nov 29, 2024 2:55 am
by Cue4cheap
paulfeakins wrote: ↑Thu Nov 28, 2024 8:59 pm
Cue4cheap wrote: ↑Wed Nov 27, 2024 7:36 am
Just had a few orders attempted using square and I received a complaint from a customer saying they received
RCPT TO not accepted from server!
Sounds like for serious payment issues like this you should probably pay a developer from the
Commercial Support Forum.
It isn't a "serious payment issue"... it actually happens on all when someone tries to use my domain in their email address, just square is the only one that showed the alert. In the many years I've used opencart, and been with this webhost, this is the first time I've ever known of someone trying to use my domain for an order. Besides I wouldn't fill any order if someone was actually successful making an order and used my domain in their email address so I'm fine having it error but I'll take mona's suggestion to capture the email and make sure others don't use my domain or khnaz35 suggestion to check with my webhost.
Mike
Re: Interesting RCPT TO not accepted from server! Condor version 2.3.0.2 order email with my own domain
Posted: Fri Nov 29, 2024 3:40 pm
by by mona
Your email validation for guest checkout (which is not condors version) is currently something like this
catalog/controller/checkout/guest
Code: Select all
if ((utf8_strlen($this->request->post['email']) > 96) || !preg_match('/^[^\@]+@.*.[a-z]{2,15}$/i', $this->request->post['email'])) {
$json['error']['email'] = $this->language->get('error_email');
}
Presuming you are using php 8, you can use str_ends_with to check it is not your domain.
For simplicity just add "or entered an invalid domain" into the error_email in the language file.
No need to get into specifics or make life more complicated than that, anyone who does it will know it applies to them and why ! !
The only complication is if you need your store email for yourself for testing purposes, but there is gmail, there is modifications you can turn off temporarily - not a big deal imo. Personally I would not add a "whitelist" of any store emails, but you could do that.
Re: Interesting RCPT TO not accepted from server! Condor version 2.3.0.2 order email with my own domain
Posted: Fri Nov 29, 2024 8:06 pm
by khnaz35
Cue4cheap wrote: ↑Fri Nov 29, 2024 2:15 am
I do not. I am on a shared webhost and they manage.
Mike
If you allow other stores to use your email on their domain, your host must update configurations to ensure proper email delivery and avoid being flagged as spam. They need to modify DNS records like SPF (authorize sending domains), DKIM (add digital signatures), and DMARC (set email policies). Additionally, the mail server may require relaying permissions for authenticated senders. Mismanagement can lead to spam risks, so ensure secure setups and strict authentication.
Re: Interesting RCPT TO not accepted from server! Condor version 2.3.0.2 order email with my own domain
Posted: Fri Nov 29, 2024 9:20 pm
by by mona
khnaz35 wrote: ↑Fri Nov 29, 2024 8:06 pm
If you allow other stores to use your email on their domain, your host must update configurations to ensure proper email delivery and avoid being flagged as spam. They need to modify DNS records like SPF (authorize sending domains), DKIM (add digital signatures), and DMARC (set email policies). Additionally, the mail server may require relaying permissions for authenticated senders. Mismanagement can lead to spam risks, so ensure secure setups and strict authentication.
@khnaz35
Maybe I missed it, but I dont see anywhere that Mike said other sites use his store address, he said that his customers use his store address in there email field
Re: Interesting RCPT TO not accepted from server! Condor version 2.3.0.2 order email with my own domain
Posted: Fri Nov 29, 2024 10:51 pm
by khnaz35
by mona wrote: ↑Fri Nov 29, 2024 9:20 pm
@khnaz35
Maybe I missed it, but I dont see anywhere that Mike said other sites use his store address, he said that his customers use his store address in there email field
He mentioned
they used my real domain as their email address i.e noreply@mydomain.com.
Re: Interesting RCPT TO not accepted from server! Condor version 2.3.0.2 order email with my own domain
Posted: Fri Nov 29, 2024 11:03 pm
by by mona
Cue4cheap wrote: ↑Wed Nov 27, 2024 9:58 am
by mona wrote: ↑Wed Nov 27, 2024 8:46 am
Are you saying that your customers are using your domain email address in the customers email field for checkout purposes ?
That is correct. I have zero idea why but it did show an issue with the site.
Mike
Re: Interesting RCPT TO not accepted from server! Condor version 2.3.0.2 order email with my own domain
Posted: Fri Nov 29, 2024 11:17 pm
by Cue4cheap
khnaz35 wrote: ↑Fri Nov 29, 2024 10:51 pm
by mona wrote: ↑Fri Nov 29, 2024 9:20 pm
@khnaz35
Maybe I missed it, but I dont see anywhere that Mike said other sites use his store address, he said that his customers use his store address in there email field
He mentioned
they used my real domain as their email address i.e noreply@mydomain.com.
Ah a little confusion I think...
This is a customer using our domain in their email they provided for the order, not other sites. So instead of
customer@gmail.com they used
customer@mydomain.com. Sorry for the confusion.
Mike
Re: Interesting RCPT TO not accepted from server! Condor version 2.3.0.2 order email with my own domain
Posted: Fri Nov 29, 2024 11:24 pm
by Cue4cheap
by mona wrote: ↑Fri Nov 29, 2024 3:40 pm
Your email validation for guest checkout (which is not condors version) is currently something like this
catalog/controller/checkout/guest
Code: Select all
if ((utf8_strlen($this->request->post['email']) > 96) || !preg_match('/^[^\@]+@.*.[a-z]{2,15}$/i', $this->request->post['email'])) {
$json['error']['email'] = $this->language->get('error_email');
}
Presuming you are using php 8, you can use str_ends_with to check it is not your domain.
For simplicity just add "or entered an invalid domain" into the error_email in the language file.
No need to get into specifics or make life more complicated than that, anyone who does it will know it applies to them and why ! !
The only complication is if you need your store email for yourself for testing purposes, but there is gmail, there is modifications you can turn off temporarily - not a big deal imo. Personally I would not add a "whitelist" of any store emails, but you could do that.
Awesome. Now I don't need to figure it out! With thanksgiving family, and black friday this was going to be looked at later.
Thank you Mona!
Mike