Bug#527964: squirrelmail should log username sending an e-mail

CJ Fearnley Sat, 09 May 2009 12:14:31 -0700

Package: squirrelmail
Version: 2:1.4.15-4
Severity: normal
Tags: patch


If a user of squirrelmail sends spam, for example, or, in general,
if the admin needs to find out who the sender of a particular e-mail
logged by the MTA is, then the current version provides insufficient
data (etch did better but was suboptimal as well).  The "SquirrelMail
authenticated user" is included in the Received header.  However, most
MTAs do not log the Received header.  So a squirrelmail admin will
have no means to determine which of their users sent an e-mail that
is registered in the local exim, postfix, sendmail logs.  Therefore,
I submit that it is essential that squirrelmail log the authenticated
user in the Message-ID as well since most MTAs do log the Message-ID.

Here is a patch to achieve the desired behavior:

--- Deliver.class.php.orig      2009-05-09 14:33:23.000000000 -0400
+++ Deliver.class.php   2009-05-09 14:33:33.000000000 -0400
@@ -540,7 +540,7 @@
             /* add the current time in milliseconds and randomness */
             $seed_data .= uniqid(mt_rand(),true);
             /* put it through one-way hash and add it to the ID */
-            $message_id .= md5($seed_data) . '.squirrel@' . $SERVER_NAME .'>';
+            $message_id .= md5($seed_data) . '.' . $username . '.squirrel@' . 
$SERVER_NAME .'>';
         }
 
         /* Make an RFC822 Received: line */

-- System Information:
Debian Release: 5.0.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-xen-686 (SMP w/1 CPU core)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages squirrelmail depends on:
ii  apache2            2.2.9-10+lenny2       Apache HTTP Server metapackage
ii  apache2-mpm-prefor 2.2.9-10+lenny2       Apache HTTP Server - traditional n
ii  libapache2-mod-php 5.2.6.dfsg.1-1+lenny3 server-side, HTML-embedded scripti
ii  perl               5.10.0-19             Larry Wall's Practical Extraction 
ii  php5               5.2.6.dfsg.1-1+lenny3 server-side, HTML-embedded scripti

Versions of packages squirrelmail recommends:
ii  ispell                 3.1.20.0-4.4      International Ispell (an interacti
ii  squirrelmail-locales   1.4.13-20071220-1 Translations for the SquirrelMail 

Versions of packages squirrelmail suggests:
pn  imap-server        <none>                (no description available)
pn  imapproxy          <none>                (no description available)
pn  php-pear | php4-pe <none>                (no description available)
ii  php5-ldap          5.2.6.dfsg.1-1+lenny3 LDAP module for php5
pn  squirrelmail-decod <none>                (no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Bug#527964: squirrelmail should log username sending an e-mail

Reply via email to