On Fri, 13 Jan 2012 20:03:36 +0200, Charles Marcus <cmar...@media-brokers.com>
wrote:
On 2012-01-13 12:11 PM, IVO GELOV (CRM) <i...@crm.walltopia.com> wrote:
I am aware of the various autoresponder scripts for vacation autoreplies
(I am using Virtual Vacation 3.1 by Mischa Peters).
I have an issue with auto-replies - it is vulnerable to spamming with
forged email address.
I think you are using an extremely old/outdated version...
The latest version would not suffer this problem, because it has a lot
of message types that it will *not* respond to, including messages
appearing to be from yourself...
Get the latest version fro the postfixadmin package.
However, I don't know how to use it without also using postfixadmin (it
creates databases for storing the vacation message, etc)...
I have downloaded the latest version 4.0 - but it seems there is no way to
prevent
spammers to use forged email addresses. I decided to remove the vacation feature
from our corporate mail server, because it actually opens a backdoor (even
though
only when someone decides to activate his vacation auto-reply) for spammers and
puts a risk on the company (our server can be blacklisted).
I still think that my idea with custom error codes is more useful - if the user
is
on vacation, the message is rejected immediately (no auto-reply is sent) and
sender
can see (hopefully, because most users just ignore error messages) the reason
why
the messages was rejected.
Probably Dovecot-auth does not offer such flexibility right now - but it worths
considering.
