On Wed 12/Mar/2014 16:29:52 +0100 Lorenzo Perone wrote: > > The problem I would like to solve is (if there is another way, I'll go > for it): Sometimes user passwords get guessed / lost, and spammers will > use that account, authenticate as it, and 'relay' mails around. I'd like > to be able to log these cases to be able to inform the user and > temporarily disable the account more quickly in that case.
General items to monitor are: * Number of messages sent in a day or fraction thereof, * number of (geographically distant) source IPs, * unusual From: field and/or sender record (ctlfile 's'), * feedback loops at relevant providers (yahoo/aol/live) and abuse@. Except the last one, those items can be signaled by your filter. None of those are final, unless you set desperately high limits, because some users engage legitimate email marketing, some use Tor or VPNs, from fields can be used in various ways by legitimate users and spammers alike, and some recipients report messages by mistake. You need to examine some of those messages in order to make sure the account is compromised. Abusive messages may contain evidence of further hacks that might be worth reporting, such as web sites distributing viruses. > So far, I've been thinking to parse the Received headers, but those > could be spoofed. The record Sam suggested (ctlfile 'i') is the official AUTHNAME, but the topmost Received: is written by Courier just before invoking the filter, so you can trust it. You may safely skip any "Received: from localhost ... with local;" that may appear above it if filters are invoked during local delivery. If the user authenticated, you get "authsmtp" in ctlfile 'u'. See "Control records" in the oldish http://www.courier-mta.org/queue.html , and the #define's in http://sourceforge.net/p/courier/courier.git/ci/master/tree/courier/courier/libs/comctlfile.h hth Ale -- ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users