On Fri, 13 Jan 2012 20:03:36 +0200, Charles Marcus <CMarcus@media-brokers.com> wrote:
On 2012-01-13 12:11 PM, IVO GELOV (CRM) <ivo@crm.walltopia.com> wrote:
I am aware of the various autoresponder scripts for vacation autoreplies (I am using Virtual Vacation 3.1 by Mischa Peters). I have an issue with auto-replies - it is vulnerable to spamming with forged email address.
I think you are using an extremely old/outdated version...
The latest version would not suffer this problem, because it has a lot of message types that it will *not* respond to, including messages appearing to be from yourself...
Get the latest version fro the postfixadmin package.
However, I don't know how to use it without also using postfixadmin (it creates databases for storing the vacation message, etc)...
I have downloaded the latest version 4.0 - but it seems there is no way to prevent spammers to use forged email addresses. I decided to remove the vacation feature from our corporate mail server, because it actually opens a backdoor (even though only when someone decides to activate his vacation auto-reply) for spammers and puts a risk on the company (our server can be blacklisted).
I still think that my idea with custom error codes is more useful - if the user is on vacation, the message is rejected immediately (no auto-reply is sent) and sender can see (hopefully, because most users just ignore error messages) the reason why the messages was rejected.
Probably Dovecot-auth does not offer such flexibility right now - but it worths considering.