Date: Fri, 21 Jun 2002 21:13:34 -0500 (CDT) From: <jps@funeralexchange.com> To: <mark@work.drapple.com> Cc: <twigles@yahoo.com>, <security@FreeBSD.ORG> Subject: Re: Possible security liability: Filling disks with junk or spam Message-ID: <4086.66.171.47.179.1024712014.squirrel@webmail.allneo.com> In-Reply-To: <XFMail.020621180634.mark@work.drapple.com> References: <20020622003444.66667.qmail@web10104.mail.yahoo.com> <XFMail.020621180634.mark@work.drapple.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Any competent admin would have these accounts already routed to another account preferably off the server or send them to /dev/null as Mark had suggested. I myself edit the aliases file to mark the accounts with a hostname (i.e. Root Server1 ) so I know which server its coming from and then forward all the mail to my personal account to review. From there you can have your mail client sort it out for you. I prefer not to delete ANY mail that is sent to me without myself looking it over. You can prevent lots of upcoming problems this way. Thanks Jeremy Suo-Anttila jps@funeralexchange.com > > On 22-Jun-02 twig les wrote: >> Would it be viable to un-map the psuedo-users or would >> that break something? >> > > If you don't want to forward their messages to root (which I think is > the best way), you could always simply edit the aliases file and put > the following lines in: > > bin: /dev/null > news: /dev/null > > (and so on for each one) > > > Depends on how the admin wants to handle it. > > > Mark. > > >> >> --- Sean Kelly <smkelly@zombie.org> wrote: >>> On Fri, Jun 21, 2002 at 06:01:16PM -0600, Brett >>> Glass wrote: >>> ... >>> > A client recently called me in puzzlement, saying >>> that his system was >>> > misbehaving, and it turned out that this was what >>> had happened. The address >>> > "news@victim.com" had somehow wound up on quite a >>> few spammers' lists. He'd >>> > never used or hosted netnews, and so had no need >>> for the pseudo-user. But that >>> > pseudo-user was there by default, and the system >>> dutifully created a mailbox >>> > for him/her/it when the very first spam arrived. >>> It started growing by leaps >>> > and bounds until it was -- I kid you not! -- >>> several hundred megabytes in >>> > size. At which point the partition ran out of >>> room. >>> > >>> > It seems to me that pseudo-users should be >>> non-mailable, just as a basic >>> > security policy. Ideas for the best way to >>> implement this in the default >>> > install? >>> >>> If you look at /usr/src/etc/mail/aliases, you'll see >>> that pseudo-users are >>> mapped to root. I also see news in there: >>> news: root >>> >>> usenet: news >>> >>> >>> It seems to me that the best way to prevent such >>> things happening would be >>> to keep your aliases files up to date. Use >>> mergemaster and also maintain >>> the file for any pseudo-users you may add. At some >>> point, the >>> administrator has to become responsible for the >>> system they administer. >>> >>> -- >>> Sean Kelly | PGP KeyID: 77042C7B >>> smkelly@zombie.org | http://www.zombie.org >>> >> > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4086.66.171.47.179.1024712014.squirrel>