[Sussex] Exim4....

Steven Dobson steve at dobson.org
Wed Nov 1 16:28:01 UTC 2006 

Mark

On Wed, 2006-11-01 at 14:23 +0000, Mark Harrison wrote:
> How do I create a “dummy mailbox” into which I can automatically
> divert mail to certain “bogus addresses” that I know are only used by
> spammers.
> 
> I have the lines:
>   sales: junk
>   mph: junk
>   accounts: junk 
> 
> In my /etc/aliases, so I need to know how to create a “junk” box that
> will auto-delete everything rather than hang around taking up
> disk-space.

The lines in your aliases file redirect email from sales, mph & accounts
(which may or may not be users accounts) to the mailbox of the user junk
(unless you have another line in your aliases files that points "junk"
at another user).

I don't know how exim is configured on your system.  So I'll just talk
about the exim config you may want to try and leave you to figure out
how to plug it into your setup.

1).  You could just create a "junk" user account and then process the
mail using a ".forward" file.  I assume that your exim configure goes
looking for the .forward file in the user's home directory.  If so just
placing "/dev/null" in the ".forward" file should do the trick (if I
read the Exim Config book correctly).
 
2).  Exim can, however, be configured to stop emails before they are
delivered to your server.  This is done with ACL scripts.

When a remote email server connects to your e-mail server, after
identifing itself, the remote server will issue the "MAIL FROM:" command
to start the transfer of a e-mail from it to you.  The address that
follows the "MAIL FROM:" command could be anything.

After that a number of "RECV TO:" commands are send showing who the
email is to be delivered to.  There could be more than one because the
same e-mail could be sent to "mark at example.com" and "sales at example.com".

After the "MAIL" and "RECV" commands have been accepted by your server
the remote system issues the "DATA" command and starts transmitting the
email headers and body.

It is normal to have an "acl_smpt_rcpt" script configured.  Look for the
line "acl_smtp_rcpt = acl_check_rcpt" which configures the
"acl_check_rcpt" script to be run when the "RCPT" command is issued.

The exim book gives the following ACL snipit on how to stop emails
coming from a given source to a configurable list recipients:

     deny sender     = badguy at evil.example.com
          recipients = lsearch;/etc/blockbadguy

So adding:

    deny recipients = lsearch;/etc/junkblocker

to the "acl_check_rcpt" script should block email to the local
receipients listed in "/etc/junkblocker".

Make sure that your next ACL rule has either an "accept", "defer",
"deny", "drop", or "warn" verb at the front so you don't change the
meaning of the test by switching to "deny" mode:

    # Block to a junk list as this is always spam
    deny recipients = lsearch;/etc/junkblocker

    # Accept to postmaster as must have to.
    accept local_parts  = postmaster
           domains      = +local_domains


Be warned the RCPT script is normally where thinks like open relay
blocking are configured so be careful.  I suggest testing on a safe
system first.

Steve

[1]
Note: The destination envelope address is not the same thing as the
"To:" header.  Destination envelope addresses are normally re-written in
deliverly of an e-mail while it is not normal to change the "To:"
header.

More information about the Sussex mailing list