From owner-freebsd-security  Fri Jun 21 21:40:31 2002
Delivered-To: freebsd-security@freebsd.org
Received: from spork.pantherdragon.org (spork.pantherdragon.org [206.29.168.146])
	by hub.freebsd.org (Postfix) with ESMTP id 61F5537B404
	for <security@FreeBSD.ORG>; Fri, 21 Jun 2002 21:40:28 -0700 (PDT)
Received: from spark.techno.pagans (spark.techno.pagans [4.61.202.145])
	by spork.pantherdragon.org (Postfix) with ESMTP
	id 0FA3A471DA; Fri, 21 Jun 2002 21:40:23 -0700 (PDT)
Received: from pantherdragon.org (speck.techno.pagans [172.21.42.2])
	by spark.techno.pagans (Postfix) with ESMTP
	id 21EA3FDA0; Fri, 21 Jun 2002 21:40:19 -0700 (PDT)
Message-ID: <3D13FFB2.39A80570@pantherdragon.org>
Date: Fri, 21 Jun 2002 21:40:19 -0700
From: Darren Pilgrim <dmp@pantherdragon.org>
X-Mailer: Mozilla 4.76 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz>
Cc: Mark Hartley <mark@work.drapple.com>,
	twig les <twigles@yahoo.com>, security@FreeBSD.ORG
Subject: Re: Possible security liability: Filling disks with junk or spam
References: <XFMail.020621180634.mark@work.drapple.com> <004301c2199d$dbacf3e0$5dec910c@daleco>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

"Kevin Kinsey, DaleCo, S.P." wrote:
> 
> Better yet, comment out the lines in /etc/aliases,
> which will cause the mail to be returned
> since that user won't exist.
> 
> Why increase the spam traffic by the use
> of the bitbucket?  If the mail doesn't come
> back they just keep sending......

Without the aliases(5) entries, the mail will be delivered to local
mailboxes for those pesudo-users, eventually filling the disk if you
don't monitor disk usage.  This was precisely the problem for Brett's
client.  IMO the proper way to handle this is to use an MTA that has
some kind of access-control mechanism to restrict mail delivery to
non-user accounts in addition to having a forwarding mechanism for
them.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message