Tickets :: Comment on [#12792] Log identity

* Your Email Address
* Spam protection	Enter the letters below: .___.__ ._..___.__ [__ [__) \| [__ [__) \| \| \_\|_\| \| \
Comment	>> Is there a way to log which identity the email account being used to >> send out email? > > Configure your Mail Transfer Agent (MTA) to only accept messages > through SMTP AUTH on port 587. Configure Horde to send messages > through that port and use their credentials for SMTP AUTH. > > Don't allow users to setup e-mail addresses without verification that > they actually have access to this account. Make sure > $conf[user][verify_from_addr] is ticked in > Administration->Horde->User Capabilities and Constraints. > > Your MTA can possibly help too here. For instance, in Postfix there > is an option 'reject_sender_login_mismatch' which will prevent your > users from making up sender addresses. I use the latter, which has > the added benefit of being independent from Horde, so it doesn't > matter how users send messages through your server. > >> Some accounts got compromised and new identities >> created to perform spamming. > > Limiting the number of messages/recipients can send per hour/day > would have limited the impact of compromised accounts. Configure the > Administration->Permissions for IMP and cap both 'max_recipients' and > 'max_timelimit' to a reasonable value. > >> The only way to find out was from the >> horde_prefs table. Reading the log would be faster and more helpful. > > Sure.
Attachment
Watch this ticket