Daniele Gallarato wrote:
> thanks a lot, it works great!!
>
> Daniele Gallarato
.. and (hopefully) after a short while to settle what you actually WANT
to accept, you'll modify or even disable it.
Problem with running a catch-all is that it not only collects
spam/malware - it sort of encourages it, as the 'bots report success
after success at delivering their payload to your destination.
As with an old-style Russian 'Shock Army', they are often geared to
exploit anything that resembles a break-through and to Hell with all
else. Their 'sputniks' pile onto the teat, and load goes up.
What you might consider instead?
Setting-up aliases to cover each of the several possible *genuine*
mis-keying of each of your legitimate recipients addresses.
Same again with having an 'info@', 'webmaster@' 'hostmaster@' 'abuse@'
and the like as well as 'postmaster@'.
NONE of these should actually go to 'root', BTW.
Not ever.
...But either to an off-box acocunt you use for part of your admin, ELSE
an UN-privileged or 'virtual - (no-shell-at all), synthetic user's box
you can subscribe to and check now and then, from on OR off the server.
You'll STILL get SOME spam/malware, but THAT user couldn't execute it
for love or blood, even if you fat-finger something. No privs.
In your acl_smtp_rcpt you can then safely run a valid recipient test,
and reject a great deal more of the garbage whilst still 'in-session'.
require verify = recipient
.. is a powerful helper, or, as I code it;
deny
!verify = recipient
... and a catch-all cripples it.
Bill
--
韓家標
