How to prevent mail to non-existent accounts

[Ian Donaldson]

>From article <11680 at cgl.ucsf.EDU>, by gregc at cgl.ucsf.edu (Greg Couch):
> A bit of background:  we share a password file amoung several 4.3 systems
> and restrict access to a particular system by having login fail if the
> user doesn't have a home directory on that system.  Thus we don't want
> users to get mail on machines they can't access.
> 
> Enclosed is a small enhancement to reject mail to users that don't have
> home directories.  Depending on how your site manages accounts, you might
> want to disable mail to users with non-standard shells or to users whose
> password entry is "*" or somesuch.

A related problem is when one of the disks containing the users' home
directory drops dead and the machine is brought up without that disk
online.  The ".forward" files that users' have aren't accessable anymore,
so the mail ends up in /usr/spool/mail.  When the disk then come
up, and the home directories return, the ".forward" files do also, and
people wonder (on other machines) where their mail went to...

This fix would cause such mail to bounce, which at least tells somebody
(the sender) what has happened to it.

What I think would be preferable in this case is for the mail to be held-over
(in /usr/spool/mqueue) until the home directory of the recipient can 
be accessed, so that a ".forward" file can be searched for.

I think that the fix in this article should involve something along the
lines of... if /usr/spool/mail/user is mode 000 then no mail should
be receiveable for that user on this machine, and so bounce the mail.

This makes it easy to tune... just create a mail box file, mode 000
for such users!  Put some crap in it if you have scripts that clean
out empty mail boxes upon reboot...

If the user had a mailbox already there, then the user could even
turn off/on the feature himself via chmod(1) (since he owns the mailbox file)

The mod would probably go in BSD /bin/mail, to check for mode 000 files.

Ian D