If you are that concerned about what information is revealed in out of
office autoreplies, you should not be allowing OoO autoreplies
externally anyway. They pose a far greater security risk in terms of
leaking information that can be used in social engineering attacks than
the risk you are worried about.
Just my $0.02
Marco Supino wrote:
Hi,
I have a question, and hope someone has a solution,
I run Spamassassin 2.63 site-wide with sendmail and spamass-milter.
When an email is marked as SPAM, the headers are added, and the
subject is changed, now lets assume some particular user has enabled
"Out of the office" , the "bounced" message will be sent to the sender
(assuming its a real email address) with all the SpamAssassin added
comments (in case of SPAM), this gives away the info this particular
site is using SpamAssassin, and why the email was mared as spam, wich
rules/systems (DCC,RAZOR,SURBL) are used etc, which i think is
something better being kept secret, if spam is to be handled better.
Anyone has any idea how to "strip" the headers on outgoing emails,
remove the replaced body of spamassassin, and restore the message to
its original state ?
Thanks.
Marco.
