Question Receiving mail from illegal visitor

Hi,

I' am receiving a mail (see attachment) from a visitor (no member of the site). This answer on an existing topic is not published on the site. It looks like there is some vulnerability?

Regards,
Roelof Jan

I am receiving similar email notifications to the administrator (many from two days ago).
it looks like a user is sending spam messages to the forum, but the message is not visible on the site.
what happen? How can I block this email flow?
thanks
Patrizio

Take a look in the notifications source code and see if it is sent from your site like a normal notification mail or if a joker is sending from his email. If you find it sent from another ip-adress note it and search your database for it. If its a member you will figure out who it is.

Thanks for your answer.
what I can see is the attached screenshot.
It's look like a normal notification..
any suggestion, please?

Patrizio

Thats html code, but you should look in the e-mails header. Its looks like this:
From: Media Temple user ([email protected])
Subject: article: How to Trace a Email
Date: January 25, 2011 3:30:58 PM PDT
To: [email protected]
Return-Path: <[email protected]>
Envelope-To: [email protected]
Delivery-Date: Tue, 25 Jan 2011 15:31:01 -0700
Received: from po-out-1718.google.com ([72.14.252.155]:54907) by cl35.gs01.gridserver.com with esmtp (Exim 4.63) (envelope-from <[email protected]>) id 1KDoNH-0000f0-RL for [email protected]; Tue, 25 Jan 2011 15:31:01 -0700
Received: by po-out-1718.google.com with SMTP id y22so795146pof.4 for <[email protected]>; Tue, 25 Jan 2011 15:30:58 -0700 (PDT)
Received: by 10.141.116.17 with SMTP id t17mr3929916rvm.251.1214951458741; Tue, 25 Jan 2011 15:30:58 -0700 (PDT)
Read more here;
mediatemple.net/community/products/dv/20...ding-an-email-header

good evening Slacker,
thanks for your help.
I was looking to the email headers, but not found differences between a "real" message and a "spam" message.
This is a spam message header (message.txt attached):

Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: (qmail 10070 invoked by uid 89); 26 Nov 2018 17:27:59 -0000
Received: from unknown (HELO mxcmd11.ad.aruba.it) (62.149.157.68)
by mxavas2.ad.aruba.it with SMTP; 26 Nov 2018 17:27:59 -0000
Received: from smtplqs-out39.aruba.it ([62.149.158.79])
by mxcmd11.ad.aruba.it with bizsmtp
id 4hTi1z00a1j4Dby01hTzdG; Mon, 26 Nov 2018 18:28:00 +0100
Received: from webxc230s01.ad.aruba.it ([89.46.105.130])
by smartcmd02.ad.aruba.it with bizsmtp
id 4hTz1z00Z2opJgR01hTzdY; Mon, 26 Nov 2018 18:27:59 +0100
Received: by webxc230s01.ad.aruba.it (Postfix, from userid 19274138)
id E68EB20504E; Mon, 26 Nov 2018 18:27:59 +0100 (CET)
To: [email protected]
Subject: All.Can : efficienza nella cura del cancro (Notizie da IRENE)
.....

and this is a "real" message header (message-2.txt attached)

Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: (qmail 28047 invoked by uid 89); 29 Sep 2018 14:42:04 -0000
Received: from unknown (HELO mxcmd08.ad.aruba.it) (62.149.157.43)
by mxavas5.ad.aruba.it with SMTP; 29 Sep 2018 14:42:04 -0000
Received: from smtplqs-out41.aruba.it ([62.149.158.81])
by mxcmd08.ad.aruba.it with bizsmtp
id hSi11y00o1lfaGW01Si5Jr; Sat, 29 Sep 2018 16:42:05 +0200
Received: from webxc230s01.ad.aruba.it ([89.46.105.130])
by smartcmd02.ad.aruba.it with bizsmtp
id hSi51y00B2opJgR01Si5vh; Sat, 29 Sep 2018 16:42:05 +0200
Received: by webxc230s01.ad.aruba.it (Postfix, from userid 19274138)
id 646C6205021; Sat, 29 Sep 2018 16:42:05 +0200 (CEST)
To: [email protected]
Subject: Una sensazione di acufene all'orecchio destro (Le nostre storie)

I don't see any difference...
Thanks for you help

Patrizio

It seems to be a notification mail from your site. What you can do is to check your access logs, when it sent to look for any suspicious activity. In phpMyAdmin look in kunena_user_topics. Search in this table for the topic_id for the spam and check what you find there. If it is a real notificatin you will find it there.

It's not a real notification!
no trace in Kunena_user_topic.
it's spam, it's notipficated to the administrator for moderation but not published in the forum.
three weeks ago I detected some illegal user generated in Joomla and I purged them. (deleted from Joomla)
after that, I receives a dozen of messages like the last.
maybe there is a relation between deleting the illegal user and strange notifications received...
many thanks
Patrizio

Maybe someone found out a way to send out notifications without being a member, But if you look in access logs you might find out how.

I also am getting the very same problem.