Re: [Exim] Autoreplies with Subject "Re: $h_subject:" danger…

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Michael Haardt
Fecha:  
A: exim-users
Asunto: Re: [Exim] Autoreplies with Subject "Re: $h_subject:" dangerous?
> interesting point, but I think the mailing list software is broken if it
> accepts a bounce as a confirmation e-mail. Exim will always use <> as
> the envelope sender for autoreply. I do note that our own (old) Mailman
> installation is broken in this respect, though :-)


Well, broken software is one thing. Spammers will probably accept <>
as sender and not be so dumb to use a request address that matches the
usual patterns.

So we agree that the manual should be changed not to give "Re: $h_subject:"
as example and explicitly state the dangers of doing so?

> in our case, the vacation feature will usually not trigger this
> behaviour, since we try to avoid replying to what looks like mailing
> lists:
>
>   senders = ! : !^.+-request@ : !^owner-.+@ : !^.+-owner@ : !^postmaster@ : \
>         !^listmaster@ : !^mailer-daemon@ : !^root@ : !^.+-admin@ : \
>         !^.+=.+\\..+@ : !^.+-bounces@

>
> (the funny-looking regexp with an equals signs in it tries to recognise
> VERP style addresses.)


The "personal" condition should probably be extended by some more
patterns, as not everybody might know all of them. Any comments?

Michael