I haev one server that I work with that is attracting some bad apples as clients. We, like most everyone, allowed the user nobody to send mail. Well, someone was abusing it and sent out about 20,000 spam emails. We also get occasional mail bombs.
We compiled PHP with SuExec, but that caused way to many problems for the legitimate users of the system, so instead we checked the box to prevent the user nobody from sending emails.
Guess what? 20,000 messages later, we are back at suexec.
Can someone else confirm that this option is really broken, or am I missing something int eh big picture? How can the user nobody send out 20,000 messages with that box checked?