[imp] Spammers Using Horde/IMP to Send Bulk Message

JackyC at umac.mo JackyC at umac.mo
Sat Sep 6 11:22:03 UTC 2008 

>> Does anyone has this experience?
>> Spammers used the spam to ask horde/imp user to submit their account 
info
>> (including password)
>> Somehow, user submitted.
>> And spammers use this user account to send a lot of bulk messages.

>Yes, there have been numerous cases like yours.

>> Does anyone has this experience? I am just asking for suggest to 
improve
>> in Horde/IMP webmail environment.

>There is not much anyone can do but to keep their (and users) passwords 
>safe. Because Horde and IMP are open source, spammers do always have the 
>access to the source code and hence can always find a way to send spam 
>simulating a browser if they have correct credientials to use the 
>system.

>Summa summarum: It's not the client programs fault if someone gets 
>credientials needed to send spam via the program. From a spammers point 
>of view the same thing can be accomplished with numerous other email 
>clients as well (programs running on workstations are off course a bit 
>harder to hack).

I do realize it is not the fault of the client programs. 
The users should pay extreme attention to their credientials not to let 
others get it.
But if in this case, you have any idea to avoid or just decrease its 
impact to the mail server?
Let's say, control the maximun number of recipients in horde/imp TO field 
and number of sending mails in a certain period of time by using horde/imp 
in horde/imp configuration?

I know it would be possible to control by MTA configuration. But I don't 
know to affect all other users else to Webmail. 


Thank you very much!

Yours Sincerely,
Jacky, Hoi Kei Chan




Jussi Paju <Jussi.Paju at iki.fi> 
Sent by: imp-bounces at lists.horde.org
06/09/2008 下午 07:06

To
imp at lists.horde.org
cc

Subject
Re: [imp] Spammers Using Horde/IMP to Send Bulk Message






On Sat, 6 Sep 2008, JackyC at umac.mo wrote:

> Does anyone has this experience?
> Spammers used the spam to ask horde/imp user to submit their account 
info
> (including password)
> Somehow, user submitted.
> And spammers use this user account to send a lot of bulk messages.

Yes, there have been numerous cases like yours.

> Does anyone has this experience? I am just asking for suggest to improve
> in Horde/IMP webmail environment.

There is not much anyone can do but to keep their (and users) passwords 
safe. Because Horde and IMP are open source, spammers do always have the 
access to the source code and hence can always find a way to send spam 
simulating a browser if they have correct credientials to use the 
system.

Summa summarum: It's not the client programs fault if someone gets 
credientials needed to send spam via the program. From a spammers point 
of view the same thing can be accomplished with numerous other email 
clients as well (programs running on workstations are off course a bit 
harder to hack).

-- 
Jussi Paju
  - luoja, creator -

:: Te audire no possum. Musa sapientum fixa est in aure.
:: I can't hear you. I have a banana in my ear.
--
IMP mailing list - Join the hunt: http://horde.org/bounties/#imp
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: imp-unsubscribe at lists.horde.org

More information about the imp mailing list