Re: autoresponder program could be tricked by spamers to send unsolicitedmail to victim's address (fwd)From: Rodent of Unusual Size (Ken.Coar@Golux.Com)
- Previous message: Steven M. Christey: "Re: rsync-2.5.2 has security fix (was: Re: [RHSA-2002:018-05] New rsync packages available)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 04 Feb 2002 05:58:44 -0500 From: Rodent of Unusual Size <Ken.Coar@Golux.Com> To: firstname.lastname@example.org
History: This issue was originally reported to BUGTRAQ on
Friday 11 January 2002. I originally sent this response
four days later, on Tuesday 15 January 2002, and again on
Monday 21 January 2002, but it didn't get moderated through.
Since this was originally sent, additional fixes have been
made and the current package version is 1.15.2, not 1.15.0
as mentioned below. See the ChangeLog on the site for details.
Rodent of Unusual Size wrote:
> > Date: Fri, 11 Jan 2002 13:51:55 +1100
> > To: email@example.com
> > Subject: autoresponder program could be tricked by spamers to send
> > unsolicited mail to victim's address
> > Autoresponder program
> > http://meepzor.com/packages/autoresponder/
> > could be tricked by spamers to send unsolicited mail to
> > victim's address if option reply with copy of original
> > message attached to response is enabled in autoresponder's
> > configuration.
I have addressed this by adding two new bits of anti-spam
functionality to the package:
1/ ability to ignore blind messages (i.e., any that don't include
our address in the To: or Cc: line)
2/ add history tracking feature
The purpose of the first should be self-evident. The history
capability, if enabled, will record the time of the last autoresponse
to each address, and ignore future messages until a threshold number
of seconds (specified by the run-time --ignore-interval option)
Neither of these are enabled by default, for the simple reason
that user input (email address, database location) is required.
In addition, the history function needs a CPAN module that earlier
versions of autoresponder did not. (You don't need that module
if you don't use the history capability.)
This is all in release 1.15.0, now available from
An announcement to Freshmeat and the package interest list is
Thanks for your attention and support!
-- #ken P-)}
"Millenium hand and shrimp!"