[Tickets #12792] Re: Log identity
noreply at bugs.horde.org
noreply at bugs.horde.org
Thu Oct 24 17:33:25 UTC 2013
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/12792
------------------------------------------------------------------------------
Ticket | 12792
Updated By | arjen+horde at de-korte.org
Summary | Log identity
Queue | IMP
Version | 6.1.4
Type | Enhancement
State | New
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
arjen+horde at de-korte.org (2013-10-24 17:33) wrote:
> Is there a way to log which identity the email account being used to
> send out email?
Configure your Mail Transfer Agent (MTA) to only accept messages
through SMTP AUTH on port 587. Configure Horde to send messages
through that port and use their credentials for SMTP AUTH.
Don't allow users to setup e-mail addresses without verification that
they actually have access to this account. Make sure
$conf[user][verify_from_addr] is ticked in Administration->Horde->User
Capabilities and Constraints.
Your MTA can possibly help too here. For instance, in Postfix there is
an option 'reject_sender_login_mismatch' which will prevent your users
from making up sender addresses. I use the latter, which has the added
benefit of being independent from Horde, so it doesn't matter how
users send messages through your server.
> Some accounts got compromised and new identities created to perform spamming.
Limiting the number of messages/recipients can send per hour/day would
have limited the impact of compromised accounts. Configure the
Administration->Permissions for IMP and cap both 'max_recipients' and
'max_timelimit' to a reasonable value.
> The only way to find out was from the horde_prefs table. Reading the
> log would be faster and more helpful.
Sure.
More information about the bugs
mailing list