>> Does anyone has this experience? >> Spammers used the spam to ask horde/imp user to submit their account info >> (including password) >> Somehow, user submitted. >> And spammers use this user account to send a lot of bulk messages.
>Yes, there have been numerous cases like yours. >> Does anyone has this experience? I am just asking for suggest to improve >> in Horde/IMP webmail environment. >There is not much anyone can do but to keep their (and users) passwords >safe. Because Horde and IMP are open source, spammers do always have the >access to the source code and hence can always find a way to send spam >simulating a browser if they have correct credientials to use the >system. >Summa summarum: It's not the client programs fault if someone gets >credientials needed to send spam via the program. From a spammers point >of view the same thing can be accomplished with numerous other email >clients as well (programs running on workstations are off course a bit >harder to hack). I do realize it is not the fault of the client programs. The users should pay extreme attention to their credientials not to let others get it. But if in this case, you have any idea to avoid or just decrease its impact to the mail server? Let's say, control the maximun number of recipients in horde/imp TO field and number of sending mails in a certain period of time by using horde/imp in horde/imp configuration? I know it would be possible to control by MTA configuration. But I don't know to affect all other users else to Webmail. Thank you very much! Yours Sincerely, Jacky, Hoi Kei Chan Jussi Paju <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 06/09/2008 下午 07:06 To [email protected] cc Subject Re: [imp] Spammers Using Horde/IMP to Send Bulk Message On Sat, 6 Sep 2008, [EMAIL PROTECTED] wrote: > Does anyone has this experience? > Spammers used the spam to ask horde/imp user to submit their account info > (including password) > Somehow, user submitted. > And spammers use this user account to send a lot of bulk messages. Yes, there have been numerous cases like yours. > Does anyone has this experience? I am just asking for suggest to improve > in Horde/IMP webmail environment. There is not much anyone can do but to keep their (and users) passwords safe. Because Horde and IMP are open source, spammers do always have the access to the source code and hence can always find a way to send spam simulating a browser if they have correct credientials to use the system. Summa summarum: It's not the client programs fault if someone gets credientials needed to send spam via the program. From a spammers point of view the same thing can be accomplished with numerous other email clients as well (programs running on workstations are off course a bit harder to hack). -- Jussi Paju - luoja, creator - :: Te audire no possum. Musa sapientum fixa est in aure. :: I can't hear you. I have a banana in my ear. -- IMP mailing list - Join the hunt: http://horde.org/bounties/#imp Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: [EMAIL PROTECTED] -- IMP mailing list - Join the hunt: http://horde.org/bounties/#imp Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: [EMAIL PROTECTED]
