[imp] IMP Abuse (was Howto remove client IP-Address)
Jan Schneider
jan at horde.org
Thu Jan 31 08:31:07 UTC 2008
Zitat von Listaccount <lst_hoe01 at kwsoft.de>:
> Zitat von Liam Hoekenga <liamr at deathstar.org>:
>
>> Jan Schneider wrote:
>>> Zitat von Kevin Konowalec <webadmin at ualberta.ca>:
>>>
>>>
>>>> This is exactly what we did. Since you can change your "from" and
>>>> "reply-to" fields in your identities it became necessary to embed the
>>>> user's actual login ID in an X-header so that we can identify the
>>>> source of spam. We also took it one step further and added a bit of
>>>> code that keeps a running total of the number of recipients a user
>>>> has sent to in a given session (stored in the memcache session
>>>> variable itself). Then we've set limits so that if a message has
>>>> more than 50 recipients per message it will refuse to send it (we
>>>> display a message saying that it's much more appropriate to use a
>>>> mailman list for messages of that size). Plus if the cumulative
>>>> total recipients per session is over 200 it will no longer allow the
>>>> user to send mail (until they log in again with a clean session).
>>>> We've nailed a whole bunch of spammers with this functionality with
>>>> the added bonus of getting people who maintain large mailing lists to
>>>> use the list server rather than Imp, which is better for all concerned.
>>>>
>
>
> It would be *really* nice if one can limit the mail addresses a user
> can set to the ones the administrator has tied to the account. Instead
> of entering free text it should be a list-box with addresses from the
> database.
This is already possible and has always been, at least since IMP 3,
probably earlier.
Jan.
--
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/
More information about the imp
mailing list