Re: spam to aliases and system accounts

[Brian <ad44@cityscape.co.uk>]

On Wed 19 Apr 2017 at 20:15:02 +0200, Daniel Pocock wrote:

> When people install Debian (or any distro), they usually get a bunch of
> entries in /etc/aliases and various system accounts (/etc/passwd entries
> with UID < 1000) created by the packages they install.
> 
> I've noticed an increase in spammers targeting some of the more common ones.
> 
> Can the number of aliases installed by default be reduced?
> 
> Do any of the mailers (postfix, exim, etc) provide a convenient way to
> exclude delivery to system accounts by default, or to exclude these
> aliases and accounts from receiving mail from external senders?  Could
> anybody share examples of how they do it or pointers to any blogs or
> wikis with examples?
> 
> Could/should any more be done at the packaging level to minimize this
> problem or is it something that can only be done on a per-site basis?

This is the postinst for exim4-config:

 #initialize /etc/aliases
 writealiases() {
 echo '# /etc/aliases' > /etc/aliases.tmp
 echo 'mailer-daemon: postmaster' >> /etc/aliases.tmp
 for i in postmaster nobody hostmaster usenet news webmaster www ftp abuse noc security ; do
         echo "${i}: root"
 done >> /etc/aliases.tmp
 mv /etc/aliases.tmp /etc/aliases
 }

You would have to sound out and convince the exim4 maintainers. I can
well imagine their enthusiasm for a change might be muted.

-- 
Brian.