Hi, Mark - It's a little unclear from your message whether:
- you've got an influx of messages arriving *from* [email protected] that you want to block, or - you've got an influx of messages *to* [email protected] that you want to block. As you mentioned one possibility might be to create a local user of the appropriate name I'll assume it's mail *to* that address you wish to block/get rid of. If you have some sort of aliasing/user mapping that you use in a redirect router one way might be to 'alias' your [email protected] address to one of the special recipients ":blackhole:" or "/dev/null". See the chapter *The Redirect Router* in the *Special items in redirection lists* <https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_redirect_router.html#SECTspecitredli> section. Alternatively you could add an ACL to your Exim configuration that either rejects the recipient address [email protected] when an incoming message says it wants to go to that recipient, or you could instead accept the recipient but then silently discard the message instead of delivering it. For example, something like this (CAUTION: UNTESTED!) in your acl_check_rcpt ACL: deny recipients = [email protected] Put this before any "accept" ACL statements. Then, when an incoming SMTP connection sends a :RCPT TO: [email protected]", your system will reject that recipient address with a 5xx SMTP response code so the message doesn't get into your system but stays on the remote server (which hopefully then won't try and deliver it again as it got a 5xx code rather than a 4xx code). Alternatively use "discard" instead of "deny" and your server will accept the message, send a 2xx code back to the sending server, but then discard that recipient address. If the message was destined for several of your users then the others will still get a copy; you can avoid this by moving the discard into the acl_check_data ACL, as explained in the *Specification* . See the *Access Control Lists* chapter in the *ACL verbs* <https://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html#SECID200> section for more about the deny and drop verbs and their effect when in the rcpt or data ACLs. Those are just quick thoughts to hlep you combat the immediate problem; others might be able to offer more insightful responses. Good luck and let us know how you get on! Cheers, Mike B-) On Mon, 14 May 2018 at 09:28, Mark Elkins via Exim-users < [email protected]> wrote: > > I need help. (pun included) > > Someone is using "[email protected]" as the source of spam e-mail. The > address does not exist... > > delivering 1fI8dS-0008Pd-DC (queue run pid 700) > LOG: MAIN > ** [email protected]: Unknown user > > ...but I do manage the domain "help.co.za" > > I also allow wildcards in addresses - so "*@help.co.za" could be > forwarded to a single "catchall" account and some customers use this to > "fetch" all their e-mails.... > > I'm getting a few 100 per minute which upsets the Load Average - which > stops local delivery. What would be the most appropriate means to > /dev/null this crap. I'm running my users from a MySQL database and > serve a few hundred domains - each with multiple email users. I'm > running a pretty new version of exim and do this on a Gentoo machine. > > Either - create a user by the appropriate name and forward it to what??? > > or - somehow tell exim when it gets an unknown user to /dev/null it ??? > > Second would be better - as long as its logged - How do I do this? > > -- > Mark James ELKINS - Posix Systems - (South) Africa > [email protected] Tel: +27.128070590 Cell: +27.826010496 > For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za > > > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ > -- Systems Administrator & Change Manager IT Services, University of York, Heslington, York YO10 5DD, UK Tel: +44-(0)1904-323811 Web: www.york.ac.uk/it-services Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
