From owner-freebsd-security Fri Jun 21 22:14:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from edgemaster.zombie.org (ip68-13-69-9.om.om.cox.net [68.13.69.9]) by hub.freebsd.org (Postfix) with ESMTP id E099437B403 for ; Fri, 21 Jun 2002 22:14:44 -0700 (PDT) Received: by edgemaster.zombie.org (Postfix, from userid 1001) id C584E66B05; Sat, 22 Jun 2002 00:14:43 -0500 (CDT) Date: Sat, 22 Jun 2002 00:14:43 -0500 From: Sean Kelly To: twig les Cc: Darren Pilgrim , "Kevin Kinsey, DaleCo, S.P." , Mark Hartley , security@FreeBSD.ORG Subject: Re: Possible security liability: Filling disks with junk or spam Message-ID: <20020622051443.GA31072@edgemaster.zombie.org> References: <3D13FFB2.39A80570@pantherdragon.org> <20020622045559.41921.qmail@web10106.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020622045559.41921.qmail@web10106.mail.yahoo.com> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Jun 21, 2002 at 09:55:59PM -0700, twig les wrote: > When I asked if it would break something to forward > those accounts' mail to /dev/null instead of root, I > meant: do those psuedo-users actually send anything > via mail or everything via syslog? Excuse the strange > question, I'm a psuedo-admin (aka user). Having a username aliased to /dev/null doesn't affect the transmission of mail from that user. Even if there is a daemon that sends mail as that user, the mail will be delivered. The problem arises when there is important incoming mail, such as bounces and errors or alerts. Whether a specific pseudo-user needs to receive mail depends on your particular configuration and needs. If I were running a news server, I'd want to receive mail sent to news@. > --- Darren Pilgrim wrote: > > "Kevin Kinsey, DaleCo, S.P." wrote: > > > > > > Better yet, comment out the lines in /etc/aliases, > > > which will cause the mail to be returned > > > since that user won't exist. > > > > > > Why increase the spam traffic by the use > > > of the bitbucket? If the mail doesn't come > > > back they just keep sending...... > > > > Without the aliases(5) entries, the mail will be > > delivered to local > > mailboxes for those pesudo-users, eventually filling > > the disk if you > > don't monitor disk usage. This was precisely the > > problem for Brett's > > client. IMO the proper way to handle this is to use > > an MTA that has > > some kind of access-control mechanism to restrict > > mail delivery to > > non-user accounts in addition to having a forwarding > > mechanism for > > them. > > > ===== > ----------------------------------------------------------- > Only fools have all the answers. > ----------------------------------------------------------- > > __________________________________________________ > Do You Yahoo!? > Yahoo! - Official partner of 2002 FIFA World Cup > http://fifaworldcup.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Sean Kelly | PGP KeyID: 77042C7B smkelly@zombie.org | http://www.zombie.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message