On Fri, 2010-08-20 at 04:45 +0800, Emmanuel Noobadmin wrote:
>
>
> User A sets a vacation message
> User A mailbox becomes full
> Sender B sends a message, gets an autorespond from User A
> Sender B's mailbox is full/invalid (such as spam) and their server
> sends a bounce
Error. The autoresponse should have MAIL FROM:<> and thus should never
be able to trigger a bounce. If your autoresponse don't have an empty
sender, they are a DoS attack waiting to happen. As you seem to be
finding out.
> User A receives bounce and sends a mailbox full bounce
> Sender B server receives bounce and also sends back a mailbox full
> bounce...
This is an even more egregious error. Your bounces absolutely *MUST* be
sent with the empty sender, and must never trigger more bounces in
return.
--
David Woodhouse Open Source Technology Centre
David.Woodhouse@??? Intel Corporation
