some weirdness and broken error handling with sieve (in 2.2.12)
Greg A. Woods
woods-cyrus at weird.com
Thu Nov 30 12:44:10 EST 2006
At Thu, 30 Nov 2006 10:18:59 +0100,
Phil Pennock wrote:
>
> On 2006-11-29 at 16:49 -0500, Greg A. Woods wrote:
> > BTW, this whole idea of generating new mail from SIEVE is bogus. The
> > local mail service should NEVER EVER IN A MILLION YEARS ever generate
> > new messages in response to incoming mail (think backscatter, unless if
> > it had the kind of once-per-week protection built into the much older
> > unix vacation(1)).
>
> draft-ietf-sieve-vacation-06.txt
>
> I've not checked Cyrus 2.2.x, but certainly 2.3.7 supports the :days
> parameter described in section 4.1 of that draft. See
> sieve/sieve.y:canon_vtags() which sets the default time period and
> imap/lmtp_sieve.c:autorespond() which does the already-responded safety
> checks.
Yes thanks I thought I'd seen something like that for the sieve
"vacation" action.
Unfortunately it doesn't curb backscatter from "reject". Last time I
was monitoring a site suffering a backscatter attack a noticable (though
still not actually huge) portion of the junk was coming from Cyrus SIEVE
scripts.
Now with all the local delivery done via LMTP there's really no reason
why "reject" can't just send a nicely formatted and informational
multi-line LMTP error response with the text from the script.
Of course it would be much better just to not offer "reject" to users in
the first place. That kind of filtering should be done on the front-end
MX servers so that the MTA won't get stuck generating a bounce either.
If you don't want it then delete it, but don't ever send it back to a
(likely) forged sender address!
--
Greg A. Woods
H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack <woods at robohack.ca>
Planix, Inc. <woods at planix.com> Secrets of the Weird <woods at weird.com>
More information about the Info-cyrus
mailing list