Our experience was a bad one. Fortunately the night admin found it
and nixed the problem. The auto-ack script was written by a tech
that had left a year or so earlier. The script sent an auto-ack to
the sender if the sender hadn't received an auto-ack in 3 months or
more. It contained a helpdesk survery. The replies were filtered
and acked again and sent to 3 hard-coded addresses. One of the 3
users left. After his account grandfathered and was removed, a mail
loop was created where the auto-ack would auto respond to the bounce
and to the bounce of the bounce and to the bounce of the..... You
get the idea.
I've never been fond of quotas except for very high hard quotas that
aren't normally reachable, to prevent a drive space DoS. That can
create another DoS though where a user can't receive mail. Say I'm a
student that needs more time to finish a paper that I'm supposed to
email to my professor. I know there is a 20MB quota on his mail
spool so I have a buddy spam him through a few open relays and
continue doing so until I finish my paper. "Sorry prof, I tried to
turn it in but it bounced.". That's a possibility. Every situation
is different. Some need it, some don't. Good luck!
Justin
At 12:04 PM -0400 10/18/01, Paul Chvostek wrote:
I see your point, but I can't say I agree with it. ;-) I feel that
proper use of quotas gives me a much needed degree of control over
my mail spool that no amount of after-the-fact policing can provide.
Anything set up badly can be ... well, bad. When we first installed
mail quotas, we put 20MB hard limits on user mailboxes, and no limits
on staff/office mailboxes. We were hit *once* by an idiot user who
emailed our sales and support departments over a thousand times, but
the resultant spool file was still only a couple of MB.
If I ever experience an event where a DoS attack affects sales or
support mailboxes, I may change my tune. But for the moment, the
convenience of this automated disk space protection far outweighs
the remote eventuality of an attack.
As for the auto-ack script ... well, if I wasn't already confident that
ours worked 100%, your experience would be enough to convince me of the
value of having quota limits set on the sales mailbox as well. :)
On Thu, Oct 18, 2001 at 09:05:56AM -0500, Justin Shore wrote:
I've never been a big fan of quotas on mail spools because they can
easily and quickly stop the flow of legit mail. A quota like that
can be used as a DoS attack against you. Fills all their salesreps
mail spools with junk mail and they won't be able to receive customer
mail. Honestly I think it's a bad bad thing. However I have also
seen a renegade auto-ack script fill two mail spools with around
1.5GB of mail in a very short period of time. I think assigning a
hard quota of around 100MB is a good idea. That way a user can't
consume all available drive space. Write a script to mail a form
letter to all users with a mail spool larger than X. In that form
letter make sure you describe the way to turn of the "Leave mail on
server" function in a couple of browsers. Also include their disk
usage on that spool. Send the first one to the user only. Run it
again the next day. If the user still hasn't fixed the issue, CC an
> admin.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail