[OT] Policy on broken vacation rules?

[Matt Kettler <mkettler () evi-inc com>]

Well, not entirely OT as it's about the policy of the list itself and it's 
users, but it's not snort related...

Currently MarglesSingleton () firsthealth com has a broken vacation rule that 
replies to every post to the list. Worse still, it also replies to the list 
when Chris Green posts with a reply-to: header pointing back to the list. 
Everyone on the list saw that, so it's not like this is news to anyone.

It not like the MUA/MTA being used is incapable of a proper vacation rule, 
even the Groupwise website has tips how to make a loop resistant vacation rule:

http://www.novell.com/coolsolutions/gwmag/features/tips/t_cool_vacation_rule.html

The Groupwise helpfiles contain a vacation rule setup section which is 
loop-prone.. however they don't tell you to use it for emails, just 
appointments and the like. Unfortunately most users just add on the "mail" 
checkbox, failing to realize this creates a DoS vulnerability to their 
mailserver and a general risk of looping with other autoresponders which 
are just as dumb.

Not to single Margles out as the only person with a bad vacation rule, 
there's been *lots* of other offenders and repeat offenders, but it *is* 
getting worse and does raise the question of  how the list (or it's 
subscribers) should defend itself (themselves).

Is there any policy about handling users subscribed to the list that are 
engaging in dangerous reply tactics that run great risks of creating 
mail-loops and dumping thousands of messages on an unsuspecting mailserver? 
(unconditional auto-reply to the address in the "reply-to" header on 
delivery is a broken and *dangerous* behavior in a mailer). If there isn't 
is it getting to be time there is one?

Sure I can just 550 everything coming out of firstheath.com, or any other 
offending domain, but I'd rather not have to add 550's just to be able to 
post to snort users without having broken vacation rules responding to me.

550ing also runs the risk of DoSing a mailserver if a vacation rule is 
severely broken and loops itself with the bounce-messages, ie: I once saw 
one guy that had an unconditional auto-reply on his mailbox and had 
postmaster, root, and every other system address aliased to himself. A 
bounce of a bounce would wind up in postmaster's box.. which was his, which 
would be replied to.. etc.

In general broken auto-responders are becoming an increasing and repeated 
problem when I'm posting to snort-users. Is there any general consensus on 
the best way to handle these? I really enjoy trying to help users out, but 
I don't want it to get to the point where every post to the list 
consistently generates 10 broken vacation rules replying back to me for 
each post, or worse, to me *and* the list itself.

I'd also really like to NOT see a situation where a fast loop forms and we 
get 100,000 posts to the list in 1 hour. Fortunately the list itself 
doesn't do reply-to munging to point back at itself, as this would have 
likely DoSed the entire list already. But all it takes is a slight twist of 
the same broken rule to create a "loop-through-mailinglist" DoS that 
affects us all (Groupwise has a "reply to all" (sender and recipients) 
option. If that was used instead we'd all have a LOT of email right now)









-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users