Mark Elkins via Exim-users <exim-users@???> (Mo 14 Mai 2018 10:23:52 CEST):
>
> I need help. (pun included)
>
> Someone is using "please@???" as the source of spam e-mail. The
> address does not exist...
> delivering 1fI8dS-0008Pd-DC (queue run pid 700)
> LOG: MAIN
> ** please@???: Unknown user
So, you're receiving the bounces, because somebody uses
please@??? as a sender address to spam the world?
(That is, sending messages to mostly non-existent accounts, which in
turn accept the message and bounce later to the faked sender
please@???)?.
> ...but I do manage the domain "help.co.za"
…
> stops local delivery. What would be the most appropriate means to
> /dev/null this crap. I'm running my users from a MySQL database and
> serve a few hundred domains - each with multiple email users. I'm
> running a pretty new version of exim and do this on a Gentoo machine.
>
> Either - create a user by the appropriate name and forward it to what???
> or - somehow tell exim when it gets an unknown user to /dev/null it ???
In case you never ever use please@??? as a sender, you can block
all messages destined to this address. (Ideally this is done
automatically doing inbound recipient verification.)
A fast (but ugly) solution until you got the right way, could be:
deny message = This address didn't send mails ever.
senders = :
local_parts = please
domains = help.co.cz
As one of the very first ACL in your acl_check_rcpt (or approbiate)
block.
If your load settles down a bit, we can discuss better ways :)
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
