Information
Theforward file specifies an email address to forward the user's mail to.
Use of theforward file poses a security risk in that sensitive data may be inadvertently transferred outside the organization. Theforward file also poses a risk as it can be used to execute commands that may perform unintended actions.
Solution
Making global modifications to users' files without alerting the user community can result in unexpected outages and unhappy users. Therefore, it is recommended that a monitoring policy be established to report userforward files and determine the action to be taken in accordance with site policy.
The following script will removeforward files from interactive users' home directories
#!/bin/bash
awk -F: '($1!~/(halt|sync|shutdown|nfsnobody)/ && $7!~/^(/usr)?/sbin/nologin(/)?$/ && $7!~/(/usr)?/bin/false(/)?$/) { print $6 }' /etc/passwd | while read -r dir; do
if [ -d "$dir" ]; then
file="$dir/.forward"
[ ! -h "$file" ] && [ -f "$file" ] && rm -r "$file"
fi
done