On Wed, Jan 03, 2001 at 12:52:49PM -0500, Greg Owen wrote:
> In theory, you are correct, although this is a Denial-Of-Service
> attack rather than a strict security breach.
> In practice, a local user has many other avenues of attack similar
> to this, and for all of them the fix is quite simply to throw the user off
Yes; definitely. There's nothing special about local users (though they
do have more potential for mischief). A local or remote user could give
you a large email to be delivered to a slow remote mail server which,
if send enough times, can use up all your remote delivery slots and
'clog the remote queue'.
Such is life. Analyse your logs. Watch your local/remote concurrency.
Wield a big stick.
james
--
James Raftery (JBR54)
"Managing 4000 customer domains with BIND has been a lot like
herding cats." - Mike Batchelor, on [EMAIL PROTECTED]
