On 8/20/10, David Woodhouse <dwmw2@???> wrote:
> Error. The autoresponse should have MAIL FROM:<> and thus should never
> be able to trigger a bounce. If your autoresponse don't have an empty
> sender, they are a DoS attack waiting to happen. As you seem to be
> finding out.
>
>> User A receives bounce and sends a mailbox full bounce
>> Sender B server receives bounce and also sends back a mailbox full
>> bounce...
>
> This is an even more egregious error. Your bounces absolutely *MUST* be
> sent with the empty sender, and must never trigger more bounces in
> return.
Thank you so much for pointing this out!
The original exim configuration/installation was done by a third party
vendor so again I made the mistake of assuming they knew what they
were doing. For some reason they did set the return-path to <> but not
the "From" address. I've changed this and hopefully the mail loop will
not happen again.