Re: [Exim] Re: Warning: spammers abusing vacation autorespon…

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Exim Users
Subject: Re: [Exim] Re: Warning: spammers abusing vacation autoresponders
On 2002-02-11 at 21:02 +0800, Suresh Ramasubramanian wrote:
> You sure it is not formmail.pl, Phil?


Yes, quite sure thanks. Given the number of formmail.pl scripts which
I've had to disable on web-sites of customers of my employer, I'm ...
familiar with those. :^(

Quoth Vadik on Mon, 11 Feb 2002 at 14:51:02 +0200:
> Do you see anything indicating it's a vacation message (like
> subject or body pointing out that fact)?


The Subject: indicated that the mails which I saw were autoresponses.
I've seen a few recently, but it only just clicked that this was
something new, so regrettably (!) I didn't keep samples.

> > Since the spammer doesn't care about how many mails they send,
> > restrictions such as "once" don't help. Setting text or file does ...
> > unless it's expanded and includes something like $message_body.
>
> What's the point? /usr/ucb/vacation and the Exim filter vacation
> command (by default) don't send $message_body back. If the
> spammer's point were to deliver as much mail as possible to you,
> it would be reasonable, but they usually try to deliver the
> content, so it's kind of pointless.


Uhm, please go re-read the text which you quoted. Exim can be set to
expand, and should be able to include the body. Most people are
unlikely to see the implications of this and will blithely set it.

A restriction on expanding $message_body in the autoresponder reply text
is perhaps overkill, or is it?

> > Or is there a better way of preventing issues with $message_body being
> > returned?
>
> Bounce messages usually have $message_body in them.


Yes. But it's not beng abused at present, probably because of the crap
in them. Most autoresponders aren't abusable.

I think that the rate-limiting is probably unnecessary, now that I
reflect on it, if there's a sensible limit upon $message_body in the
autoresponder text. But I'm not sure if that's even more work.

I'll try to avoid automatically deleting the next such mail which I see.
Unfortunately, the last one or two which I've seen, like this, were part
of my Monday-morning spam-delete purge of mails via the various company
mailing-lists.
--
The code was willing,
It considered your request,
But the chips were weak.