Author: lee Date: To: exim-users Subject: [exim] how to deal with incoming messages sent to <mail@example.com>
Hi,
how is usually dealt with incoming messages that are addressed to
<mail@???>?
Debian has a system account named 'mail', and incoming messages cannot
be delivered to this user (when using maildir) because it has no home
directory. Also, I don't want to receive any mail for this account.
To prevent exim from freezing such messages in the queue, I've set
never_users = root:mail
Now when exim sends a warning message to the sender of the incoming
message after a delay, the message leaks the user ID of the 'mail'
user. IIRC, 'exim -qf' may generate a warning message about the delay
in delivery, and that message also leaks the user ID.
I suppose this might be a general question about dealing with mail sent
to system accounts. Leaking their user IDs may be a security
risk. Maintaining some list to check for users to deny mail for separate
from /etc/aliases and /etc/password isn't a good alternative because
such a list can get out of date.
Perhaps I should specify a minimum user ID and have all incoming mail to
users with an ID lower than that be rejected unless there's a
redirection in /etc/aliases? Or better, won't it be better that exim
doesn't leak the user ID in the first place?
What's common good behaviour here?
--
Knowledge is volatile and fluid. Software is power.
