From owner-freebsd-chat  Wed Oct 30 17:45:32 1996
Return-Path: owner-chat
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id RAA17044
          for chat-outgoing; Wed, 30 Oct 1996 17:45:32 -0800 (PST)
Received: from mailhost1.cac.washington.edu (mailhost1.cac.washington.edu [140.142.32.2])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id RAA17031
          for <chat@FreeBSD.org>; Wed, 30 Oct 1996 17:45:29 -0800 (PST)
Received: from Ikkoku-Kan.Panda.COM (UW-Gateway.Panda.COM [192.107.14.65]) by mailhost1.cac.washington.edu (8.8.2+UW96.10/8.8.2+UW96.10) with SMTP id RAA20794; Wed, 30 Oct 1996 17:45:22 -0800
Date: Wed, 30 Oct 1996 17:35:50 -0800 (PST)
From: Mark Crispin <MRC@Panda.COM>
Subject: Re: /var/mail (was: re: Help, permission problems...) 
To: "Jordan K. Hubbard" <jkh@time.cdrom.com>
cc: chat@FreeBSD.org
In-Reply-To: <1817.846725320@time.cdrom.com>
Message-ID: <MailManager.846725750.3853.mrc@Ikkoku-Kan.Panda.COM>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Sender: owner-chat@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

On Wed, 30 Oct 1996 17:28:40 -0800, Jordan K. Hubbard wrote:
> > 8) Don't allow cretins to use your system.
>
> Except that ISPs are in the business of delivering service to cretins.
> It's right in the business plan.

Yup, which is a reason (there are others) why security-conscious ISPs don't
use mail spools.

As long as you have a mail spool, you still give out some very important
privacy information about the user -- a bad guy can learn how much mail some
other other has, when it was last written and (depending upon the OS) even
when it was last read.

Oh, and while you're at it, be sure that you take away setuid/setgid
permissions from the mailq program, or at least modify it so that J. Random
User only sees the messages she has queued.