A good reason to not share your news spool with any other files
On my transit server, I serve webpages, accept mail, have a ftp server, and pass usenet news from various internal servers out to the people I exchange news with. Most of these services are fairly well behaved, but usenet is, as befitting a cesspool, capable of surprises.
This morning, around 1am, the copy of Postoffice that I run on gehenna started to shout bitterly about finding viruses everywhere. And the viruses were actually virus library unpack errors. After making a couple of passes at reloading the virus definitions (in case they were corrupt, which they weren't) I checked this disk space, and discovered, to my intense dismay, that gehenna's spool disk had a whopping 7mb free on a 10gb disk (which usually has 4gb free, even after including the news spool.)
Think this might have something to do with the virus scanner complaining bitterly about there not being enough room to run the virus scanner?
And, look, there is a new newsgroup -- alt.mag.playboy -- with lots of nice fat articles in it, to the tune of 5gb! worth of what I suspect are miracles of photoshop and airbrushing. And, even more importantly, it's 5gb worth of buffer area that means that mail won't work.
It's possible that there is some sort of mail message to root about space being low, but FreeBSD has the decidedly unfriendly behavior of sending lots of mail out to root about various trivial things (the ones I particularly like are the mail messages that are sent out from innd, to the order of "I'm not running now!" "I'm running now!" every time an expire is run.
But, I suspect that what I'll do is the old fashioned method of putting up a firewall; I'll just bung another disk onto the barbie and move the news spool over to it, and if it ever fills up I'll just do the Unix equivalent of FORMAT NEWS: and let innd refill it from scratch.
But in the short term, it's time to add disk space checks into Postoffice, so it won't accept mail unless there's a reasonable amount of disk space for it to store the silly things. And it's time to tell innd to not accept any article larger than 50k, just to make the denial of service attacks that much more difficult.