[conspire] I get mail

[Don Marti]

begin Rick Moen quotation of Thu, Aug 10, 2006 at 11:14:47AM -0700:

> The first obvious un-met need is for flood-protection on it, so that it
> couldn't be used to mailbomb any one claimed sending address.  I'd 
> do that, if I could figure out how.  

I cheated and let "vacation" do it -- it keeps a
db file of when it last responded to each address.
Here's the .forward file for user "info":

.forward
"|/usr/bin/vacation -r infinite -z -j info"

(The real "vacation" program is old enough that most
of the bad behavior has been complained out of it.)

> Since my procmail-fu is not very strong, I've mostly relied on my MTA's
> very well-developed abuse rejection, and hope that the result is not
> significantly vulnerable.  (In my experience, attempting to detect Joe
> Jobs, etc., _after_ MTA acceptance is hopeless, and so must be done at
> SMTP time.  My MTA's very good at that, but not perfect, for reasons
> inherent in current SMTP.)  

Of course if every domain had SPF, and every mail
server running an autoresponder checked SPF, it would
cover it, right?

-- 
Don Marti                    
http://zgp.org/~dmarti/
dmarti at zgp.org           LinuxWorld: August 14-17, 2006, San Francisco