Ticket #1485128 (new Feature Requests)

Opened 4 months ago

Last modified 7 weeks ago

Add X-Orig-Sender for identifying which userlogin sent a mail

Reported by: HammerFall Owned by:
Priority: 5 Milestone: later
Component: SMTP connection Version: 0.2-alpha
Severity: normal Keywords:
Cc:

Description

If you are using multiple identities with roundcube, you only see the identity's email address chosen at the sending page in the email header. For debugging purposes and identifying spammy users in your system it would be more useful to have a (optional) header like this

$headers\['X-Orig-Sender'\] = $_SESSION\['username'\]

in

steps/mail/sendmail.inc

to see which login has been used to send a mail via roundcube.

Change History

Changed 4 months ago by thomasb

  • type changed from Bugs to Feature Requests
  • milestone changed from 0.2-stable to later

It's not a bug but a feature request

Changed 3 months ago by dan

webmail like gmail and yahoo add a X-Originating-IP: 66.70.73.150 header. would be a worthwhile addition to roundcube to trace back where an account hijacks.

Changed 7 weeks ago by dan

workaround is to enforce a SMTP authentication using RC %u and %p and let the SMTP server add the username.

ignore prev about X-Orig... I see the $_SERVERHTTP_X_FORWARDED_FOR? and $_SERVERREMOTE_ADDR? added to the received headers which is pretty nice

Note: See TracTickets for help on using tickets.