[imp] hardening imp against spammers
Jon Lewis
jlewis at lewis.org
Wed Jun 29 04:47:24 PDT 2005
We've been having trouble recently with Nigerian spammers signing up with
stolen credit card info and sending their 419 spams to hundreds of
recipients/message through our webmail system.
Is there any reason not to have something like:
/* impose limit on number of recipients */
if (substr_count($recips,"@") > $conf['user']['max_recipients']) {
Horde::raiseMessage(_("Too many recipients. Try again with fewer."), HORDE_ERROR);
$get_sig = false;
break;
}
/* end impose limit on number of recipients */
in compose.php in case SEND_MESSAGE: right after $recips is filled in? It
seems to work for me anyway.
Also, I've been using iptables to block entire CIDR blocks from which we
see Nigerian spammer logins. As of last night, I've noticed Nigerians
logging in to spam through open proxies. Has anyone done a patch for imp
to deny access (maybe just deny sending) for IPs in various DNSBLs?
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the imp
mailing list