On Dec 12, 2007 1:13 AM, Martin Kealey roundcube-maint@ihug.co.nz wrote:
On of the problems we encounter as an ISP is the occassional customer account getting hijacked and used to send spam from the webmail interface.
To assist in tracking down the perpetrators, we've created a patch that inserts a Received header that records information so we can track down the compromised account. (In particular, the timestamp, source IP address and login name.)
The header is formatted like this:
Received: from [ip-address] (host.domain; login=username) by hostname-of-server with HTTP/version ; datestamp
You might wonder "why use the Received header"; well, the simple reason is so it can be processed the same way as any other spam report - and we get a lot of those.
Is this of interest to anyone else?
Isn't this what people use the "X-Sender"-header for? If I remember correctly that would be the defacto standard - but it would "only" contain an IP. ;-)
Regards, Till _______________________________________________ List info: http://lists.roundcube.net/dev/