Microsoft Mail server is configureable so as not to send the out of office emails out to the internet for the entire server.. This is an ADMIN config.. ALSO if a user goes to the out of office attendent in Outlook, they has the option of creating rules.. RULE #1: If from owner-nanog@merit.edu Move the email to "NANOG EMAILS WHILE I WAS OUT SO I DON'T GET FLAMED FOLDER." Stop Processing more rules Rule # 2: Reply to Jerry WITH "I am taking 6 Month leave of ABSENSE to learn how to wear asbestos underwear" Stop Preccessing more rules.... Rule # 3: everyone else THERE that should settle it.. THIS WORKS I USE IT! Enough already folks! If anyone using exchange out there wants some nice screen shots, drop me a line, off list please, I will create it and send it to all at once via a BCC so no one needs to know who you are. Later, Jim ->-----Original Message----- ->From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of ->Valdis.Kletnieks@vt.edu ->Sent: Friday, January 02, 2004 1:32 PM ->To: Rachel K. Warren ->Cc: nanog@merit.edu ->Subject: Re: Out of office/vacation messages -> -> ->On Fri, 02 Jan 2004 10:13:28 PST, "Rachel K. Warren" -><rachel@plur.net> said: -> ->> Sometimes you have no choice but to run a Windows mail ->client - it's called ->> your company forcing you to a standard mailer. It's not ->something I have ->> liked doing in the past, but having your management heavily ->disaprove of ->> using something outside of standard is usually not a good thing. -> ->Wave the "security issue" flag at them on this one. There's ->a number of good ->security reasons to not use software that blabs in response ->to mailing list mail: -> ->1) If this is a reply to a message from a mailing list that ->you usually "lurk" ->on, your subscription to the list has just been revealed ->(probably to every ->person who is posting - possibly to the entire list if your ->responder replied ->to the list). -> ->2) The fact you are "Out of your office" could reveal ->information to a hacker. -> ->2a) The hacker now knows that you aren't watching your PC ->very carefully, and ->thus it's possibly a better target for a hacking attempt. -> ->2b) If the hacker has gotten a message "George Smith is at a ->client site until ->Aug 30", he can try calling your company and saying "This is ->George.. I'm at ->the client's site, and I can't get to the corporate net. Can ->you reset my ->password so I can get the documents I need to close this ->deal?". This is an ->amazingly effective "social engineering" attack. -> ->2c) The software most responsible for these errant messages ->is also well-known ->for multiple security issues - and quite often even puts its ->exact version in ->the X-Mailer header. This allows an attacker to send you a ->malicious e-mail ->message (specially selected for your software version), for ->you to read when ->you get back (and are probably buried under many messages and ->not paying as ->much attention to the contents as you should). -> ->If that doesn't work, point the PHB at this: -> ->http://news.bbc.co.uk/1/hi/technology/3290251.stm -> ->Only 2 out of the top 10 viruses/worms for last year did ->*NOT* target Outlook. -> ->Then ask the PHB if they have any legal criterion of "due ->care" that would put ->them at risk of being negligent for continuing to run their ->business in a known ->dangerous manner. -> ->