Date: Fri, 21 Jun 2002 22:01:35 -0400 (EDT) From: Trevor Johnson <trevor@jpj.net> To: Brett Glass <brett@lariat.org> Cc: security@FreeBSD.ORG Subject: Re: Possible security liability: Filling disks with junk or spam Message-ID: <20020621210455.F13586-100000@blues.jpj.net> In-Reply-To: <200206220001.SAA26010@lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> A client recently called me in puzzlement, saying that his system was
> misbehaving, and it turned out that this was what had happened. The address
> "news@victim.com" had somehow wound up on quite a few spammers' lists. He'd
> never used or hosted netnews, and so had no need for the pseudo-user. But that
> pseudo-user was there by default, and the system dutifully created a mailbox
> for him/her/it when the very first spam arrived. It started growing by leaps
> and bounds until it was -- I kid you not! -- several hundred megabytes in
> size. At which point the partition ran out of room.
>
> It seems to me that pseudo-users should be non-mailable, just as a basic
> security policy. Ideas for the best way to implement this in the default
> install?
My reading of the RFCs (excerpts follow) is that the "news" and "usenet"
addresses should receive mail when NNTP is in use. It seems like a task
for the sysadmin. How about comments in /etc/inetd.conf along the lines
of:
# Enable e-mail to the "ftp" address if you turn this on (RFC 2142).
#ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -l
#
# Enable e-mail to the "uucp" address if you turn this on (RFC 2142).
#uucpd stream tcp nowait root /usr/libexec/uucpd uucpd
#
# Enable e-mail to "usenet" and "news" addresses if you turn this on (RFC 2142).
#nntp stream tcp nowait usenet /usr/libexec/nntpd nntpd
with the addresses commented out in /etc/aliases? Running "df" every few
months wouldn't hurt, of course.
6.3. RESERVED ADDRESS
It often is necessary to send mail to a site, without know-
ing any of its valid addresses. For example, there may be mail
system dysfunctions, or a user may wish to find out a person's
correct address, at that site.
--RFC 822 (URL:ftp://ftp.isi.edu/in-notes/rfc822.txt)
5.2.7 RCPT Command: RFC-821 Section 4.1.1
A host that supports a receiver-SMTP MUST support the reserved
mailbox "Postmaster".
--RFC 1123 (URL:ftp://ftp.isi.edu/in-notes/rfc1123.txt)
Various Internet documents have specified mailbox names to be used
when reaching the operators of the new service; for example, [RFC822
6.3, C.6] requires the presence of a <POSTMASTER@domain> mailbox name
on all hosts that have an SMTP server. Other protocols have defacto
standards for well known mailbox names, such as <USENET@domain> for
NNTP (see [RFC977]), and <WEBMASTER@domain> for HTTP (see [HTTP]).
Defacto standards also exist for well known mailbox names which have
nothing to do with a particular protocol, e.g., <ABUSE@domain> and
<TROUBLE@domain>.
[...]
5. SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES
For major Internet protocol services, there is a mailbox defined for
receiving queries and reports. (Synonyms are included, here, due to
their extensive installed base.)
MAILBOX SERVICE SPECIFICATIONS
----------- ---------------- ---------------------------
POSTMASTER SMTP [RFC821], [RFC822]
HOSTMASTER DNS [RFC1033-RFC1035]
USENET NNTP [RFC977]
NEWS NNTP Synonym for USENET
WEBMASTER HTTP [RFC 2068]
WWW HTTP Synonym for WEBMASTER
UUCP UUCP [RFC976]
FTP FTP [RFC959]
--RFC 2142 (URL:ftp://ftp.isi.edu/in-notes/rfc2142.txt)
--
Trevor Johnson
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020621210455.F13586-100000>