Exim and driver=localuser
Unless I'm mistaken, the default Debian exim config allows for local
delivery to users based on the /etc/passwd file:
(for exim3)
# This director matches local user mailboxes.
localuser:
driver = localuser
transport = local_delivery
(and for exim4)
local_user:
debug_print = "R: local_user for $local_part@$domain"
driver = accept
check_local_user
local_parts = ! root
transport = LOCAL_DELIVERY
What that means is mail can get delivered to users like "bind" and
"games" because they are listed in /etc/passwd. AFAIK, those should
never get mail, so should be rejected.
What I'm seeing is /var/mail/{bind,games,sshd} getting filled up with
spam bounces (spam is being sent using these user names). And if, by
chance, the target of the spam does sender validation (asking my
machine is "games" is a real user) the mail will be considered from a
real user.
So, I'm wondering what others do to take steps to prevent usage of
these common names in /etc/passwd as valid mail addresses.
I'm also wondering if the default Debian config should prevent this in
some way.
I also wonder if all the entries in the default /etc/passwd are
needed. Do I really need user "uucp"?
--
Bill Moseley
moseley@hank.org
Reply to: