[imp] IMP Abuse (was Howto remove client IP-Address)
Michael M Slusarz
slusarz at horde.org
Wed Jan 30 21:23:33 UTC 2008
Quoting Liam Hoekenga <liamr at deathstar.org>:
>>> This is exactly what we did. Since you can change your "from" and
>>> "reply-to" fields in your identities it became necessary to embed the
>>> user's actual login ID in an X-header so that we can identify the
>>> source of spam. We also took it one step further and added a bit of
>>> code that keeps a running total of the number of recipients a user
>>> has sent to in a given session (stored in the memcache session
>>> variable itself). Then we've set limits so that if a message has
>>> more than 50 recipients per message it will refuse to send it (we
>>> display a message saying that it's much more appropriate to use a
>>> mailman list for messages of that size). Plus if the cumulative
>>> total recipients per session is over 200 it will no longer allow the
>>> user to send mail (until they log in again with a clean session).
>>> We've nailed a whole bunch of spammers with this functionality with
>>> the added bonus of getting people who maintain large mailing lists to
>>> use the list server rather than Imp, which is better for all concerned.
>>>
>>
>> This is a builtin feature of IMP 4.2 by the way. With the difference
>> that you limit across sessions for a definable time period.
>>
> So... where do you turn this on? I can't find it in the conf file.
Mail Logging -> Sentmail logging. Then define the limits for your
users/groups in permissions.
michael
--
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the imp
mailing list