[horde] Tracing what user had an SMTP error
Jan Schneider
jan at horde.org
Sat May 17 21:28:28 UTC 2008
Zitat von D G Teed <donald.teed at gmail.com>:
> Hi,
>
> In light of the phishing and compromised accounts used
> to send spam from webmail, we have a dedicated smtp
> server to limit the number of recipients and put restrictions
> on the sender address/domain.
>
> Generally the spammers use a different Sender than
> our domain.
>
> When the SMTP server rejects the message due to one
> of these rules, there is an Access denied message
> sent back to the webmail client. That works well.
> I don't have outbound spam, just a bunch of NOQUEUE
> messages in maillog.
>
> However, I don't have an easy trace on which accounts are
> likely being compromised. Before, the "Message sent"
> trace would include the horde user's account name.
> But this does not appear in the horde log when
> there is an SMTP error. e.g.:
>
> May 13 17:20:24 HORDE [error] [imp] Failed to add recipient:
> macjon190 at yahoo.com [SMTP: Invalid response code received from server (code:
> 554, response: 5.7.1 <millerdave at hotmail.com.com>: Sender address rejected:
> Access denied)] [on line 1054 of
> "/usr/local/www/horde/horde-webmail-1.0.1/imp/compose.php"]
>
> Is there a change I can make to the code to flush out the user account
> (or maybe their logged in source IP) in SMTP errors logged at
> horde.log?
The log message contains the exact file and line of the place where
this message is logged. Change the code to log any information you
like. You get the user name with Auth::getAuth().
Jan.
--
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/
More information about the horde
mailing list