Re: out of office auto replies (was Re: Mock Penentration Test Site)

From: Martin Mačok (martin.macok@underground.cz)
Date: Mon Aug 23 2004 - 06:40:27 EDT


On Thu, Aug 19, 2004 at 09:26:27PM -0400, Tim wrote:

> I just posted the message below, and received over 20 responses from
> people's out of office auto-responders and from people whose mailboxes
> are no longer valid, etc.
>
> 1. People: please stop pissing in the pool. If you don't know how to
> configure your auto-responders to ignore list mail, then don't use
> them at all. They are a danger to yourself and others, as they
> advertize to the world what you use for mail, and they can be great
> targets for mail loops via spoofing.

... they also advertize to the world that your house is (probably)
free and that your identity could be "stolen" or in other way abused
for social engineering (especially useful for phone games) during your
vacation.

> 2. Moderator(s): would you mind sending out a test message once a month
> or so, and fish out the email addresses that are blasting posters'
> inboxes? I know they do this on other Security Focus lists.

That would not catch most of them I guess (month is too long and
getting those test messages on every mailing list regularly would be
extremely ugly).

What about creating some special address @securityfocus where
subscribers can forward those vacation autoreplies? If that address
gets some number of posts about any sinner, it could re-test the
sinner by itself (with an explanation) and kick the email off all the
lists on a positive result. I'm sure it shouldn't be that hard to
automatize it in a safe manner ... Unfortunately, the reply could come
from different address than the one that is subscribed and in that
case the sinner/subscriber could be almost untraceable for an
automaton.

Anyway, as a way of working off my energy and saving the world,
I sometimes do "vacation remix" on replies I get, i.e. send vacation
reply from person A to person B, from B to C etc... When they get
back, maybe they will have a clue. From my experience, sending "do not
do this becase XY" message to them does not result in them having
a clue. They actually see the complainer as the one who is making
troubles and the one who is annoying them. The best result you will
achieve when they "get it" is "Ok, I'm putting you on my blacklist so
this won't happen again. Happy now?" ... grrr ...

Martin Mačok
IT Security Consultant

### my .procmailrc rules for broken vacation autoreplies

:0 B:
* ^I(´m| will be| am) .*(out of|not in|away from|on) (the )?(vacation|office).* (between|from|until|starting|on vacation)
vacation

:0 B:
* ^Je serai en vacance du .* au .* inclusivement.
vacation

:0 B:
* ^Je suis actuellement en vacances jusqu
vacation

:0 :
* ^Subject: Ofis Disinda Otomatik
vacation

:0 HB:
* ^Subject: Vast:
* ^Olen lomalla ja toimistolla seuraavan kerran
vacation

:0 HB:
* ^Subject:.*(ist.*(Haus|im)|out of office)
* ^Ich werde .* nicht im .* sein\. Ich kehre
vacation

:0 B:
* ^Ich bin zur Zeit nur .* online
vacation

:0 HB:
* ^Subject: Abwesenheitsnotiz:
* ^Ich bin .*
vacation

:0 B:
* ^.* has left the company. Please remove his name from your mail
vacation

:0 HB:
* ^subject: (out of office|Abwesenheitsnotiz - Out of Office)
* ^.*(´m| will be| am).*(out of|not in) (the )?office.*(from|until)
vacation

:0 HB:
* ^Subject: Abwesenheitsnotiz:
* ^Ich bin bis einschlie
vacation

:0:
* ^Subject: Out of Office AutoReply:
vacation

:0:
* ^Subject: .*\(Out of office\)$
vacation

:0 HB:
* ^Subject:.*R.*ponse_automatique.*absence.*bureau
* ^Je serai en vacance du
vacation

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:00 EDT