[horde] spammers targeting horde/imp as spamming tool
Chuck Hagenbuch
chuck at horde.org
Wed Apr 30 02:57:36 UTC 2008
Quoting D G Teed <donald.teed at gmail.com>:
> Has anyone read this thread:
>
> http://www.nabble.com/Spamming-using-imp--td15431034.html
>
> Spammers are using brute force or phished login information to gain
> access to imp, and then sent out spam
>
> I've received a spam complaint which seems to echo this situtation.
>
> The first tool which comes to my mind is DenyHosts.
There are a couple of things you can do in Horde 3.2/IMP 4.2 to help
with this:
1. Turn on $conf['user']['verify_from_addr'] in Horde 3.2. This will
prevent a user from changing their from address without an email
confirmation - not a hard road block to a throwaway hotmail address,
but another hoop to jump through. Also useful for policing your legit
but perhaps less-than-technical users.
2. Turn on the sentmail logs in IMP 4.2. The driver and the amount of
time logs are kept are configured under "Other Settings" in IMP's
config (or $conf['sentmail']). Once you turn on the driver, there are
two permissions you can set through the Horde permissions API:
'imp:max_recipients' => "Maximum Number of Recipients per Message"
'imp:max_timelimit' => "Maximum Number of Recipients per Time Period"
The first one is a hard limit on the number of recipients for a single
message. The second one is limit on the number of messages that can be
sent in the time period configured in $conf['sentmail']. This is for
preventing someone from sending to exactly the max # of recipients
over and over again.
-chuck
More information about the horde
mailing list