From owner-freebsd-security Sun Jun 23 14:24:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.gbronline.com (mail.gbronline.com [12.145.226.4]) by hub.freebsd.org (Postfix) with ESMTP id 756FC37B400 for ; Sun, 23 Jun 2002 14:24:31 -0700 (PDT) Received: from daleco [12.145.236.68] by mail.gbronline.com (SMTPD32-7.10) id AC30125F00D8; Sun, 23 Jun 2002 16:22:56 -0500 Message-ID: <008901c21afc$4a836100$44ec910c@daleco> From: "Kevin Kinsey, DaleCo, S.P." To: "Lawrence Sica" , "Trevor Johnson" Cc: References: <20020621210455.F13586-100000@blues.jpj.net> <3D1557A3.4030504@earthlink.net> Subject: Re: Possible security liability: Filling disks with junk or spam Date: Sun, 23 Jun 2002 16:23:57 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Lawrence Sica" To: "Trevor Johnson" Cc: Sent: Sunday, June 23, 2002 12:07 AM Subject: Re: Possible security liability: Filling disks with junk or spam > Trevor Johnson wrote: > >>A client recently called me in puzzlement, saying that his system was > >>misbehaving, and it turned out that this was what had happened. The address > >>"news@victim.com" had somehow wound up on quite a few spammers' lists. He'd > >>never used or hosted netnews, and so had no need for the pseudo-user. But that > >>pseudo-user was there by default, and the system dutifully created a mailbox > >>for him/her/it when the very first spam arrived. It started growing by leaps > >>and bounds until it was -- I kid you not! -- several hundred megabytes in > >>size. At which point the partition ran out of room. > >> > >>It seems to me that pseudo-users should be non-mailable, just as a basic > >>security policy. Ideas for the best way to implement this in the default > >>install? > > > > > > Consider that the daily output includes a df output so you just need to > read your root email ;) > > --Larry > And that's a great point worthy of a reposting. While it's unfortunate that someone got their disk filled with junk, it's also seemingly indicative of a general lack of supervision on that box. The first line of defense is the scrutiny of the operator, not necessarily the revision of the OS. One of the reasons I choose FBSD over other servers, especially M$, is that it's not too hard to do some reading and learn the OS; learn a couple of easy command line statements and see what's installed, what services are running, and etc Patience is a virtue, time with a browser a must, but no rocket science degree is needed. Perhaps this should be added to /stand/sysinstall: "You have just installed an operating system. Before you reboot your computer, PLEASE take some time and learn just what the thing will be doing while it sits in your home and/or place of business...." KDK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message