Re: Botnet FPs from Webmail Senders

Thu, 29 Jan 2009 12:19:50 -0800 

On Thu, 29 Jan 2009, Kai Schaetzl wrote:

> Andy Dorman wrote on Wed, 28 Jan 2009 11:03:01 -0600:
>
> > We were just hoping someone else in this group would have run into this
> > situation and have a suggestion, given how ubiquitous webmail is these 
> > days.  If
> > not, we will keep pounding at it.
>
> Well, the easiest and fastest solution is to go to the Horde code and change 
> the
> few bits in it, so that it resembles the authentication line that gets added 
> to the
> typical SMTP AUTH transaction. And submit it as a feature request to the Horde
> developers. Or remove that line completely and/or change to an informational
> header, like:
> X-Submit-Host: (rbn1s-216-180-93-118.adsl.hiwaay.net [216.180.93.118])
>
>
> Kai

We ran into the exact same issue. As Kai says munging the Horde code to
add SMTP AUTH transaction headers is simple, for us the patch was:

[r...@server31 html]# diff -C 6 horde/lib/Horde/MIME/Headers.php-orig 
horde/lib/Horde/MIME/Headers.php
*** horde/lib/Horde/MIME/Headers.php-orig       2006-03-28 07:22:01.000000000 
-0600
--- horde/lib/Horde/MIME/Headers.php    2007-09-24 14:14:25.000000000 -0500
***************
*** 294,305 ****
--- 294,314 ----
              $received .= $_SERVER['REMOTE_IDENT'] . '@' . $remote . ' ';
          } elseif ($remote != $_SERVER['REMOTE_ADDR']) {
              $received .= $remote . ' ';
          }
          $received .= '[' . $remote_addr . ']) ';

+ /* Add 'authenticated' part to header to prevent spam blocking clients */
+
+       $curent_user = Auth::getAuth();
+       if (!empty($curent_user)) {
+           $received .= '(authenticated user='. $curent_user . ' bits=0) ';
+       } else {
+           $received .= '(authenticated bits=0) ';
+       }
+
          if (!empty($GLOBALS['conf']['server']['name'])) {
              $server_name = $GLOBALS['conf']['server']['name'];
          } elseif (!empty($_SERVER['SERVER_NAME'])) {
              $server_name = $_SERVER['SERVER_NAME'];
          } elseif (!empty($_SERVER['HTTP_HOST'])) {
              $server_name = $_SERVER['HTTP_HOST'];



-- 
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

Reply via email to