Re: [exim] noreplys...

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Odhiambo Washington
Dátum:  
Címzett: W B Hacker
CC: exim users
Tárgy: Re: [exim] noreplys...
On Thu, Oct 23, 2008 at 4:45 PM, W B Hacker <wbh@???> wrote:
> John Doe wrote:
>> ----- Original Message ----
>>
>>> From: W B Hacker <wbh@???>
>>> To: exim-users@???
>>> Sent: Saturday, October 18, 2008 4:57:43 AM
>>> Subject: Re: [exim] noreplys...
>>>
>>> Oliver von Bueren wrote:
>>>
>>>> A clean way without any risk is probably not possible. If you have a
>>>> list of members and only inform them if they send a message to the
>>>> noreply@ address, this reduces the risk quite a lot. But then why would
>>>> you want to do that if you can limit the senders which can send you mail
>>>> to that email address then anyway? It only annoys to do it through a web
>>>> page and not just use regular email to get in contact with a company one
>>>> does business with anyway.
>>>>
>>> A 'reasonably clean' way - presuming one is already running a Mailing
>>> List Manager, is to establish a specialized internal list with at least
>>> your 'responsible party' as a member, and at most, a team of several
>>> folks, such as sales or helpdesk staff.
>>>
>>> IF the 'main' list(s) are set closed, optionally 'no post' (outbound
>>> only), AND the messages show the 'internal' list address as the from and
>>> reply-to, AND the internal list allows members of the main list(s) to
>>> post to it...
>>>
>>> THEN you'll have a valid address to the smtp world, YET handle any
>>> restrictions (such as 'must be a member of ..' within your MLM, rahter
>>> than askign Exim to make the choices.
>>>
>>> Not a great deal more work can insure that a closed-post list is not
>>> abused for backscatter bouncing of spam.
>>>
>>> As always, there should also be a working postmaster@ for each domain,
>>> but the above trick will at least separate membership traffic into a
>>> separately managed category, making it easier to keep the member on-side.
>>>
>>>> To implement such a solution, you'd probably have to build some ACL for
>>>> the RCPT part to only accept messages to that address from a list of
>>>> given sender addresses and then implement the autoreply. For some
>>>> examples of autoreply check out this faq wiki entry:
>>>> http://wiki.exim.org/EximAutoReply
>>>>
>>>> For the ACL in the acl_smtp_rcpt part you could start with something
>>>> like this... (not tested!)
>>>>
>>>>    deny    message      = This address can only be used by registered
>>>> members.
>>>>            recipients   = noreply@???
>>>>            senders      = ! /list/to/addresses

>>>>
>>>> This causes a message sent to noreply@??? not coming from an
>>>> address listed in the file (one address per line) to be rejected with
>>>> the given reason.
>>>>
>>> .. essentially duplicating what the MLM (as above) can do, and arguably
>>> earlier in the process and more efficiently.
>>>
>>> HOWEVER - any MLM still has a lage set of other handling options, many
>>> of them menu/box-tick configurable. Chief among these is simply the
>>> management of subscribe+confirm and unsubscribe properly, auto-pruning
>>> members who cannot be reached after 'n' attempts over 't' time, etc.
>>>
>>> Well-known behaviour patterns, ease of admin, and active admin/developer
>>> groups are good reasons to use an MLM rather than reinvent one within Exim.
>>>
>>> YMMV,
>>>
>>> Bill Hacker
>>>
>>>> This is not fool prof either, as the sender address can always be forged.
>>>>
>>>> Oliver
>>
>
> Doing so successfully is a non-trivial exercise if Exim's other 'eyes'
> are open.
>
>> Thanks to both of you.
>> I wonder if it would be possible to sign a part of the email in order to verify that the reply is an authentic one...
>> We will have to spend some time on the subject I guess...
>>
>> Thx again,
>> JD
>>
>
> Ecartis, to name only the one I use, can do, and automagically DOES do
> for admin traffic. Hashed cookies with configurable expiration lives,
> even. Not hard to bend that feature to your will.
>
> Though Ecartis was desinged apurpose for secure admin entirely by email,
> *usually* anything one mainstream app can do its competition can also do.
>
> So if, for example, Mailman is your pref, then dig into its docs and/or
> search its support list archives.
>
> Very seldom is there a challenge someone else has not already found an
> answer for. Or several answers.
>
> Bill


Hi Bill,

Out of curiosity, why do you prefer Ecartis to Mailman?

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"Life must be understood backwards; but... it must be lived forward."
                            - Soren Kierkegaard
"Oh My God! They killed init! You Bastards!"
                        --from a /. post