procmail
[Top] [All Lists]

Re: looping problem

2002-02-25 10:18:20
On 25 Feb, peter(_at_)compclass(_dot_)com wrote:
| I sent an email to the list over the weekend but I got no copy in my own
| mail box so I don't think it got out. If this is a repeat, I apologize,
| but I haven't seen any responses either, hence the resubmit.
| 
| I have a spam filter (right out of Stopping Spam - O'reilly) that bounces
| mail back to the sender if they aren't recognized and/or authorized via a
| key phrase. My problem is, what to do if both sender and receiver have
| this filter? I'm thinking that I can add a string to the subject line on
| the outgoing bounce or scan the entire message body for my original bounce
| message. The latter seems safer but more CPU intensive.
| 
| Anyone have any other thoughts on this situation?
| 

The canonical method for preventing loops is inertion of and subsequent
testing for an "X-Loop: some unique string" header, where some unique
string is often the user's email address.  If any forwarding/bouncing
is done, this is really a must, or something else like it. I actually do
something like this with every message even though virtually everything
is delivered locally. I don't want to be caught by surprise when one
of my kids decides to get adventurous with procmail. If an incoming
email has your unique header, then it's already been through your
system once and should be dealt with accordingly - probably immediately
delivered.  The list archives and man pages will have examples of the
usage.

My other thought is I disagree with the "secret key" method for spam
fighting. I'm only saying it wouldn't be right for me but, of course,
only you can decide what's right for you. I'm just encouraging you to
think it through. I aggressively filter spam, using methods that others
would undoubtedly frown upon including blocking large chunks of Asia and
many top level country domains. I also spend far too much time working
on spam filters, my access.db, a contorted (but effective) system of
aliases and virtusertable entries to block recipients, and even
blocking some particularly egregious offenders at the firewall. All of
that requires that I do even *more* work making sure legitimate
messages (especially list mail) don't get caught in the process. My
point is that it's my battle, so I bear the cost. The method you use
transfers the obligation for your spam fighting to others. And it
doesn't transfer it to the guilty parties, or even make any pretense of
doing so, but instead places the burden on those who ostensibly have
legitimate reasons to communicate. I for one can't imagine the
circumstances that would make me willing to jump through that hoop for
anyone, and I'm pretty sure I'm not alone.

Again, only you can determine what's appropriate for your use, and it's
entirely possible that your legitimate email usage is limited enough
that this method will work without mishap. But I've seen more of these
implemented hastily and ineffectively than not.  My $.02.

-- 
Reply to list please, or append "6" to "procmail" in address if you must.
Spammers' unrelenting address harvesting forces me to this...reluctantly.


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>