Odhiambo G. Washington wrote:
> I am a bit stuck with a situation where spammers are getting mail to my
> address, being the "manager" of a system that handles virtual domains.
> Of late, I have received spam address to {root|uucp|test}@???
> for a couple of domains I host on a server.
>
> exim -bt uucp@??? says the address is undeliverable. However,
> my address seems to get nicely tucked in the Envelope-To: header and so
> the spam ends up in my mailbox.
>
> Perhaps there are some checks that I need that are missing.
>
> What is the easiest way to block such mail?
>
Wash,
There has to be something more to it. i.e. at first glance, that what you fed
-bt was not actually the same address that had succeeded.
- looking at the 'entire' critter, not just what an MUA displays, is there a
'valid' address of yours there anywhere? Including any valid alias expansion, or
any userland address that may be forwarded back to you via an expansion?
(Likewise, have you removed all 'uucp' related-anything from the system)
- IF NOT, AND you are relying on a router-walk in 'verify mode' for require
verify = recipients, then the logs should show which router(s) were in play.
We use some 'eat anything' unseen routers for archiving dodgy traffic so as to
analyze potential false-positives, and 'no_verify' is not what we want on those.
I call those 'leaky', as they would tell a 'require verify' that they are
willing to accept an otherwise-invalid address.
Ergo, we enter 'postmaster' and other system aliases in the DB, then use a DB
lookup to perform the functional equivalent of 'require verify = recipient'
instead of the normal router query.
YMMV - but that is a hard one to fool, and an easy one to troubleshoot.
Bill