[conspire] I get mail

Bill Ward bill at wards.net
Thu Aug 10 13:52:20 PDT 2006


On 8/10/06, Don Marti <dmarti at zgp.org> wrote:
> begin Rick Moen quotation of Thu, Aug 10, 2006 at 11:14:47AM -0700:
>
> > The first obvious un-met need is for flood-protection on it, so that it
> > couldn't be used to mailbomb any one claimed sending address.  I'd
> > do that, if I could figure out how.
>
> I cheated and let "vacation" do it -- it keeps a
> db file of when it last responded to each address.
> Here's the .forward file for user "info":
>
> .forward
> "|/usr/bin/vacation -r infinite -z -j info"
>
> (The real "vacation" program is old enough that most
> of the bad behavior has been complained out of it.)

Spammers would send mail to your address with the "From:" address set
to a variety of intended victims who would get your autoresponse and
start whining about it.  Since IIRC the "vacation" program uses the
"From:" address to limit only one per address, there's no safety
there.  What you'd need is to limit it by the IP address of the true
sender, perhaps, assuming the spammers have fewer compromised sending
systems than they do recipients.  Or, require strict adherence to SPF
(if your MTA inserts SPF results into the header, you can check for it
in procmail) in order for vacation to fire.

--Bill.




More information about the conspire mailing list