procmail
[Top] [All Lists]

Re: autoreso. mail bombing avoidance

1998-10-06 12:50:12
On Sat, 3 Oct 1998 06:37:45 -0400,
"Christian Stalberg" <stalberg(_at_)resell(_dot_)net> wrote:
what is the recipe syntax to avoid having an autoreponder send 
mail to an address different than the requestor? our autoresp. 
is being abused to mailbomb people. here is our recipe at present:
:0
* ^TOcontract
|(formail -rt \
   -I"Subject: Service Agreement" ;\
   cat /home2/www/autoreply/contract.txt) | /usr/lib/sendmail -t

Every single bit of mail headers can be forged, except Received: lines
added by your local system. Any mail bomber worth his salt will have
used a relay rape to send out the bombs, perhaps via an open relay
which doesn't even try to verify the origin of the incoming relay. 

Things to try:
  * Set up the recipe to only send a limited number of responses to
    the same address. (My ftp server does that but it's a bit too
    embarrassing to show in public so I'm not including the code here.
    Mail me in private if you want hints.)
  * Make sure you save the headers of all incoming requests so you can
    gripe to all the right places
  * Take the headers of one of the bombs and see if formail -r
    generates a reply more to your liking. My guess is it won't (but
    this is of course merely speculation, as we didn't get to see a
    sample of the headers)

Most ISP:s will take mailbombing very seriously and want to cut off
access from the villain. (No names, but I know some "legitimate"
domains with pretty ignorant admins, though.)

Good luck with clearing this up,

/* era */

-- 
Bot Bait: It shouldn't even matter whether  (`')  Just  (`')  http://www.iki
I am a resident of the State of Washington   \/ Married! \/   .fi/~era/