[horde] Tracing what user had an SMTP error

D G Teed donald.teed at gmail.com
Sat May 17 15:08:38 UTC 2008


Hi,

In light of the phishing and compromised accounts used
to send spam from webmail, we have a dedicated smtp
server to limit the number of recipients and put restrictions
on the sender address/domain.

Generally the spammers use a different Sender than
our domain.

When the SMTP server rejects the message due to one
of these rules, there is an Access denied message
sent back to the webmail client.  That works well.
I don't have outbound spam, just a bunch of NOQUEUE
messages in maillog.

However, I don't have an easy trace on which accounts are
likely being compromised. Before, the "Message sent"
trace would include the horde user's account name.
But this does not appear in the horde log when
there is an SMTP error.  e.g.:

May 13 17:20:24 HORDE [error] [imp] Failed to add recipient:
macjon190 at yahoo.com [SMTP: Invalid response code received from server (code:
554, response: 5.7.1 <millerdave at hotmail.com.com>: Sender address rejected:
Access denied)] [on line 1054 of
"/usr/local/www/horde/horde-webmail-1.0.1/imp/compose.php"]

Is there a change I can make to the code to flush out the user account
(or maybe their logged in source IP) in SMTP errors logged at
horde.log?

--Donald


More information about the horde mailing list