On Wed, 22 Dec 1999, Keith Warno wrote:
> > They can do that anyhow by sending to mailer-daemon, root, or another
> > system account.
>
> Well they could do that sending to ANYONE pretty much, eh?
Yes, my point exactly, though I wanted to make it clear that real,
predictable accounts are even more vulnerable to DoS abuse.
> Mail delivery for system accounts should be eliminated via the
> qmail-users(5) mechanism. Ideally it would be nice for there to be a
> control file -- perhaps ``badrcptto'' -- to reject mail for such users at
> the door.
Hunh? Eliminate mail to mailer-daemon? To <>? I think not.
> Heh.. maybe there's already something like that and I haven't seen it. ;-)
There was a badrcptto patch, IIRC. There's also a pretty huge patch that
allows the server to reject unknown addresses while the SMTP session is
still active, rather than bouncing later, but one should note that doing
so can break the security design of the basic qmail setup, depending on
how local users are defined.
-M
Michael Brian Scher (MS683/MS3213) Anthropologist, Attorney, Policy Analyst
Mainlining Internet Connectivity for Fun and Profit
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Give me a compiler and a box to run it, and I can move the mail.
