[Exim] rejecting mail to system accounts from outside

Top Page
Delete this message
Reply to this message
Author: Jeremy C. Reed
Date:  
To: exim-users
Subject: [Exim] rejecting mail to system accounts from outside
Some spammers send mail to system accounts like sync or usenet (often with
forged sender with local hostname).

Also, in most situations, mail to "root" would only originate from an
organization's own systems.

Anyone want to share ideas for rejecting mail that originates from remote
mailer that are sent to system accounts, like news or sync?

I am thinking that I could just remove all these un-needed users and
aliases, but then I would need to check for each OS upgrade.

Or just /dev/null the mail. Or :fail: the mail.

But, maybe someday some system cron job or other local tool will email to
one of these accounts. So maybe I should use a filter or something to
determine if the mail originated locally and then only accept it.

What do you do?

Thanks,

Jeremy C. Reed

  http://www.bsdnewsletter.com/  -- BSD news and resources
  http://www.isp-faq.com/        -- find answers to your questions