Sheldon T. Hall wrote:
> Writes Uwe Dippel ...
>> I went through google and through the archives of postfix-users, but
>> have yet to understand the consequences of this statement:
>> # trap decode to catch security attacks
>> decode: root
> For information on the vulnerability presented by the "decode" mail account,
> Google ...
> /etc/aliases decode
> ... Aliasing "decode" to "root" means that root would be alerted when there
> is any attempt to exploit the vulnerability.
> Exploitation of the vulnerability generally entails sending a uuencoded file
> as an e-mail to decode@...; if root gets a mail like that, you know
> that someone stuck in a timewarp is trying to crack your system.
> FWIW, I've had decode aliased to root (or to myself) on systems for some
> years, and I've never seen an attempted exploit.
> FWIW2, I have _all_ the unused system accounts (lp, uucp, bin, daemon, etc.)
> aliased to root on my machines,
check_recipient_access may be better if you want to avoid filling up
root's mailbox and you don't want to look at these attacks.