Re: [exim] Stop responding to bounces?

Top Page
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Emmanuel Noobadmin
CC: exim-users
Subject: Re: [exim] Stop responding to bounces?
On Fri, 2010-08-20 at 04:45 +0800, Emmanuel Noobadmin wrote:
>
>
> User A sets a vacation message
> User A mailbox becomes full
> Sender B sends a message, gets an autorespond from User A
> Sender B's mailbox is full/invalid (such as spam) and their server
> sends a bounce


Error. The autoresponse should have MAIL FROM:<> and thus should never
be able to trigger a bounce. If your autoresponse don't have an empty
sender, they are a DoS attack waiting to happen. As you seem to be
finding out.

> User A receives bounce and sends a mailbox full bounce
> Sender B server receives bounce and also sends back a mailbox full
> bounce...


This is an even more egregious error. Your bounces absolutely *MUST* be
sent with the empty sender, and must never trigger more bounces in
return.

-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse@???                              Intel Corporation