[RCD] Adding a "Received" header to outbound messages

chris# chris# at codewarehouse.NET
Thu Dec 13 03:45:27 CET 2007




On Thu, 13 Dec 2007 09:59:31 +1300, Martin Kealey <roundcube-maint at ihug.co.nz> wrote:
> 
> 
> On Wed, 12 Dec 2007 09:02:33 +0100, till <klimpong at gmail.com> wrote:
>> Isn't this what people use the "X-Sender"-header for? If I remember
>> correctly that would be the defacto standard - but it would "only"
>> contain an IP. ;-)
> 
> The "Received" header is a de-jure standard, and I thought we were
> supposed
> to be standards-compliant wherever possible. Furthermore, the formatting
> ambiguity and lack of corroborating information in an X-Sender header make
> the latter quite untrustworthy.
> 
> Perhaps I need to explain further: we have some customers who use webmail,
> and others who use "plain" mail clients (e.g. Outlook, Thunderbird etc).
> 
> When the latter group sends mail, they connect using SMTP or SMTPS; the
> "next hop" mail server -- normally our "official" outbound mail server --
> inserts a received header that records the sending IP address and
> timestamp.
> 
> We want the same thing to happen when they send mail using HTTP rather
> than
> SMTP.
> 
> This information is used when the customer sends spam and it gets sent
> back
> to our "abuse" dept; we have tools that can automatically extract the
> customer info from such a report, and do it in a way that minimizes the
> chance of an innocent customer being banned as a result of a forged
> report.
> 
> -Martin
Greetings,
 First, I want to preface this by saying that I do not want to, nor am I attempting to trivialize
your generosity, and effort(s).
 That said, I'm not sure I understand what the possible gain would be from adding your proposed
patch. Of course, it could be that I am simply mis-understanding your whole point. :P
As I understand your proposition; your patch attempts (and likely succeeds) in adding the original
senders IP and host name (if available). But as it is, all my (our) servers already provide that info,
and RoundCube in it's current incarnation also shows me the entire chain the email took to arrive
in my mailbox simply by pressing on the "view source" link. While I would agree that this might not
be the most efficient, or convenient method. It seems that it (roundcube) already provides every-
thing your patch intends to provide. On the other hand, what would be super cool, and very easy
to provide, would be if RoundCube added an "expose headers" link underneath the From links
at the top of the mail. It could/would be as simple as adding an additional TD, or DIV that had an
initial state of COLLAPSE:COLLAPSE with an HREF/ONCLICK that changed it to a state of
EXPAND. That way it would be an extremely simple task for anyone involved to read the header
and follow the mail' path to determine it's legitimacy. Another thought that would also be a simple
task; would be to provide a "bounce mail" link that could provide only a recipient field that
could be used to bounce the entire mail in it's original state unmodified to another recipient for
further investigation - say; the postmaster, for example. That way, the recipient and bouncer
needn't be bothered with all the dirty details needed to perform in order to get accurate info
on the email.

Anyway, that's my take on the whole thing.
If I've simply misunderstood the whole thing, feel free to enlighten me. :)

P.S. Example SPAM header as I am able to view it in roundcube follows:
Received:   	

    * from [111.22.333.444] ([111.22.333.444]) by my.mail.server (8.13.3/8.13.3) with ESMTP id lBC34dil012627 for <me at my.mail.server>; Tue, 11 Dec 2007 19:04:52 -0800 (PST) (envelope-from Spammer658 at spam.server)
    * from customer-PC ([10.0.2.1] helo=customer-PC) by [111.22.333.444] ( sendmail 8.13.3/8.13.1) with esmtpa id 1veQRo-000EQP-Bj for me at my.mail.server; Wed, 12 Dec 2007 06:04:50 +0300

Please note the original IP's and Host Names have been obscured to protect the innocent, as well
as the guilty. :)

> _______________________________________________
> List info: http://lists.roundcube.net/dev/
/////////////////////////////////////////////////////
Service provided by hitOmeter.NET internet messaging!
.


_______________________________________________
List info: http://lists.roundcube.net/dev/



More information about the Dev mailing list