I've discovered a bug in smail 3.1.28.1 -- it allows any local user to read any file. A quick way to fix this is to put -smtp_debug in your smail config. I'll post an exploit script after a couple of days -- enough time hopefully for people to take some action. I've also tried to contact the makers of smail, but the only address I have [smail-bugs@veritas.com] bounces. Anyone who has a more accurate address, please mail me with it. FYI, many linux distributions ship with smail 3.1.28.1. James -- James Abendschan jwa@pine.cse.nau.edu change for the machines