[imp] Spammers Using Horde/IMP to Send Bulk Message

JackyC at umac.mo JackyC at umac.mo
Mon Sep 8 01:18:18 UTC 2008


Dear Jan,

It is great to have it implemented on 4.2, I am probably running version 
4.1.3~~
I think I will soon plan to a upgrade. 

But how about the recommended values of these two settings?

Thank you very much!

Yours Sincerely,
Jacky, Hoi Kei Chan




Jan Schneider <jan at horde.org> 
Sent by: imp-bounces at lists.horde.org
06/09/2008 下午 07:20

To
imp at lists.horde.org
cc

Subject
Re: [imp] Spammers Using Horde/IMP to Send Bulk Message






Zitat von JackyC at umac.mo:

>>> Does anyone has this experience?
>>> Spammers used the spam to ask horde/imp user to submit their account
> info
>>> (including password)
>>> Somehow, user submitted.
>>> And spammers use this user account to send a lot of bulk messages.
>
>> Yes, there have been numerous cases like yours.
>
>>> Does anyone has this experience? I am just asking for suggest to
> improve
>>> in Horde/IMP webmail environment.
>
>> There is not much anyone can do but to keep their (and users) passwords
>> safe. Because Horde and IMP are open source, spammers do always have 
the
>> access to the source code and hence can always find a way to send spam
>> simulating a browser if they have correct credientials to use the
>> system.
>
>> Summa summarum: It's not the client programs fault if someone gets
>> credientials needed to send spam via the program. From a spammers point
>> of view the same thing can be accomplished with numerous other email
>> clients as well (programs running on workstations are off course a bit
>> harder to hack).
>
> I do realize it is not the fault of the client programs.
> The users should pay extreme attention to their credientials not to let
> others get it.
> But if in this case, you have any idea to avoid or just decrease its
> impact to the mail server?
> Let's say, control the maximun number of recipients in horde/imp TO 
field
> and number of sending mails in a certain period of time by using 
horde/imp
> in horde/imp configuration?

Both is possible since IMP 4.2.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/

--
IMP mailing list - Join the hunt: http://horde.org/bounties/#imp
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: imp-unsubscribe at lists.horde.org




More information about the imp mailing list