[imp] IMP Abuse (was Howto remove client IP-Address)

Chuck Hagenbuch chuck at horde.org
Wed Jan 30 21:19:48 UTC 2008


Quoting Liam Hoekenga <liamr at deathstar.org>:

>>> This is exactly what we did.  Since you can change your "from" and
>>> "reply-to" fields in your identities it became necessary to embed the
>>> user's actual login ID in an X-header so that we can identify the
>>> source of spam.  We also took it one step further and added a bit of
>>> code that keeps a running total of the number of recipients a user
>>> has sent to in a given session (stored in the memcache session
>>> variable itself).  Then we've set limits so that if a message has
>>> more than 50 recipients per message it will refuse to send it (we
>>> display a message saying that it's much more appropriate to use a
>>> mailman list for messages of that size).   Plus if the cumulative
>>> total recipients per session is over 200 it will no longer allow the
>>> user to send mail (until they log in again with a clean session).
>>> We've nailed a whole bunch of spammers with this functionality with
>>> the added bonus of getting people who maintain large mailing lists to
>>> use the list server rather than Imp, which is better for all concerned.
>>
>> This is a builtin feature of IMP 4.2 by the way. With the difference
>> that you limit across sessions for a definable time period.
>>
> So... where do you turn this on?  I can't find it in the conf file.

Under Other settings -> Mail Logging -> $conf['sentmail']

-chuck


More information about the imp mailing list