On Thu, Apr 23, 2009 at 6:25 PM, jm <jeffm@xxxxxxxxxxxx> wrote: > In the wake of spam attacks I'm attempting to lock down squirrelmail as > much as possible while remaining usable for our customers (I work for an > ISP). > So far I've added a captcha, but this doesn't seem to help as much as > you'd think. Make sure the backend you've chosen is a good one. Some of them are relatively simple to hack. Note also you can use it in combination with the User Information plugin to restrict the country of origin. > In order to make it easier to at least track down the > source of spam I which to lock the "Reply To" field to match the user's > login. I've installed the force_prefs login and have set, You're trying to detect the problem by looking at emails that have already been sent out - you should fight the problem earlier. Install the Squirrel Logger and/or Restrict Senders plugins which can watch and optionally lock down accounts that start sending out large volumes of messages, especially with lots of recipients. You can also employ outgoing spam filters in your MTA and/or rate-limit your senders in the MTA. Then, turning off ability to edit email address in the configuration should be sufficient (or even not that necessary). > $fp_forced_settings=array( > 'email_address' => '', > 'reply_to' => '' > ); > > to remove the settings for "Reply To" and "Email Address". However, I'm > not having much luck removing the > > Multiple Identities: Edit Advanced Identities (discards changes made > on this form so far) > > entry. I've tried > > $fp_removed_optpage_urls=array( > 'options_identities.php' > ); > > but this doesn't seem to work. > > thoughts? ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensign option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
