Mark,
First, unless your OS has some serious security holes that can be exploited
other ways as well, by the time the MTA reads ~/.forward it has given up
root privileges and is running as the recipient. So the only things (s)he
can do from ~/.forward are what (s)he can do from a shell prompt or, for
that matter, from ~/.procmailrc if any email comes in. If that includes
hurting other customers or the system itself, then there are yet some more
security issues on your system that you as the sysadmin need to address
before you let any other users on the box at all. If your system is that
full of holes, a non-malicious user can do something horrible by an innocent
mistake, let alone what a malevolent user could do. Certainly a ~/.forward
doesn't give anybody any additional access or privileges.
Second, if there are no problems of the type I described in the preceding
paragraph, then any bad or good thing a user does in ~/.forward will affect
only his/her own incoming email. It can't hurt anyone else's.
You gain nothing by forbidding ~/.forward files except BOFH points.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail