Re: [Exim] Autoreplies with Subject "Re: $h_subject:" danger…

Góra strony
Delete this message
Reply to this message
Autor: Kjetil Torgrim Homme
Data:  
Dla: Michael Haardt
CC: exim-users
Temat: Re: [Exim] Autoreplies with Subject "Re: $h_subject:" dangerous?
On fre, 2004-07-30 at 11:45 +0200, Michael Haardt wrote:
> > interesting point, but I think the mailing list software is broken if it
> > accepts a bounce as a confirmation e-mail. Exim will always use <> as
> > the envelope sender for autoreply. I do note that our own (old) Mailman
> > installation is broken in this respect, though :-)
>
> Well, broken software is one thing. Spammers will probably accept <>
> as sender and not be so dumb to use a request address that matches the
> usual patterns.


I don't think spammers care about this. a vacation message does not
indicate that the message was read, quite the opposite in fact.

> So we agree that the manual should be changed not to give "Re: $h_subject:"
> as example


no.

> and explicitly state the dangers of doing so?


can't hurt.

> > in our case, the vacation feature will usually not trigger this
> > behaviour, since we try to avoid replying to what looks like mailing
> > lists:
> >
> >   senders = ! : !^.+-request@ : !^owner-.+@ : !^.+-owner@ : !^postmaster@ : \
> >         !^listmaster@ : !^mailer-daemon@ : !^root@ : !^.+-admin@ : \
> >         !^.+=.+\\..+@ : !^.+-bounces@

> >
> > (the funny-looking regexp with an equals signs in it tries to recognise
> > VERP style addresses.)
>
> The "personal" condition should probably be extended by some more
> patterns, as not everybody might know all of them. Any comments?


we can't use the "personal" test as it won't recognize all addresses of
our users (we make a +suffix disable rewriting), and so we don't check
that the user is mentioned in To:, making it more important for us to
filter on senders.
--
Kjetil T.