Tickets :: [#5669] spam protection needed

6.0.0-beta1

12/18/25

Summary	spam protection needed
Queue	IMP
Queue Version	4.0.4
Type	Enhancement
State	Rejected
Priority	3. High
Owners
Requester	zoli (at) polarhome (dot) com
Created	08/24/2007 (6691 days ago)
Due
Updated	09/01/2007 (6683 days ago)
Assigned
Resolved	08/24/2007 (6691 days ago)
Milestone
Patch	No

09/01/2007 08:55:13 PM	zoli (at) polarhome (dot) com	Comment #7	Reply to this comment
Thank you very much... seems it works. It is a great feature. Regards, Z

08/27/2007 03:30:01 PM	Chuck Hagenbuch	Comment #6	Reply to this comment
You need to turn on sentmail logging in IMP's configuration; then you can set permissions for the actual limits (using Horde's permissions system).

08/27/2007 09:41:57 AM	zoli (at) polarhome (dot) com	Comment #5	Reply to this comment
Hello, I am aware of that option and this is also set Really? Then why did you say you're using IMP 4.0.4? I beg your pardon... you have right. I used 4.1.4. However, IMP 4.2 includes options for the maximum number of recipients that a user can send do at once, and in a configurable period. I have upgraded to Horde: 3.2-ALPHA Imp: H3 (4.2-ALPHA) (run Imp tests) and could not find the options that you have mentioned. Could you please help me with this... Thank you in advance. Regards, Z

08/24/2007 03:16:02 PM	Chuck Hagenbuch	Comment #4	Reply to this comment
However, IMP 4.2 includes options for the maximum number of recipients that a user can send do at once, and in a configurable period. I am aware of that option and this is also set Really? Then why did you say you're using IMP 4.0.4? As I can see the abuser sends in a well defined URL that Horde/IMP accepts with current authentication allowing sendig out many thousands of mails in few hours. This is exactly what the rate limiting in IMP 4.2 prevents.

08/24/2007 08:43:23 AM	zoli (at) polarhome (dot) com	Comment #3	Reply to this comment
Hello, Even whups doesn't have a captcha for authenticated users, and I don't think adding one to IMP is a good idea. However, IMP 4.2 includes options for the maximum number of recipients that a user can send do at once, and in a configurable period. I am aware of that option and this is also set, regardless the IMP is abused several times at polarhome.com (this is the reason why I have been forced to disable for all 100k+ users) As I can see the abuser sends in a well defined URL that Horde/IMP accepts with current authentication allowing sendig out many thousands of mails in few hours. An explicit spam protection that would require the user to use the compose page through web inteface and enter a unique combination of letters would prevent automatic URL submissions - what might be the case here. If you have any other workaround please tell us now. Thank you in advance. Regards, Zoltan Arpadffy

08/24/2007 02:49:26 AM	Chuck Hagenbuch	Comment #2 State ⇒ Rejected	Reply to this comment
Even whups doesn't have a captcha for authenticated users, and I don't think adding one to IMP is a good idea. However, IMP 4.2 includes options for the maximum number of recipients that a user can send do at once, and in a configurable period.

08/24/2007 02:26:37 AM	zoli (at) polarhome (dot) com	Comment #1 Priority ⇒ 3. High Type ⇒ Enhancement Summary ⇒ spam protection needed Queue ⇒ IMP State ⇒ New	Reply to this comment
Hello, I have been using Horde framework for years and it have been working most of the time very well. During the last year I have noticed that IMP has been abused several times to send out spam (thousands of mail). As my mail server has a limitation of 15 recepiens it is done by reusing horde/imp session and resubmit the url. I would kindly ask you to add an optional (configurable) spam protection field to compose and forward functionality in IMP (like in this ticket application) in order to improve spam protection of the application itself. Thank you very much in advance. Regards, Zoltan Arpadffy