On Sun, 20 Jun 1999, Stanley Horwitz wrote:

> On Sun, 20 Jun 1999, Magnus Bodin wrote:
> > Which user names should be reserved in a mail system not to allow users
> > to get mail accounts that might imply that their posess powers that they
> > don't have? 
> > 
> > RFC2142 suggests some; but I would like to get pointers to some security
> > documents.
> 
> Certainly, any that are already in /etc/passwd should be reserved. Chances
> are that you won't need to reserve any other user names.

ok. I was a bit unclear.

If I set up a mail system that provides users virtual mail accounts for
a given domain "example.com", then what "user names" should be reserved
to be fairly assured that they don't easily can pretend that they are
part of the administrative force? So that they don't get emailadresses
like "[EMAIL PROTECTED]" which wouldn't be that wise....

abuse, postmaster, admin, root, mailer-daemon, administrator, info,
sales, support, helpdesk, majordomo, manager, ceo, chief, 

..

and the list goes on. RFC 2142 (http://rfc2142.x42.com) suggest some;
but as I said, if somebody has set up a larger list in a security doc --
then that's what I want.

Any luck in the wordlists that comes with cracking software?

/magnus
--
"MOST USELESS site of the year 1998" 
        --> http://x42.com/urlcalc/


Reply via email to