On of the problems we encounter as an ISP is the occassional
customer account getting hijacked and used to send spam from the
webmail interface.
To assist in tracking down the perpetrators, we've created a patch
that inserts a Received header that records information so we can
track down the compromised account. (In particular, the timestamp,
source IP address and login name.)
The header is formatted like this:
Received: from [ip-address] (host.domain; login=username)
by hostname-of-server
with HTTP/version ;
datestamp
You might wonder "why use the Received header"; well, the simple
reason is so it can be processed the same way as any other spam report
- and we get a lot of those.
Is this of interest to anyone else?
-Martin
_______________________________________________
List info: http://lists.roundcube.net/dev/
