Hello Team, I am a security researcher and I found some Vulnerabilities in your site one of them is as following:
DESCRIPTION: I just sent a forged email to my email address that appears to originate from haproxy@formilux.org I was able to do this because of the following DMARC record: DMARC record lookup and validation for:formilux.org "No DMARC Record found" Or/And "No DMARC Reject Policy" FIX: 1) Publish DMARC Record. (If not already published) 2) Enable DMARC Quarantine/Reject policy 3) Your DMARC record should look like "v=DMARC1; p=reject; sp=none; pct=100; ri=86400; rua=mailto:i...@domain.com"; This can be done using any PHP mailer tool like this, <?php $to = "vic...@example.com"; $subject = "Password Change"; $txt = "Change your password by visiting here - [VIRUS LINK HERE]l"; $headers = "From:haproxy@formilux.org"” mail($to,$subject,$txt,$headers);? You can check your DMARC record form here: https://mxtoolbox.com/SuperTool.aspx?action=mx%3alition.io&run=toolpage Reference: https://www.knownhost.com/wiki/email/troubleshooting/setting-up_spf-dkimdmarc_records Let me know if you need me to send another forged email, or if you have any other questions. I’m hoping to Receive a bounty reward for my current finding. I will be looking forward to hearing from you on this and Will be reporting other vulnerabilities accordingly. Stay Safe & Healthy. Snapshots. [image: image.png]
