On Thu, 13 Dec 2007 17:05:29 +1300, Martin Kealey roundcube-maint@ihug.co.nz wrote:
On Wed, 12 Dec 2007 18:45:27 -0800, chris# wrote:
That said, I'm not sure I understand what the possible gain would be
from
adding your proposed patch. Of course, it could be that I am simply mis-understanding your whole point. :P
My point is ... we have customers who are using RoundCube to SEND spam. And at the moment we can't find them, hiding among the 150000 other well- behaved customers.
Put simply, we need more information recorded in OUTGOING messages.
AHHHH. Now *that* I understand. :)
OK. I've got some 300 domains with an average of 200 hosts hanging of each of them. So I *do* understand the need to track SPAM and abuse. That said; My solution has simply been to "turn up the volume". That is, increase the verbosity of the MTA logging. Assuming Sendmail, it is very difficult to track mail effectively with it's default log settings. I got a better understanding of this when I set out to create a Milter to reduce the overwhelming amount of SPAM I was receiving. In order for me to *accurately* tag *actual* SPAM, I needed to track patterns. But had a H#ll of a time with the terse logs the MTA was producing. So, with just a bit of reading, I found the "volume knob" and turned it up just far enough to get logs I could do something with. Now, some 7.5 mos. later, I've amassed 18,000 IP's of SPAMMERS - without so much as one false positive! Now that's something to be proud of. :) The other servers have comparable numbers as well (also, without false positives). I made the thing from scratch. Given another month, I'll probably release it. So others can take advantage of it. After all is said and done; I've gone from a minimum of 25 SPAM's/day to 3 SPAM per week. Now that's something I can live with. But I'm still trying to make it even better. I'm also about to roll out an public RBL. Anyway, again, assuming Sendmail, all you need to do is add the following to your mc file:
dnl FOR LOUDER VOLUME (higher log level)
define(confLOG_LEVEL',
10')
and run m4 against it. You'll be surprised at what you'll discover that you never knew happened. ;) Postfix, and Courier are very similar, and can be "tuned" as well. Now, whenever you suspect a SPAM, you can easily compare the date and time against your MTA log. Or better still; the ID generated during the Connect phase. :) Sure, it's not as simple as reading an Email. But your going to need the evidence in your log as proof anyway. So *now* you'll have *indisputable* evidence. :) On the X-Sender suggestion. To tell you the truth, that entry is trivial to forge. If you're at all familiar with the NNTP protocol, you already know what I mean. Sure, if the *only* MUA their using is RoundCube, it'd be more difficult for them. But if I really wanted to, I could even accomplish it in RoundCube pretty easy. Again, please note I'm not trying to trivialize your patch, or be argumentative. I just think that given your ultimate proof is going to have to come from your log anyway, and all you'll need from the Email is the ID the MTA generated to match against. That's all.
I've been hacking on my version of RC quite a bit. I'm about to add the two suggestions I already mentioned in this thread. But one... well actually, two things really bug me about RC, and I hope to overcome them as well.
when viewing the listings of mail, the From, Date, and Topic columns can't be widened/narrowed. This drives me NUT's. Do you know of any light weight grid library? I've looked at a couple. But their part of a much larger package, and are way too big. 2) Topic filtering/highlighting. This is also something I really feel needs to be added. I haven't had a chance to look at this at all. But would really like to make it happen. But the column thing will come first -- for me anyway.
(The "X-Sender" is merely their supposed sender identity; but since they're usually forged it's impossible to prove who is the guilty party, at least to the standard of proof needed to suspend a customer's account.)
Having said that, providing helper buttons for "report this message as spam" would be a nice addition; I'll give it some thought.
I'm already working on it. :)
-Martin
PS: have a look at the headers of this message for an example of what I mean.
As a matter of fact I did in my last response to this thread. Pretty noisy. :)
Best wishes, Chris
List info: http://lists.roundcube.net/dev/
///////////////////////////////////////////////////// Service provided by hitOmeter.NET internet messaging! .
List info: http://lists.roundcube.net/dev/