[Dovecot] Using Dovecot-auth to return error code 450 (or other 4xx) to Postfix when user is on vacation

Robert Schetterer robert at schetterer.org
Sat Jan 14 21:24:39 EET 2012 

Am 14.01.2012 18:23, schrieb IVO GELOV (CRM):
> On Fri, 13 Jan 2012 20:03:36 +0200, Charles Marcus
> <CMarcus at media-brokers.com> wrote:
> 
>> On 2012-01-13 12:11 PM, IVO GELOV (CRM) <ivo at crm.walltopia.com> wrote:
>>> I am aware of the various autoresponder scripts for vacation autoreplies
>>> (I am using Virtual Vacation 3.1 by Mischa Peters).
>>> I have an issue with auto-replies - it is vulnerable to spamming with
>>> forged email address.
>>
>> I think you are using an extremely old/outdated version...
>>
>> The latest version would not suffer this problem, because it has a lot
>> of message types that it will *not* respond to, including messages
>> appearing to be from yourself...
>>
>> Get the latest version fro the postfixadmin package.
>>
>> However, I don't know how to use it without also using postfixadmin (it
>> creates databases for storing the vacation message, etc)...
>>
> 
> I have downloaded the latest version 4.0 - but it seems there is no way
> to prevent
> spammers to use forged email addresses. I decided to remove the vacation
> feature
> from our corporate mail server, because it actually opens a backdoor
> (even though
> only when someone decides to activate his vacation auto-reply) for
> spammers and
> puts a risk on the company (our server can be blacklisted).
> 
> I still think that my idea with custom error codes is more useful - if
> the user is
> on vacation, the message is rejected immediately (no auto-reply is sent)
> and sender
> can see (hopefully, because most users just ignore error messages) the
> reason why
> the messages was rejected.
> 
> Probably Dovecot-auth does not offer such flexibility right now - but it
> worths
> considering.

your right there is no way make perfekt sure that someone not uses your
emailaddress "from and to" for spamming ( dkim and spf may help little )

now i hope i understand your problem right

a good way is to use dove lmtp with sieve
also good antispam in postfix, perhaps a before global
antispam sieve filter rule, that catched spam is sorted
in some special junk folder , and so its not handled by incomming
in mailbox inbox with what userdefined sieve rule ( i.e Vacation ) ever

look here

http://wiki.dovecot.org/LDA/Sieve

for ideas

anyway if you use other vacation tecs, make sure allready flagged spam
by i.e clamav, amavis, spamassassin etc in postfix stage is not handled
by your vacation service , script etc.
as far i remember i gave some patch to the postfixadmin vacation script
doing exact this

there is no ultimate way not to answer spammers by vacation or other
auto script etc
but if you do right , the problem goes nearly null

the risk of beeing blacklisted by third party exist ever when i.e
forwarding ( redirect ) mail to outside ( so antispam filter is a "must
have" here ), a simple vacation message only, is no high or none risk,
as long it does not include any part of the real spam message

also vacation should only answer once in some time period, which should
protect against loops and flooding others

the corect answer to your subject would be

if you want postfix simple to reject mails for some mailaddress with
error code you like
if the mailaddressowner is away, use a postfix reject table, if you want
with i.e in/with mysql and some gui ( i.e. php )
so the mailaddressowner can edit the table himself

anyway, i personally dont use vacation anymore
for many reasons , but others find it hardly needed
-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

More information about the dovecot mailing list