Am 14.01.2012 18:23, schrieb IVO GELOV (CRM):
On Fri, 13 Jan 2012 20:03:36 +0200, Charles Marcus CMarcus@media-brokers.com wrote:
On 2012-01-13 12:11 PM, IVO GELOV (CRM) ivo@crm.walltopia.com wrote:
I am aware of the various autoresponder scripts for vacation autoreplies (I am using Virtual Vacation 3.1 by Mischa Peters). I have an issue with auto-replies - it is vulnerable to spamming with forged email address.
I think you are using an extremely old/outdated version...
The latest version would not suffer this problem, because it has a lot of message types that it will *not* respond to, including messages appearing to be from yourself...
Get the latest version fro the postfixadmin package.
However, I don't know how to use it without also using postfixadmin (it creates databases for storing the vacation message, etc)...
I have downloaded the latest version 4.0 - but it seems there is no way to prevent spammers to use forged email addresses. I decided to remove the vacation feature from our corporate mail server, because it actually opens a backdoor (even though only when someone decides to activate his vacation auto-reply) for spammers and puts a risk on the company (our server can be blacklisted).
I still think that my idea with custom error codes is more useful - if the user is on vacation, the message is rejected immediately (no auto-reply is sent) and sender can see (hopefully, because most users just ignore error messages) the reason why the messages was rejected.
Probably Dovecot-auth does not offer such flexibility right now - but it worths considering.
your right there is no way make perfekt sure that someone not uses your emailaddress "from and to" for spamming ( dkim and spf may help little )
now i hope i understand your problem right
a good way is to use dove lmtp with sieve also good antispam in postfix, perhaps a before global antispam sieve filter rule, that catched spam is sorted in some special junk folder , and so its not handled by incomming in mailbox inbox with what userdefined sieve rule ( i.e Vacation ) ever
look here
http://wiki.dovecot.org/LDA/Sieve
for ideas
anyway if you use other vacation tecs, make sure allready flagged spam by i.e clamav, amavis, spamassassin etc in postfix stage is not handled by your vacation service , script etc. as far i remember i gave some patch to the postfixadmin vacation script doing exact this
there is no ultimate way not to answer spammers by vacation or other auto script etc but if you do right , the problem goes nearly null
the risk of beeing blacklisted by third party exist ever when i.e forwarding ( redirect ) mail to outside ( so antispam filter is a "must have" here ), a simple vacation message only, is no high or none risk, as long it does not include any part of the real spam message
also vacation should only answer once in some time period, which should protect against loops and flooding others
the corect answer to your subject would be
if you want postfix simple to reject mails for some mailaddress with error code you like if the mailaddressowner is away, use a postfix reject table, if you want with i.e in/with mysql and some gui ( i.e. php ) so the mailaddressowner can edit the table himself
anyway, i personally dont use vacation anymore for many reasons , but others find it hardly needed
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria