Support

Admin Tools for WordPress

#38201 different email MTA for system (admin tools) emails only

Posted in ‘Admin Tools for WordPress’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

WordPress version
6.1.1
PHP version
8.1
Admin Tools version
1.5.8

Latest post by nicholas on Sunday, 18 December 2022 06:37 CST

Saturday, 17 December 2022 10:26 CST

sjberry1963

Hello,

My configuration of WordPress includes Admin Tools which tends to generate a fair amount of email traffic as a result of many events that happen on WordPress such as failed login attempts, security exceptions etc.

When I launch a new website, I normally create a new email account for my customer and have all the email traffic go that account, but this can create concern for them if/when they see the number of failed login attempts and security exceptions. I know these are normal, but my explanation isn't always accepted by them easily. I prefer those go to me and not to them.

I would like to find a way to do this:

  • One email account (smtp configuration) that handles all site related email such as login attempts and security exceptions etc.
  • Another email account that handles all form submissions and other WordPress transactional activity only

So, my questions is: Is this possible, and if so, do you have any suggestions on how I go about setting it up.

Sorry for the ticket: I've just been getting nowhere on Google and not even sure I know what to search for.

Thanks for your help.

Sunday, 18 December 2022 06:37 CST

nicholas

WordPress does not allow setting an alternate Mail Transfer Agent per email, unfortunately. This is something that you will only find in Joomla 4.

Admin Tools does let you, however, set up a different email recipient, limit the number of emails received, or even turn off emails for specific events or completely. 

Most of these options can be found in the Configure WAF page. Look under “Auto-ban” and “Logging & Reporting”. You can set up the recipient email addresses. No address means no email is sent. The “Do not send email notifications for these reasons” lets you select one or more request blocking reasons which will NOT generate an email if emails are otherwise enabled.

To set up mail limits, go to Web Application Firewall, Email Templates. Each template has a set of “Frequency limit” settings. The frequency limit is only applied when the “Enable security exception email throttling” in the Configure WAF page is set to Yes.

I recommend AGAINST receiving emails for blocked requests. Empty the “Email this address on security exceptions” field in Configure WAF. Admin Tools manages these request blocks and resulting automatic IP bans (temporary or permanent) automatically. That's the whole point. These emails are there mostly for troubleshooting reasons and only for people who can't be bothered logging into the site to peruse the Security Exceptions Log page in Admin Tools. 

Likewise, I think that the “Email this address after an automatic IP ban” feature is an overkill in production. It's only meant to be used when you are setting up Admin Tools; you will get very frequently blocked and the email contains a handy Rescue Mode URL to get yourself unblocked without having to mess around with renaming files over (S)FTP. When you move to production you should empty that field and let Admin Tools handle IP blocks for you.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!