Title: Email vulnerability?
Last modified: August 20, 2016

---

# Email vulnerability?

 *  Resolved [Danny-T](https://wordpress.org/support/users/danny-t/)
 * (@danny-t)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/email-vulnerability/)
 * I run a server with several sites/apps hosted, about 5 of those are WordPress
   sites (all up to date). I just checked my mailserver logs and it seems each of
   the WordPress sites are sending out copious amounts of spam messages.
 * My mailserver is configured to only allow locally installed applications to send
   mail and the only mails being sent are using email addresses with the domains
   of each of the WordPress installations.
 * I’ve disabled the php mail function but somehow they’re still getting through.
   Is anyone aware of any such vulnerability or heard of something similar? The 
   only evidence I have that it’s related to wordpress is the domains the emails
   are being sent from are all just the WordPress installs.
 * This is a Win2k8 IIS7 server (“blame windows” won’t help me here). The server
   is protected by a hardware firewall so I’m pretty confident these emails are 
   coming from somewhere on the machine and like I said, the domains being used 
   point fingers at WordPress (although it could be generally just PHP).

Viewing 1 replies (of 1 total)

 *  Thread Starter [Danny-T](https://wordpress.org/support/users/danny-t/)
 * (@danny-t)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/email-vulnerability/#post-3353210)
 * Seemingly disabling PHP’s mail() function did do the trick, there were a handful
   of spam messages in the retry queue which processed after I’d disabled it so 
   I thought it hadn’t worked.
 * For anyone else with the same issue:
 * 1 – Disable mail function in your php.ini:
    disable_functions=mail 2 – Install
   SMTP plugin E.g. [http://wordpress.org/extend/plugins/wp-mail-smtp/](http://wordpress.org/extend/plugins/wp-mail-smtp/)
   3 – Configure plugin settings

Viewing 1 replies (of 1 total)

The topic ‘Email vulnerability?’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 1 reply
 * 1 participant
 * Last reply from: [Danny-T](https://wordpress.org/support/users/danny-t/)
 * Last activity: [13 years, 4 months ago](https://wordpress.org/support/topic/email-vulnerability/#post-3353210)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics