[imp] IMP Abuse (was Howto remove client IP-Address)
Liam Hoekenga
liamr at deathstar.org
Wed Jan 30 21:00:10 UTC 2008
Jan Schneider wrote:
> Zitat von Kevin Konowalec <webadmin at ualberta.ca>:
>
>
>> This is exactly what we did. Since you can change your "from" and
>> "reply-to" fields in your identities it became necessary to embed the
>> user's actual login ID in an X-header so that we can identify the
>> source of spam. We also took it one step further and added a bit of
>> code that keeps a running total of the number of recipients a user
>> has sent to in a given session (stored in the memcache session
>> variable itself). Then we've set limits so that if a message has
>> more than 50 recipients per message it will refuse to send it (we
>> display a message saying that it's much more appropriate to use a
>> mailman list for messages of that size). Plus if the cumulative
>> total recipients per session is over 200 it will no longer allow the
>> user to send mail (until they log in again with a clean session).
>> We've nailed a whole bunch of spammers with this functionality with
>> the added bonus of getting people who maintain large mailing lists to
>> use the list server rather than Imp, which is better for all concerned.
>>
>
> This is a builtin feature of IMP 4.2 by the way. With the difference
> that you limit across sessions for a definable time period.
>
So... where do you turn this on? I can't find it in the conf file.
Liam
More information about the imp
mailing list