Author Topic: Password reset emails trigger base64 encoding and being blocked on email gateway  (Read 2849 times)

Offline Rdw

  • Newbie
  • *
  • Posts: 6
  • Karma: +2/-0
    • View Profile
Hello

I'm having issues with the password reset option and all the reset emails are being blocked on the email gateway and the hosting provider has advised that it is due to a base 64 creating a high SPAM score rule being triggered.

From our hosting provider
This is likely because unfortunately password reset type emails are very popular with spammers / phishing attempts nowadays.
Here are the issues which the spam filtering gateway found with those emails:

    Rule breakdown below
     pts rule name              description
    ---- ---------------------- --------------------------------------------------
    0.14 MISSING_MID            Missing Message-Id: header
    0.01 FROM_EXCESS_BASE64     From: base64 encoded unnecessarily
    1.05 FROM_EXCESS_BASE64_2   From: base64 encoded unnecessarily
    1.20 BSF_SC3_MV0891         Custom rule MV0891

The From: base64 messages are being generated because the software is doing something odd with the 'from' email addresses:
From: =?UTF-8?B?QWJpbmdkb24gRmVuY2luZyBDbHVi?=info@DOMAIN NAME REMOVED.org.uk
The 'Custom rule MV0891' entry will be because of the issue I mentioned above where these look like potential phishing messages.
Are there options you can tweak which could disable this behaviour with the From: address by any chance?


How can we remove the encoding that is triggering the "From: base64 encoded

I have configured using SMTP setting and all other emails are working as expected

below is an extract from the bounce back message

Subject: =?UTF-8?B?QWJpbmdkb24gRmVuY2luZyBDbHViIC0gUGFzc3dvcmQgcmVzZXQ=?=
Date: Thu, 06 Jan 2022 00:33:50 +0000
From: =?UTF-8?B?QWJpbmdkb24gRmVuY2luZyBDbHVi?=<info@DOMAIN NAME REMOVED.org.uk>
Reply-To: =?UTF-8?B?QWJpbmdkb24gRmVuY2luZyBDbHVi?=<info@DOMAIN NAME REMOVED.org.uk>
X-Mailer: PHP/7.4.27
MIME-Version: 1.0
Content-Type: multipart/related; boundary="----=_NextPart_c603966fff8af298a85ea4e0f39f92c5"

I have tried editing the content of the email to remove PASSWORD but this makes no difference.

Currently using version1.3.1






Offline Basara

  • Administrator
  • Hero Member
  • *****
  • Posts: 5774
  • Karma: +274/-2
    • View Profile
Hello.
Try to upgrade to 1.3.2

Offline abolabo

  • core-developer
  • Administrator
  • Hero Member
  • *****
  • Posts: 2046
  • Karma: +318/-13
  • web for all, all for web!
    • View Profile
    • AbanteCart

Currently using version1.3.1

please try to replace file core/lib/mail.php with file from 1.3.2 version
“No one is useless in this world who lightens the burdens of another.”
― Charles Dickens

Offline Rdw

  • Newbie
  • *
  • Posts: 6
  • Karma: +2/-0
    • View Profile
I've upgraded to the latest version 1.3.2 and still password reset emails are being blocked by our hosting provider and they are still advising it is due to the content / structure of the message.

I have tried installing several other packages and the password reset links always come through without any issues.

I have changed the wording of the reset email and still makes no difference.

emails are being sent via SMTP is there any other backend configuration which needs to take place?


Offline Basara

  • Administrator
  • Hero Member
  • *****
  • Posts: 5774
  • Karma: +274/-2
    • View Profile

Offline Rdw

  • Newbie
  • *
  • Posts: 6
  • Karma: +2/-0
    • View Profile
Hello

Switched back to PHP and exactly the same is happening even when using -f and -r

Emails for password resets for the rest link are being blocked

Offline abolabo

  • core-developer
  • Administrator
  • Hero Member
  • *****
  • Posts: 2046
  • Karma: +318/-13
  • web for all, all for web!
    • View Profile
    • AbanteCart
please try to edit file core/lib/mail.php

Just replace
Code: [Select]
$header['From'] = '=?UTF-8?B?'.base64_encode($this->sender).'?='.'<'.$this->from.'>';with this
Code: [Select]
$header['From'] = (preg_match('/[^\x20-\x7f]/', $this->sender)  ? "=?UTF-8?B?". base64_encode($this->sender) ."?=" : $this->sender ) ." <".$this->from.">";
and let us know
“No one is useless in this world who lightens the burdens of another.”
― Charles Dickens

Offline Basara

  • Administrator
  • Hero Member
  • *****
  • Posts: 5774
  • Karma: +274/-2
    • View Profile

 

Powered by SMFPacks Social Login Mod