On Thu, 13 Dec 2007 09:59:31 +1300, Martin Kealey <[EMAIL PROTECTED]> wrote:
>
>
> On Wed, 12 Dec 2007 09:02:33 +0100, till <[EMAIL PROTECTED]> wrote:
>> Isn't this what people use the "X-Sender"-header for? If I remember
>> correctly that would be the defacto standard - but it would "only"
>> contain an IP. ;-)
>
> The "Received" header is a de-jure standard, and I thought we were
> supposed
> to be standards-compliant wherever possible. Furthermore, the formatting
> ambiguity and lack of corroborating information in an X-Sender header make
> the latter quite untrustworthy.
>
> Perhaps I need to explain further: we have some customers who use webmail,
> and others who use "plain" mail clients (e.g. Outlook, Thunderbird etc).
>
> When the latter group sends mail, they connect using SMTP or SMTPS; the
> "next hop" mail server -- normally our "official" outbound mail server --
> inserts a received header that records the sending IP address and
> timestamp.
>
> We want the same thing to happen when they send mail using HTTP rather
> than
> SMTP.
>
> This information is used when the customer sends spam and it gets sent
> back
> to our "abuse" dept; we have tools that can automatically extract the
> customer info from such a report, and do it in a way that minimizes the
> chance of an innocent customer being banned as a result of a forged
> report.
>
> -Martin
Greetings,
First, I want to preface this by saying that I do not want to, nor am I
attempting to trivialize
your generosity, and effort(s).
That said, I'm not sure I understand what the possible gain would be from
adding your proposed
patch. Of course, it could be that I am simply mis-understanding your whole
point. :P
As I understand your proposition; your patch attempts (and likely succeeds) in
adding the original
senders IP and host name (if available). But as it is, all my (our) servers
already provide that info,
and RoundCube in it's current incarnation also shows me the entire chain the
email took to arrive
in my mailbox simply by pressing on the "view source" link. While I would agree
that this might not
be the most efficient, or convenient method. It seems that it (roundcube)
already provides every-
thing your patch intends to provide. On the other hand, what would be super
cool, and very easy
to provide, would be if RoundCube added an "expose headers" link underneath the
From links
at the top of the mail. It could/would be as simple as adding an additional TD,
or DIV that had an
initial state of COLLAPSE:COLLAPSE with an HREF/ONCLICK that changed it to a
state of
EXPAND. That way it would be an extremely simple task for anyone involved to
read the header
and follow the mail' path to determine it's legitimacy. Another thought that
would also be a simple
task; would be to provide a "bounce mail" link that could provide only a
recipient field that
could be used to bounce the entire mail in it's original state unmodified to
another recipient for
further investigation - say; the postmaster, for example. That way, the
recipient and bouncer
needn't be bothered with all the dirty details needed to perform in order to
get accurate info
on the email.
Anyway, that's my take on the whole thing.
If I've simply misunderstood the whole thing, feel free to enlighten me. :)
P.S. Example SPAM header as I am able to view it in roundcube follows:
Received:
* from [111.22.333.444] ([111.22.333.444]) by my.mail.server
(8.13.3/8.13.3) with ESMTP id lBC34dil012627 for <[EMAIL PROTECTED]>; Tue, 11
Dec 2007 19:04:52 -0800 (PST) (envelope-from [EMAIL PROTECTED])
* from customer-PC ([10.0.2.1] helo=customer-PC) by [111.22.333.444] (
sendmail 8.13.3/8.13.1) with esmtpa id 1veQRo-000EQP-Bj for [EMAIL PROTECTED];
Wed, 12 Dec 2007 06:04:50 +0300
Please note the original IP's and Host Names have been obscured to protect the
innocent, as well
as the guilty. :)
> _______________________________________________
> List info: http://lists.roundcube.net/dev/
/////////////////////////////////////////////////////
Service provided by hitOmeter.NET internet messaging!
.
_______________________________________________
List info: http://lists.roundcube.net/dev/
