On Wed, Jan 03, 2001 at 12:39:43PM -0500, Mark-Jason Dominus wrote:
>
>
> A local user, eric, can set up .qmail-slow like this:
>
> | sleep 3600
>
> If Eric then sends a few hundred pieces of mail to eric-slow, qmail's
> local queue will fill up, and local mail delivery will be stopped.
> Incoming mail will not be delivered until Eric's 'sleep' processes
> time out.
> Has this been a problem for anyone in practice? It appears to
> constitute a security problem that a single local user can shut down
> all local mail delivery indefinitely.
Surprise surprise, this is not the first time this issue has been
raised. A simple suggestion in 1998 was to have a timeout on qmail-local
deliveries. See:
http://www.ornl.gov/its/archives/mailing-lists/qmail/1998/02/msg00662.html
Regards.
