Autoresponder problem

[northtron]

Hi Jeff,

I pasted below what the userautoreply stanza looks like now. I'm not seeing how this allows somebody to spam through the machine. I would think the envelope could be forged just as easily as the actual headers and either way the forged From: address would receive the Body of the autoresponder itself, not the contents of the forged message.

I'm interested in learning more about this as I obviously don't want to open up our machines to abuse. The search terms that I'm feeding google aren't really getting me anywhere. Any feedback you can provide is appreciated.

Much appreciated,

Eli Katzenmeyer

---

userautoreply:
driver = autoreply
bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}}
file = /etc/virtual/${domain}/reply/${local_part}.msg
from = "${local_part}@${domain}"
log = /etc/virtual/${domain}/reply/${local_part}.log
no_return_message
subject = "${if def:h_Subject: {Re: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}"
to = "${reply_address}"
user = mail
#once = /etc/virtual/${domain}/reply/${local_part}.once

 

[nobaloney]

The "From" field can be forged by anyone; forging the envelope requires a lot more skill .

Remind me some day to tell you the story of the day I changed my "From" address to that of Bill Gates, and sent an email to my Microsoft sales rep. It drove her crazy .

Jeff

 

[northtron]

To the average spammer I would think a forged envelope would be trivial. Maybe I'm giving them too much credit.

However, even if they forged the return path, wouldn't the recipient just receive the autoresponder text? I guess I'm questioning what they have to gain by spamming people with message content that they has no control over.

Thanks,

Eli

 

[nobaloney]

I'm thinking of collateral spam. Am I confused?

Jeff

 

[Ste]

Does this cause backscatter or something like it?

Either way, something is wrong. Example:

An e-mail comes in which is SPAM yet it passes Spamblocker because it doesn't hit the required threshold.
I have an autoresponder set-up which sends an e-mail back.
It's queued in my system because: 554 Sorry, no mailbox here by that name.

Thoughts??

 

[DirectAdmin Support]

Hello,

Edit your /etc/exim.conf.

Find the line:

#require verify = sender

and change it to be:

require verify = sender

(uncomment it), then restart exim:

/etc/init.d/exim restart

which should ensure that the inital sender exist before exim accepts it.

John

 

[Ste]

Hi John,

What's the biggest difference if it's left commented out compared to it being uncommented?

 

[nobaloney]

I'm the guy who wrote the exim.conf file used by DirectAdmin and I'm the guy who made the hard decisions .

So I suppose I should answer.

I put the code in because some people will want to verify the sender.

I left it commented out because I don't want to verify senders. After all, I'm selling stuff, and I want to receive email even from people who's email is screwed up.

Maybe I'm wrong; if I am, I can always uncomment it (be sure to restart exim after any change to exim.conf) for a week and see if I get less spam. I agree that most of the time senders will exist. However there are still some (perhaps misguided) administrators who don't allow answers to whether a sender exists or not; they think it allows an attack by spammers to get real usernames off their server, in lieu of an actual dictionary attack.

Jeff

 

[Ste]

Hi Jeff,

I see. So really, I suppose it is best that I leave this commented out. Most of our clients run businesses so delivery to hotmail, yahoo, etc is required but not as much as delivery to private domains which some most probably are administrated like this.

I still need this, so instead of having this done at the server level, I'll find a plugin for Thunderbird and do it at a client level.

 

[pucky]

I agree that something has to be done about this problem of autoresponders not responding to email addresses sent by a form on the same server as the autoresponder email address.

I too can send an email from outlook and have the autoresponder behave just fine. As soon as any form based script sends an email to the same autoresponder address it fails.

This is definitely an exim problem and something that any of my hosting clients would expect as something that they would have working properly for them as part of my hosting services.

The advice about changing scripts to add another email is not the right answer since most hosting clients don't have the first clue about how to do custom editing of scripts. The only acceptable answer is to have exim autoresponders behave as expected and how its email competitors already have autoresonders behaving. This is not a DirectAdmin issue - it is an Exim limitation until Exim changes things in some future upgrade. Lobby Exim about this because there is nothing DirectAdmin can do about it.

The only other solution is to buy an autoresponder script that will work with Exim and set up a series of autoresponses that are triggered by the initial form submission. Example - a series of emails that might consist of a number of lessons on a specific subject that get emailed out every day or week or month for the duration of the course. These scripts work really nice and are a big step above any single event autoresponder found with Exim or sendmail

Is there a solution for this? Iv looked though 5 pages of Autorepsonder not working messages and have not found a solution.

I have a blog with a contact form on it. When the user enters a message i want the autoresponder to send a reply. This is not happening. Instead, the message is sent to the autoresponder email address.

Cpanel uses exim and auto responder work just fine when sent from a form/blog. So how is cpanel doing it if its an exim problem?