[imp] IMP Abuse (was Howto remove client IP-Address)

Listaccount lst_hoe01 at kwsoft.de
Thu Jan 31 08:39:15 UTC 2008 

Zitat von Jan Schneider <jan at horde.org>:

> Zitat von Listaccount <lst_hoe01 at kwsoft.de>:
>
>> Zitat von Jan Schneider <jan at horde.org>:
>>
>>> Zitat von Listaccount <lst_hoe01 at kwsoft.de>:
>>>
>>>> Zitat von Liam Hoekenga <liamr at deathstar.org>:
>>>>
>>>>> Jan Schneider wrote:
>>>>>> Zitat von Kevin Konowalec <webadmin at ualberta.ca>:
>>>>>>
>>>>>>
>>>>>>> This is exactly what we did.  Since you can change your "from" and
>>>>>>> "reply-to" fields in your identities it became necessary to embed the
>>>>>>> user's actual login ID in an X-header so that we can identify the
>>>>>>> source of spam.  We also took it one step further and added a bit of
>>>>>>> code that keeps a running total of the number of recipients a user
>>>>>>> has sent to in a given session (stored in the memcache session
>>>>>>> variable itself).  Then we've set limits so that if a message has
>>>>>>> more than 50 recipients per message it will refuse to send it (we
>>>>>>> display a message saying that it's much more appropriate to use a
>>>>>>> mailman list for messages of that size).   Plus if the cumulative
>>>>>>> total recipients per session is over 200 it will no longer allow the
>>>>>>> user to send mail (until they log in again with a clean session).
>>>>>>> We've nailed a whole bunch of spammers with this functionality with
>>>>>>> the added bonus of getting people who maintain large mailing lists to
>>>>>>> use the list server rather than Imp, which is better for all concerned.
>>>>>>>
>>>>
>>>>
>>>> It would be *really* nice if one can limit the mail addresses a user
>>>> can set to the ones the administrator has tied to the account. Instead
>>>> of entering free text it should be a list-box with addresses from the
>>>> database.
>>>
>>> This is already possible and has always been, at least since IMP 3,
>>> probably earlier.
>>>
>>> Jan.
>>
>> Could you please explain on how we can do this? I have never seen a
>> configuration option which sound like what we need.
>
> Lock the from_addr preference.
>

Yes of course, but we like to give the user the ability to choose from  
a bunch of addresses which where defined as aliases to this account  
anyway.

So we have e.g.

userA : vname.name at domain, nick at domain, other-nick at domain

and the user could choose to set on of these addresses as *sender* for  
his/here identities and no other e-mail address can be used. This  
makes sense because this e-mail addresses will be routed to the  
account anyway so the user "owns" the address.

Regards

Andreas



-- 
All your trash belong to us ;-)  www.spamschlucker.org
To: stephan at spamschlucker.org

More information about the imp mailing list