On Thu, 13 Dec 2007 09:59:31 +1300, Martin Kealey roundcube-maint@ihug.co.nz wrote:
On Wed, 12 Dec 2007 09:02:33 +0100, till klimpong@gmail.com wrote:
Isn't this what people use the "X-Sender"-header for? If I remember correctly that would be the defacto standard - but it would "only" contain an IP. ;-)
The "Received" header is a de-jure standard, and I thought we were supposed to be standards-compliant wherever possible. Furthermore, the formatting ambiguity and lack of corroborating information in an X-Sender header make the latter quite untrustworthy.
Perhaps I need to explain further: we have some customers who use webmail, and others who use "plain" mail clients (e.g. Outlook, Thunderbird etc).
When the latter group sends mail, they connect using SMTP or SMTPS; the "next hop" mail server -- normally our "official" outbound mail server -- inserts a received header that records the sending IP address and timestamp.
We want the same thing to happen when they send mail using HTTP rather than SMTP.
This information is used when the customer sends spam and it gets sent back to our "abuse" dept; we have tools that can automatically extract the customer info from such a report, and do it in a way that minimizes the chance of an innocent customer being banned as a result of a forged report.
-Martin
Greetings, First, I want to preface this by saying that I do not want to, nor am I attempting to trivialize your generosity, and effort(s). That said, I'm not sure I understand what the possible gain would be from adding your proposed patch. Of course, it could be that I am simply mis-understanding your whole point. :P As I understand your proposition; your patch attempts (and likely succeeds) in adding the original senders IP and host name (if available). But as it is, all my (our) servers already provide that info, and RoundCube in it's current incarnation also shows me the entire chain the email took to arrive in my mailbox simply by pressing on the "view source" link. While I would agree that this might not be the most efficient, or convenient method. It seems that it (roundcube) already provides every- thing your patch intends to provide. On the other hand, what would be super cool, and very easy to provide, would be if RoundCube added an "expose headers" link underneath the From links at the top of the mail. It could/would be as simple as adding an additional TD, or DIV that had an initial state of COLLAPSE:COLLAPSE with an HREF/ONCLICK that changed it to a state of EXPAND. That way it would be an extremely simple task for anyone involved to read the header and follow the mail' path to determine it's legitimacy. Another thought that would also be a simple task; would be to provide a "bounce mail" link that could provide only a recipient field that could be used to bounce the entire mail in it's original state unmodified to another recipient for further investigation - say; the postmaster, for example. That way, the recipient and bouncer needn't be bothered with all the dirty details needed to perform in order to get accurate info on the email.
Anyway, that's my take on the whole thing. If I've simply misunderstood the whole thing, feel free to enlighten me. :)
P.S. Example SPAM header as I am able to view it in roundcube follows: Received:
* from [111.22.333.444] ([111.22.333.444]) by my.mail.server (8.13.3/8.13.3) with ESMTP id lBC34dil012627 for <me@my.mail.server>; Tue, 11 Dec 2007 19:04:52 -0800 (PST) (envelope-from Spammer658@spam.server)
* from customer-PC ([10.0.2.1] helo=customer-PC) by [111.22.333.444] ( sendmail 8.13.3/8.13.1) with esmtpa id 1veQRo-000EQP-Bj for me@my.mail.server; Wed, 12 Dec 2007 06:04:50 +0300
Please note the original IP's and Host Names have been obscured to protect the innocent, as well as the guilty. :)
List info: http://lists.roundcube.net/dev/
///////////////////////////////////////////////////// Service provided by hitOmeter.NET internet messaging! .
List info: http://lists.roundcube.net/dev/