On Thu, 2004-07-29 at 15:58 +0200, Michael Haardt wrote:
> I just see that the Exim filter specification 3.26 says:
>
> if personal then
> mail
> to $reply_address
> subject "Re: $h_subject:"
> file $home/vacation/message
> once $home/vacation/once
> once_repeat 10d
> endif
>
> I consider that dangerous, because mailing lists often verify addresses
> by sending a mail with a key in the subject. Using the vacation
> responder above, anybody could subscribe its user to such mailing lists.
> Besides being annoying, spammers would get opt-in confirmations for their
> "newsletters".
interesting point, but I think the mailing list software is broken if it
accepts a bounce as a confirmation e-mail. Exim will always use <> as
the envelope sender for autoreply. I do note that our own (old) Mailman
installation is broken in this respect, though :-)
in our case, the vacation feature will usually not trigger this
behaviour, since we try to avoid replying to what looks like mailing
lists:
senders = ! : !^.+-request@ : !^owner-.+@ : !^.+-owner@ : !^postmaster@ : \
!^listmaster@ : !^mailer-daemon@ : !^root@ : !^.+-admin@ : \
!^.+=.+\\..+@ : !^.+-bounces@
(the funny-looking regexp with an equals signs in it tries to recognise
VERP style addresses.)
--
Kjetil T.
