On Tue, 6 Oct 1998, era eriksson wrote:
On Sat, 3 Oct 1998 06:37:45 -0400,
"Christian Stalberg" <stalberg(_at_)resell(_dot_)net> wrote:
> what is the recipe syntax to avoid having an autoreponder send
> mail to an address different than the requestor? our autoresp.
> is being abused to mailbomb people. here is our recipe at present:
> :0
> * ^TOcontract
> |(formail -rt \
> -I"Subject: Service Agreement" ;\
> cat /home2/www/autoreply/contract.txt) | /usr/lib/sendmail -t
Every single bit of mail headers can be forged, except Received: lines
added by your local system. Any mail bomber worth his salt will have
used a relay rape to send out the bombs, perhaps via an open relay
which doesn't even try to verify the origin of the incoming relay.
Another thing I look for is to see if the domain the mail is claiming to
either be from - or sent to - actually appears in the headers. If it
didn't, my responder sent the recipient a short message saying why "their
request" was denied, how to get the files they requested, and a copy of
the headers of the request in case someone was being a twit.
--
"APL is a write-only language. I can write programs in APL, but I
can't read any of them."
-- Roy Keir