[imp] IMP Abuse (was Howto remove client IP-Address)
Jan Schneider
jan at horde.org
Tue Dec 18 16:04:04 UTC 2007
Zitat von Kevin Konowalec <webadmin at ualberta.ca>:
> This is exactly what we did. Since you can change your "from" and
> "reply-to" fields in your identities it became necessary to embed the
> user's actual login ID in an X-header so that we can identify the
> source of spam. We also took it one step further and added a bit of
> code that keeps a running total of the number of recipients a user
> has sent to in a given session (stored in the memcache session
> variable itself). Then we've set limits so that if a message has
> more than 50 recipients per message it will refuse to send it (we
> display a message saying that it's much more appropriate to use a
> mailman list for messages of that size). Plus if the cumulative
> total recipients per session is over 200 it will no longer allow the
> user to send mail (until they log in again with a clean session).
> We've nailed a whole bunch of spammers with this functionality with
> the added bonus of getting people who maintain large mailing lists to
> use the list server rather than Imp, which is better for all concerned.
This is a builtin feature of IMP 4.2 by the way. With the difference
that you limit across sessions for a definable time period.
Jan.
--
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/
More information about the imp
mailing list