[exim] restriction on aliases of a webserver

Hello,

on a webserver, users are sending mails by calling /usr/sbin/sendmail.
If the mail cannot be delivered to its recipient, exim looks at
~/.forward or at the system-aliases file where it can send the
bounce-message to. So far, everything is fine. But I'm a bit afraid that
somebody could abuse the system by watching all the user-accounts in
/home and sending spam to them. Of course I find out the "criminal" very
easily by looking into the headers exim writes in any email a
spam-victim forwards to me. But rather than disabling the
spam-originators account, I would like to prevent the whole
abuse-possibility. Is it possible to configure exim so that bounces can
be send to the user, but the users cannot send mail to each other (as if
the user is unknown)? This webserver is a webserver only, exim is not
listening on port 25.

Regards
Marten