[imp] Imp and Spamassassin

Michael Menge michael.menge at zdv.uni-tuebingen.de
Tue Feb 2 10:37:38 UTC 2010


Quoting Jon Lewis <jlewis at lewis.org>:

> I'm curious if anyone has done any patches for integration of  
> spamassassin (to be used for checking mail as it's sent) with Imp?

Checking outgoing E-Mails with spamassassin is of limeted use,
as most headerbased rules can't trigger or would trigger also for
regular emails, and so you have to rely only on body rules.

> i.e. For ISP's customers having their customers' usernames/passwords  
> stolen or phished seems to be an ongoing problem.  Spammers then use  
> webmail to send their junk.  The problem is, the spammers frequently  
> also change the From: address to be an address at some other site  
> (usually one of the common free mail providers).  If we do  
> spamassassin scanning on the SMTP server after IMP has sent the  
> mail, and the message is scored as spam, then we have 2 choices.   
> Bounce mail to a likely forged From: address.  Eat the message.

Recent versions of Horde and Imp give you some options to limit the abuse.
1. you can disable that users can change the From: address
2. you can limit the number of recipients per email and per timeperiod.
3. horde logs the loginid of the sender of each message so you can disable
the account after abuse.

>
> I'm a firm believer in "mail should never disappear", but I really  
> don't like the idea of spam messages bouncing to sites from which  
> they didn't actually originate, in part because it's likely to set  
> off the same sort of problems the spam filtering is meant to stop.   
> So, it seems that ideally, if the message is scored as spam, imp  
> should fail to or refuse to send it, and give the sender an error  
> saying their message could not be sent.
>
> It looks like imp/lib/Compose.php could be hacked to pipe $msg to  
> spamc -c and check the result...or am I better off just using  
> $conf['mailer']['type'] = 'smtp'; and an SMTP server that can do  
> content scanning during the SMTP dialog?

I would scan during the SMTP dialog, as you don't need to patch
horde/imap and once setup it will work after upgrades.






--------------------------------------------------------------------------------
M.Menge                                Tel.: (49) 7071/29-70316
Universität Tübingen                   Fax.: (49) 7071/29-5912
Zentrum für Datenverarbeitung          mail:  
michael.menge at zdv.uni-tuebingen.de
Wächterstraße 76
72074 Tübingen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5339 bytes
Desc: S/MIME Signatur
URL: <http://lists.horde.org/archives/imp/attachments/20100202/69214bf1/attachment.bin>


More information about the imp mailing list