From owner-freebsd-security  Fri Jun 21 22:13:14 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mail.gbronline.com (mail.gbronline.com [12.145.226.4])
	by hub.freebsd.org (Postfix) with ESMTP id F041937B409
	for <freebsd-security@FreeBSD.ORG>; Fri, 21 Jun 2002 22:13:09 -0700 (PDT)
Received: from daleco [12.145.236.93] by mail.gbronline.com
  (SMTPD32-7.10) id A70928590048; Sat, 22 Jun 2002 00:11:37 -0500
Message-ID: <02b801c219ab$6d28fd20$5dec910c@daleco>
From: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz>
To: <freebsd-security@FreeBSD.ORG>
Subject: ReL  Possible security liability: Filling disks with junk or spam
Date: Sat, 22 Jun 2002 00:12:37 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> ----- Original Message -----
> From: "Darren Pilgrim" <dmp@pantherdragon.org>
> To: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz>
> Cc: "Mark Hartley" <mark@work.drapple.com>; "twig les"
<twigles@yahoo.com>;
> <security@FreeBSD.ORG>
> Sent: Friday, June 21, 2002 11:40 PM
> Subject: Re: Possible security liability: Filling disks with junk or spam
>
>
> > "Kevin Kinsey, DaleCo, S.P." wrote:
> > >
> > > Better yet, comment out the lines in /etc/aliases,
> > > which will cause the mail to be returned
> > > since that user won't exist.
> > >
> > > Why increase the spam traffic by the use
> > > of the bitbucket?  If the mail doesn't come
> > > back they just keep sending......
> >
> > Without the aliases(5) entries, the mail will be delivered
> to local mailboxes for those pesudo-users, eventually
> filling the disk if you don't monitor disk usage.  This was
> precisely the problem for Brett's client.  <
>
 Doh!  Indeed it does.......though
 I had to reconfig a basically default
 /etc/aliases to get it to do this...
>
> >IMO the proper way to handle this is to use an MTA
> that has some kind of access-control mechanism to
> restrict mail delivery to non-user accounts in addition to
> having a forwarding mechanism for them.<
>
>
 Seems reasonable.  Or just do as /etc/aliases
 instructed in the first place...why do we only
 complain when caught in violation of our own
 policies?

 KDK



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message