From owner-freebsd-security Fri Jun 21 20:36: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.gbronline.com (mail.gbronline.com [12.145.226.4]) by hub.freebsd.org (Postfix) with ESMTP id 0303237B410 for ; Fri, 21 Jun 2002 20:35:57 -0700 (PDT) Received: from daleco [12.145.236.93] by mail.gbronline.com (SMTPD32-7.10) id A04527960048; Fri, 21 Jun 2002 22:34:29 -0500 Message-ID: <004301c2199d$dbacf3e0$5dec910c@daleco> From: "Kevin Kinsey, DaleCo, S.P." To: "Mark Hartley" , "twig les" Cc: References: Subject: Re: Possible security liability: Filling disks with junk or spam Date: Fri, 21 Jun 2002 22:35:29 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Better yet, comment out the lines in /etc/aliases, which will cause the mail to be returned since that user won't exist. Why increase the spam traffic by the use of the bitbucket? If the mail doesn't come back they just keep sending...... Kevin Kinsey ----- Original Message ----- From: "Mark Hartley" To: "twig les" Cc: Sent: Friday, June 21, 2002 8:06 PM Subject: Re: Possible security liability: Filling disks with junk or spam > > On 22-Jun-02 twig les wrote: > > Would it be viable to un-map the psuedo-users or would > > that break something? > > > > If you don't want to forward their messages to root (which I think is the best > way), you could always simply edit the aliases file and put the following lines > in: > > bin: /dev/null > news: /dev/null > > (and so on for each one) > > > Depends on how the admin wants to handle it. > > > Mark. > > > > > > --- Sean Kelly wrote: > >> On Fri, Jun 21, 2002 at 06:01:16PM -0600, Brett > >> Glass wrote: > >> ... > >> > A client recently called me in puzzlement, saying > >> that his system was > >> > misbehaving, and it turned out that this was what > >> had happened. The address > >> > "news@victim.com" had somehow wound up on quite a > >> few spammers' lists. He'd > >> > never used or hosted netnews, and so had no need > >> for the pseudo-user. But that > >> > pseudo-user was there by default, and the system > >> dutifully created a mailbox > >> > for him/her/it when the very first spam arrived. > >> It started growing by leaps > >> > and bounds until it was -- I kid you not! -- > >> several hundred megabytes in > >> > size. At which point the partition ran out of > >> room. > >> > > >> > It seems to me that pseudo-users should be > >> non-mailable, just as a basic > >> > security policy. Ideas for the best way to > >> implement this in the default > >> > install? > >> > >> If you look at /usr/src/etc/mail/aliases, you'll see > >> that pseudo-users are > >> mapped to root. I also see news in there: > >> news: root > >> > >> usenet: news > >> > >> > >> It seems to me that the best way to prevent such > >> things happening would be > >> to keep your aliases files up to date. Use > >> mergemaster and also maintain > >> the file for any pseudo-users you may add. At some > >> point, the > >> administrator has to become responsible for the > >> system they administer. > >> > >> -- > >> Sean Kelly | PGP KeyID: 77042C7B > >> smkelly@zombie.org | http://www.zombie.org > >> > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message