I have my mail server set up to use DKIM and SPF to prevent spoofing and SPAM. That means that the drupal mailer will not work and that emails from my domain which are not signed are bounced back by most other email providers. It took me a few weeks to realize that I was no longer getting notifications from my commons test site after I set this up.

The solution is to use the SMTP Authentication Support module (which required PHPMailer) to route system emails through my SMTP server. That solved the problem.

I am still a little concerned that this approach could open a back door for SPAMers to use my commons site to send spam with a legitimate signature. Right now I have things set up so that you have to be an authenticated user to post anything. I have had trouble with Mollom, so I don't want to go that route.

I may need to look at other drupal captcha or spambot prevention systems, so any experience that others wish to share would be appreciated.

Comments

lightsurge’s picture

I had this issue once... probably the best way would be to spam check outgoing emails coming from Drupal (i.e. before the dkim signature is applied), and to keep tabs on your log reports to see how effective the filtering is and who is spamming.

You could couple that up with the http://drupal.org/project/spam module which is pretty good and very configurable (would check Drupal content as its added in a similar way to how spamassassin would check outgoing emails)... and then for the virus side you could use http://drupal.org/project/clamav

japerry’s picture

Version: » 6.x-2.x-dev
Issue summary: View changes
Status: Active » Closed (works as designed)

Not a commons specific issue.