On Dec 4, 2006, at 5:27 PM, Charles Sprickman wrote:
vdelivermail, maildrop, qmail-local - none are setuid root. I see this on users that have pop/imap access closed off. So I think that means we're talking about something doing the delivery is doing this.
So how do they pick up their email? Or are you saying that it happens on accounts where no one could possibly pick up the messages?
What version of vpopmail are you using? I made some major changes to vdelivermail around 5.4.12 (or so) that may have improved handling of the maildirsize file, but since vdelivermail never runs as root, I don't see how it could rebuild the maildirsize file as root.
To the best of my limited knowledge, vdelivermail will change maildirsize, as will the POP or IMAP server, but not much else.
EXCEPT, vmoduser and some of the other command-line tools. Is it possible that an admin on the box is running one of the command-line tools to modify the user, resulting in the maildirsize file getting rebuilt?
-- Tom Collins - [EMAIL PROTECTED] Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/ QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/