Here is an exim 3 director I had setup, since nothing should even have
been sending any mail to any of these accounts..
You could make an ACL for exim4...
fail_verify_system:
driver = smartuser
domains = mydomain.com
local_parts = daemon:bin:adm:lp:sync:shutdown:halt:mail:news:uucp:games:ftp:amanda
verify_only = true
fail_verify = true
On Tue, 13 Aug 2002, Jeremy C. Reed wrote:
> Some spammers send mail to system accounts like sync or usenet (often with
> forged sender with local hostname).
>
> Also, in most situations, mail to "root" would only originate from an
> organization's own systems.
>
> Anyone want to share ideas for rejecting mail that originates from remote
> mailer that are sent to system accounts, like news or sync?
>
> I am thinking that I could just remove all these un-needed users and
> aliases, but then I would need to check for each OS upgrade.
>
> Or just /dev/null the mail. Or :fail: the mail.
>
> But, maybe someday some system cron job or other local tool will email to
> one of these accounts. So maybe I should use a filter or something to
> determine if the mail originated locally and then only accept it.
>
> What do you do?
>
> Thanks,
>
> Jeremy C. Reed
>
> http://www.bsdnewsletter.com/ -- BSD news and resources
> http://www.isp-faq.com/ -- find answers to your questions
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>