Am 13.04.2012 20:38, schrieb J Gao: > On 12-04-13 11:31 AM, Reindl Harald wrote: >> >> Am 13.04.2012 20:24, schrieb J Gao: >>> Hello, >>> >>> We have a Postfix mail server (CentOS 5.7, Postfix, Courier, Virtual >>> Domain, MailScanner) and I want setup the >>> autoresponder for Postifx. >>> >>> I followed the instruction on >>> http://nefaria.com/project_index/autoresponse/ >>> >>> Now, the autoresponse works in command line mode. I can >>> add/delete/enable/disable autoresponse. >>> >>> But it failed to let user to create their own autoresponse messege via >>> email. When I send an email to >>> user+autorespo...@domain.tld, the mail just drop in inbox and no >>> autoresponse setup. >>> >>> I looked the maillog and I found that the filter override seems not >>> working. The mail doesn't handle over to the >>> "autoresponder", it always goes to "relay=virtual" >> i do not think it is a godd idea these days take the sender-address as >> authentication for set a responder - if you can not 100% prevent a >> forged email one will set a responder this way followed by a list >> of forged senders to get the repsonse >> >> this is a really bad idea >> >> normally such things are done via protected web-interfaces with >> a real login and working on the MDA side (dbmail as example >> has a simple "autoreply" sql table for which a webinterface >> authenticationg against the user-table is written in a few >> hours >> > Our mail server use SASL authentication against all SMTP relay. And this > server is in production so any major > changes are not that easy, at least for me.
SASL does not protect you against forged messages from foreign servers / clients reclaiming they are originating from yourself > Sorry I am still learning Postfix this makes it even much more dangerous if i were you i would hire someone who is able to develop a webinterface with a real login and set what responder ever is used via cron / database but never this way
signature.asc
Description: OpenPGP digital signature
