From: Todd Burroughs (todd@devnull.com)
Date: Tue Aug 24 2004 - 03:27:22 EDT
I am somewhat active on a few lists and pen-test is the worst for
"out of office autoreplies".
People, mailing lists are easy to filter out for autoreplies, do it.
It looks bad when you send these things to a list like this, kind
of lame...
Todd Burroughs
--- The Internet has given us unprecedented opportunity to communicate and share on a global scale without borders; fight to keep it that way. On Mon, 23 Aug 2004, Martin [iso-8859-2] Mačok wrote: > On Thu, Aug 19, 2004 at 09:26:27PM -0400, Tim wrote: > > > I just posted the message below, and received over 20 responses from > > people's out of office auto-responders and from people whose mailboxes > > are no longer valid, etc. > > > > 1. People: please stop pissing in the pool. If you don't know how to > > configure your auto-responders to ignore list mail, then don't use > > them at all. They are a danger to yourself and others, as they > > advertize to the world what you use for mail, and they can be great > > targets for mail loops via spoofing. > > ... they also advertize to the world that your house is (probably) > free and that your identity could be "stolen" or in other way abused > for social engineering (especially useful for phone games) during your > vacation. > > > 2. Moderator(s): would you mind sending out a test message once a month > > or so, and fish out the email addresses that are blasting posters' > > inboxes? I know they do this on other Security Focus lists. > > That would not catch most of them I guess (month is too long and > getting those test messages on every mailing list regularly would be > extremely ugly). > > What about creating some special address @securityfocus where > subscribers can forward those vacation autoreplies? If that address > gets some number of posts about any sinner, it could re-test the > sinner by itself (with an explanation) and kick the email off all the > lists on a positive result. I'm sure it shouldn't be that hard to > automatize it in a safe manner ... Unfortunately, the reply could come > from different address than the one that is subscribed and in that > case the sinner/subscriber could be almost untraceable for an > automaton. > > Anyway, as a way of working off my energy and saving the world, > I sometimes do "vacation remix" on replies I get, i.e. send vacation > reply from person A to person B, from B to C etc... When they get > back, maybe they will have a clue. From my experience, sending "do not > do this becase XY" message to them does not result in them having > a clue. They actually see the complainer as the one who is making > troubles and the one who is annoying them. The best result you will > achieve when they "get it" is "Ok, I'm putting you on my blacklist so > this won't happen again. Happy now?" ... grrr ... > > Martin Mačok > IT Security Consultant > > > ### my .procmailrc rules for broken vacation autoreplies > > :0 B: > * ^I(´m| will be| am) .*(out of|not in|away from|on) (the )?(vacation|office).* (between|from|until|starting|on vacation) > vacation > > :0 B: > * ^Je serai en vacance du .* au .* inclusivement. > vacation > > :0 B: > * ^Je suis actuellement en vacances jusqu > vacation > > :0 : > * ^Subject: Ofis Disinda Otomatik > vacation > > :0 HB: > * ^Subject: Vast: > * ^Olen lomalla ja toimistolla seuraavan kerran > vacation > > :0 HB: > * ^Subject:.*(ist.*(Haus|im)|out of office) > * ^Ich werde .* nicht im .* sein\. Ich kehre > vacation > > :0 B: > * ^Ich bin zur Zeit nur .* online > vacation > > :0 HB: > * ^Subject: Abwesenheitsnotiz: > * ^Ich bin .* > vacation > > :0 B: > * ^.* has left the company. Please remove his name from your mail > vacation > > :0 HB: > * ^subject: (out of office|Abwesenheitsnotiz - Out of Office) > * ^.*(´m| will be| am).*(out of|not in) (the )?office.*(from|until) > vacation > > :0 HB: > * ^Subject: Abwesenheitsnotiz: > * ^Ich bin bis einschlie > vacation > > :0: > * ^Subject: Out of Office AutoReply: > vacation > > :0: > * ^Subject: .*\(Out of office\)$ > vacation > > :0 HB: > * ^Subject:.*R.*ponse_automatique.*absence.*bureau > * ^Je serai en vacance du > vacation > > ------------------------------------------------------------------------------ > Ethical Hacking at the InfoSec Institute. All of our class sizes are > guaranteed to be 12 students or less to facilitate one-on-one interaction > with one of our expert instructors. Check out our Advanced Hacking course, > learn to write exploits and attack security infrastructure. Attend a course > taught by an expert instructor with years of in-the-field pen testing > experience in our state of the art hacking lab. Master the skills of an > Ethical Hacker to better assess the security of your organization. > > http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817 > ------------------------------------------------------------------------------- > ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:00 EDT