engine/modules/pm.php
$id_key = $_POST[$_SESSION['id_key']];
if( $id_key == "" or $id_key != $dle_login_hash ) $stop .= "<li>ANTISPAM: User ID not valid</li>";
if (clean_url($_SERVER['HTTP_REFERER']) != clean_url($_SERVER['HTTP_HOST'])) $stop .= "<li>ANTISPAM: User ID not valid</li>";
Заменить на
if( $config['sec_addnews'] ) {
$id_key = $_POST[$_SESSION['id_key']];
if( $id_key == "" or $id_key != $dle_login_hash ) $stop .= "<li>ANTISPAM: User ID not valid</li>";
if (clean_url($_SERVER['HTTP_REFERER']) != clean_url($_SERVER['HTTP_HOST'])) $stop .= "<li>ANTISPAM: User ID not valid</li>";
}