[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Exim and driver=localuser

Unless I'm mistaken, the default Debian exim config allows for local
delivery to users based on the /etc/passwd file:

(for exim3)

    # This director matches local user mailboxes.

      driver = localuser
      transport = local_delivery

(and for exim4)

      debug_print = "R: local_user for $local_part@$domain"
      driver = accept
      local_parts = ! root
      transport = LOCAL_DELIVERY

What that means is mail can get delivered to users like "bind" and
"games" because they are listed in /etc/passwd.  AFAIK, those should
never get mail, so should be rejected.

What I'm seeing is /var/mail/{bind,games,sshd} getting filled up with
spam bounces (spam is being sent using these user names).  And if, by
chance, the target of the spam does sender validation (asking my
machine is "games" is a real user) the mail will be considered from a
real user.

So, I'm wondering what others do to take steps to prevent usage of
these common names in /etc/passwd as valid mail addresses.

I'm also wondering if the default Debian config should prevent this in
some way.

I also wonder if all the entries in the default /etc/passwd are
needed.  Do I really need user "uucp"?

Bill Moseley

Reply to: