I've been getting LOTS of spam emails and finally got to the source - THIS PLUGIN!!
I would love to see your evidence.
Testing with WordPress 3.5.2 and Postie 1.5.15 shows that these types of exploit emails do not get posted.
Please note that it considered polite to try and contact the author of a plugin about a security issue before running through the streets yelling "the sky is falling"
I've installed Postie and started using it.
Normally, I was expecting it to post only articles sent by emails coming from users who are already registered on my website.
To my surprise, Postie posted thousands of posts, even though the senders were not our users.
Those spams forced me to disable Postie for a while.
Could you, please, check which hole the spammers have exploited and help me to fix it as soon as possible?
That happened on my site http://ijwiryarubanda.com/urubuga/
The emails that are allowed onto your site depend on how you set up Postie. For example if you set "Allow Anyone To Post Via Email" to "yes" then anyone who sends email to your Postie email address will be able to post to your blog.
I suspect that you already have lots of spam in the email account that Postie is checking as that is the only way it can show up in your blog.
If you'd like me to look at your site configuration email me at firstname.lastname@example.org
I'd just like to confirm what Wayne, the plugin author, explained above. I've been using Postie for about a year and set "Allow Anyone To Post Via Email" to "no." Not a single spam message has gotten through. Postie is very well designed and supported. That's why I donated, as a way to thank Wayne and help support continued development of the plugin.
You must log in to post.