RE: Out of office/vacation messages
Microsoft Mail server is configureable so as not to send the out of office emails out to the internet for the entire server.. This is an ADMIN config.. ALSO if a user goes to the out of office attendent in Outlook, they has the option of creating rules.. RULE #1: If from owner-nanog@merit.edu Move the email to "NANOG EMAILS WHILE I WAS OUT SO I DON'T GET FLAMED FOLDER." Stop Processing more rules Rule # 2: Reply to Jerry WITH "I am taking 6 Month leave of ABSENSE to learn how to wear asbestos underwear" Stop Preccessing more rules.... Rule # 3: everyone else THERE that should settle it.. THIS WORKS I USE IT! Enough already folks! If anyone using exchange out there wants some nice screen shots, drop me a line, off list please, I will create it and send it to all at once via a BCC so no one needs to know who you are. Later, Jim ->-----Original Message----- ->From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of ->Valdis.Kletnieks@vt.edu ->Sent: Friday, January 02, 2004 1:32 PM ->To: Rachel K. Warren ->Cc: nanog@merit.edu ->Subject: Re: Out of office/vacation messages -> -> ->On Fri, 02 Jan 2004 10:13:28 PST, "Rachel K. Warren" -><rachel@plur.net> said: -> ->> Sometimes you have no choice but to run a Windows mail ->client - it's called ->> your company forcing you to a standard mailer. It's not ->something I have ->> liked doing in the past, but having your management heavily ->disaprove of ->> using something outside of standard is usually not a good thing. -> ->Wave the "security issue" flag at them on this one. There's ->a number of good ->security reasons to not use software that blabs in response ->to mailing list mail: -> ->1) If this is a reply to a message from a mailing list that ->you usually "lurk" ->on, your subscription to the list has just been revealed ->(probably to every ->person who is posting - possibly to the entire list if your ->responder replied ->to the list). -> ->2) The fact you are "Out of your office" could reveal ->information to a hacker. -> ->2a) The hacker now knows that you aren't watching your PC ->very carefully, and ->thus it's possibly a better target for a hacking attempt. -> ->2b) If the hacker has gotten a message "George Smith is at a ->client site until ->Aug 30", he can try calling your company and saying "This is ->George.. I'm at ->the client's site, and I can't get to the corporate net. Can ->you reset my ->password so I can get the documents I need to close this ->deal?". This is an ->amazingly effective "social engineering" attack. -> ->2c) The software most responsible for these errant messages ->is also well-known ->for multiple security issues - and quite often even puts its ->exact version in ->the X-Mailer header. This allows an attacker to send you a ->malicious e-mail ->message (specially selected for your software version), for ->you to read when ->you get back (and are probably buried under many messages and ->not paying as ->much attention to the contents as you should). -> ->If that doesn't work, point the PHB at this: -> ->http://news.bbc.co.uk/1/hi/technology/3290251.stm -> ->Only 2 out of the top 10 viruses/worms for last year did ->*NOT* target Outlook. -> ->Then ask the PHB if they have any legal criterion of "due ->care" that would put ->them at risk of being negligent for continuing to run their ->business in a known ->dangerous manner. -> ->
On Fri, 02 Jan 2004 13:56:05 EST, "McBurnett, Jim" said:
RULE #1: If from owner-nanog@merit.edu Move the email to "NANOG EMAILS WHILE I WAS OUT SO I DON'T GET FLAMED FOLDER." Stop Processing more rules
... RULE #2: if from owner-otherlist@someplace.com ... RULE #3: if from owner-newlist@someplace.net ... ... RULE #65: If from owner-yet-another-list@somewhere.net... Must really suck to put ALL those rules on and take them off every time you go on vacation. (Yes, I'm on at least 65 mailing lists - and that's just the ones high-volume enough to warrant filtering to their own folder). And even if you're on only 4 or 5 lists, that's enough work to mean it's likely you'll forget one. So you have a choice of nuking *all* OoO messages for *everybody* on the server (even when the OoO message is a *good* idea), or hand-installing all those rules every time you go on vacation (and if you have screen-shots, you hand-installed, since it's hard to take a screenshot of a script ;). On the other hand, BSD 'vacation' came out in 1983, and understood the basic concept waaay back when. All you're managing to do is say "I figured out how to do something once for every single list I'm on, every time I go on vacation, that other systems have been managing to do for their users automatically, without issues if you forget to do it for one of your lists, for 2 decades". Hardly a selling point for your choice of software. Unless it's a disguised "My management makes me use software so broken I have to...." story?
participants (2)
-
McBurnett, Jim
-
Valdis.Kletnieks@vt.edu