[RCD] Adding a "Received" header to outbound messages

chris# chris# at codewarehouse.NET
Thu Dec 13 12:14:06 CET 2007

On Thu, 13 Dec 2007 17:05:29 +1300, Martin Kealey <roundcube-maint at ihug.co.nz> wrote:
> On Wed, 12 Dec 2007 18:45:27 -0800, chris#  wrote:
>> That said, I'm not sure I understand what the possible gain would be
> from
>> adding your proposed patch. Of course, it could be that I am simply
>> mis-understanding your whole point. :P
> My point is ... we have
> customers who are using RoundCube to SEND spam. And at the moment we
> can't find them, hiding among the 150000 other well- behaved
> customers.
> Put simply, we need more information recorded in OUTGOING messages.

AHHHH. Now *that* I understand. :)

OK. I've got some 300 domains with an average of 200 hosts hanging of each
of them. So I *do* understand the need to track SPAM and abuse. That said;
My solution has simply been to "turn up the volume". That is, increase the
verbosity of the MTA logging. Assuming Sendmail, it is very difficult to track
mail effectively with it's default log settings. I got a better understanding
of this when I set out to create a Milter to reduce the overwhelming amount of
SPAM I was receiving. In order for me to *accurately* tag *actual* SPAM, I
needed to track patterns. But had a H#ll of a time with the terse logs the MTA
was producing. So, with just a bit of reading, I found the "volume knob" and
turned it up just far enough to get logs I could do something with. Now, some
7.5 mos. later, I've amassed 18,000 IP's of SPAMMERS - without so much as
one false positive! Now that's something to be proud of. :) The other servers
have comparable numbers as well (also, without false positives). I made the
thing from scratch. Given another month, I'll probably release it. So others
can take advantage of it. After all is said and done; I've gone from a minimum
of 25 SPAM's/day to 3 SPAM per week. Now that's something I can live with.
But I'm still trying to make it even better. I'm also about to roll out an public
RBL. Anyway, again, assuming Sendmail, all you need to do is add the
following to your mc file:

dnl FOR LOUDER VOLUME (higher log level)
define(`confLOG_LEVEL', `10')

and run m4 against it. You'll be surprised at what you'll discover that you
never knew happened. ;) Postfix, and Courier are very similar, and can
be "tuned" as well. Now, whenever you suspect a SPAM, you can easily
compare the date and time against your MTA log. Or better still; the ID
generated during the Connect phase. :)
Sure, it's not as simple as reading an Email. But your going to need
the evidence in your log as proof anyway. So *now* you'll have
*indisputable* evidence. :)
On the X-Sender suggestion. To tell you the truth, that entry is trivial
to forge. If you're at all familiar with the NNTP protocol, you already
know what I mean. Sure, if the *only* MUA their using is RoundCube,
it'd be more difficult for them. But if I really wanted to, I could even
accomplish it in RoundCube pretty easy. Again, please note I'm not
trying to trivialize your patch, or be argumentative. I just think that
given your ultimate proof is going to have to come from your log
anyway, and all you'll need from the Email is the ID the MTA
generated to match against. That's all.

I've been hacking on my version of RC quite a bit. I'm about to add the
two suggestions I already mentioned in this thread. But one... well
actually, two things really bug me about RC, and I hope to overcome
them as well.
1) I can't adjust the columns in the mail box listings - that is;
when viewing the listings of mail, the From, Date, and Topic columns
can't be widened/narrowed. This drives me NUT's.
Do you know of any light weight grid library? I've looked at a couple.
But their part of a much larger package, and are way too big.
2) Topic filtering/highlighting. This is also something I really feel
needs to be added. I haven't had a chance to look at this at all.
But would really like to make it happen. But the column thing will
come first -- for me anyway.

> (The "X-Sender" is merely their supposed sender identity; but since
> they're usually forged it's impossible to prove who is the guilty
> party, at least to the standard of proof needed to suspend a
> customer's account.)
> Having said that, providing helper buttons for "report this message as
> spam"
> would be a nice addition; I'll give it some thought.

I'm already working on it. :)

> -Martin
> PS: have a look at the headers of this message for an example of what I
> mean.

As a matter of fact I did in my last response to this thread. Pretty noisy. :)

Best wishes,

> _______________________________________________
> List info: http://lists.roundcube.net/dev/
Service provided by hitOmeter.NET internet messaging!

List info: http://lists.roundcube.net/dev/

More information about the Dev mailing list