[imp] IMP Abuse (was Howto remove client IP-Address)
Listaccount
lst_hoe01 at kwsoft.de
Thu Jan 31 08:12:41 UTC 2008
Zitat von Liam Hoekenga <liamr at deathstar.org>:
> Jan Schneider wrote:
>> Zitat von Kevin Konowalec <webadmin at ualberta.ca>:
>>
>>
>>> This is exactly what we did. Since you can change your "from" and
>>> "reply-to" fields in your identities it became necessary to embed the
>>> user's actual login ID in an X-header so that we can identify the
>>> source of spam. We also took it one step further and added a bit of
>>> code that keeps a running total of the number of recipients a user
>>> has sent to in a given session (stored in the memcache session
>>> variable itself). Then we've set limits so that if a message has
>>> more than 50 recipients per message it will refuse to send it (we
>>> display a message saying that it's much more appropriate to use a
>>> mailman list for messages of that size). Plus if the cumulative
>>> total recipients per session is over 200 it will no longer allow the
>>> user to send mail (until they log in again with a clean session).
>>> We've nailed a whole bunch of spammers with this functionality with
>>> the added bonus of getting people who maintain large mailing lists to
>>> use the list server rather than Imp, which is better for all concerned.
>>>
It would be *really* nice if one can limit the mail addresses a user
can set to the ones the administrator has tied to the account. Instead
of entering free text it should be a list-box with addresses from the
database.
Andreas
--
All your trash belong to us ;-) www.spamschlucker.org
To: stephan at spamschlucker.org
More information about the imp
mailing list