We primarily want to prevent users from performing normal login activities
on our mail server keeping the load to a minimum. We are not aiming for
those who choose to purposely cripple our server. If we notice such users
trying to hurt our machine, we will suspend their account immediately and
then probably delete. We monitor our servers continuous and would notice
any unusual behavior.
We have already experienced problems with procmail creating infinite loops
on our servers. Even though users did not spawn a shell, they did manage
to increase the load quite a bit through incorrectly written .procmailrc.
Because processes are ran as root, they also managed to exceed their
quotas. Any suggestions on how to deal with this problem or is this a
case by case?
Hm. I don't know exactly our installation, but procmail has the 's' flag
-rwsr-xr-x 1 root software 65504 Nov 7 1996
And I checked the id of the running filter: It's the one of the calling
user. So maybe you have not set this flag or there is something to the
configuration of sendmail which does the trick.
computer science and philosophy
at University of Paderborn, Germany