Matus UHLAR - fantomas <[EMAIL PROTECTED]> wrote: > . . . Be sure to add some tracking informations if you want to be able > to find out e.g. who spammed through your webmail (we've had some nigerian > spammers hacking accounts and spamming last month)
This is an important topic for IMP users. We've had IMP abuse as well, for what purports to be a British Lotto, and we've been on the receiving end of the same kind of spam from other IMP and Squirrelmail installations. They send a lot of mail very fast. Clearly it is not hand-typed. The spam gang must have software that can submit the necessary form data to popular webmail software to log in and send mail. They need an account and password to do it. We suspect the source is keyboard loggers installed in places like Internet cafes. Since IMP requires a successful login before it will send mail, IMP is not at fault. However it is important to have IMP record what user sent each message, in order to track down what account has been compromised and stop further abuse. We have chosen to insert the user into an X- header, and to write the user to syslog. This makes it simple for our security team to cut off the account that was used. If you don't do this, your IMP installation will be abused at some point. By "a lot of mail" I mean more than 100,000 messages. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology -- IMP mailing list - Join the hunt: http://horde.org/bounties/#imp Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: [EMAIL PROTECTED]
