On Wed, Feb 08, 2006 at 10:19:03AM +0200, Brent Clark wrote:
> Hi all
>
> Yesterday someone sent an email to uucp@??? (my domain), and now
> Im seeing this
>
> 2006-02-08 07:32:34 1F6SuX-0002gj-Ph == uucp@???
> R=userforward defer (-1): failed to stat /var/spool/uucp/. (No such file or
> directory)
>
> Did a check on my /etc/passwd file
>
> mail:~# cat /etc/passwd | grep -i uucp
> uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
> mail:~#
>
> So my question is, for the Debian distobution, would it be safe to delete
> this user, or would anyone have another solution to this problem.
if there are no files owned by uucp you may savely remove it
> I know its not doing anything, but I dont like seeing this type of attempts
> / activity in my logs.
as there are some more system accounts one presumably do not want to
receive mail for from remote I'd like to suggest the following:
## globals
# debian 3.1 setting
CONFIG_PATH = /etc/exim4
[...]
acl_check_rcpt:
[...]
accept local_parts = postmaster
domains = +local_domains
# Deny unless the sender address can be verified.
require verify = sender
# forbidden local parts
deny
message = Invalid user
condition = ${lookup{$local_part}lsearch{CONFIG_PATH/blocked_local_parts}{yes}{no}}
# a little tarpit functionality (optional)
delay = 600
create /etc/exim4/blocked_local_parts:
daemon
bin
sys
sync
games
man
lp
mail
news
uucp
proxy
postgres
www-data
backup
operator
list
irc
gnats
sshd
mysql
sympa
fetchmail
Debian-exim
clamav
(exact list depents on your installation)
--
Christian Recktenwald : :
citecs GmbH : exim-users-dist@???
Unternehmensberatung fuer : voice +49 711 601 2090 : Boeblinger Strasse 189
EDV und Telekommunikation : fax +49 711 601 2092 : D-70199 Stuttgart
