procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Newbie Question: AutoResponder to AutoResponder Loop?

1997-09-10 18:08:06
from [Schramm, Rich] [Permanent Link] 
Hello,

I am new to procmail and have a concern I hope someone can lay to rest.

I am setting up an email verification program.  The point is to receive
incoming email messages and based upon the contents of the subject line
(if I find the word ACCEPT or not, etc.) run a program to add the
sender's email address to our file or not.

I have this working properly now - if the message is not from a daemon,
mail server, or have my X-Loop line, it passes the message off to my
perl script for parsing.  If it does come from a daemon or contain the
X-Loop line, it is written to a file for review.  My perl script sends
an email back to the user (piping results of formail -rtk to sendmail
-t) saying whether or not they were added to the file.

My concern is that somehow, someone that has an autoresponder (AR) of
their own will send me a message, it will be valid, my program will
respond back, their program will respond back, my program will respond
back, etc.,etc...

I thought the X-Loop would prevent this, but I am not so sure.  To test,
I sent a message to my AR, and it kindly did what it was supposed to and
sent me a rejection letter.  I then replied back to that response with
the corrected information in my subject line (the message it sent to me
DID have the X-Loop header) and it happily replayed back with my success
letter.  If I were to reply back to that again, it will again send me a
success letter.  What is to keep this from looping with an autoresponder
set up by the user like I have done with mine?  It does not seem to
catch the X-Loop on a normal reply like it does with the bounces.  I
have also sent mail to an invalid account with my AR and it did catch
the daemon and write it to the local file.

Am I paranoid or is this a real possibility?  I have looked at all the
docs and maillist archives and could not find an answer that I thought
pertained to this situation.

My procmailrc file for the AR account:

:0 w: verify
* !^FROM_DAEMON
* !^FROM_MAILER
* !^X-Loop: registration(_at_)thesite(_dot_)com
| /usr/local/bin/formail -rtk -A "X-Loop: registration(_at_)thesite(_dot_)com" |
/usr/local/bin/verimail.pl

:0:
rejected_mail

TIA,

Richard Schramm
Internet Technical Analyst
The E.W. Scripps Company
http://www.scripps.com
mailto:rdschramm(_at_)scripps(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  how do I filter spam for a whole domain?, Caine the wanderer
Next by Date:  Unidentified subject!, Digital Daddy
Previous by Thread:  how do I filter spam for a whole domain?, Caine the wanderer
Next by Thread:  Re: Newbie Question: AutoResponder to AutoResponder Loop?, Stephane Bortzmeyer
Indexes:  [Date] [Thread] [Top] [All Lists]