Yesterday, another of our mailboxes got joe-jobbed, just like last week. Again, it was one of our Exim servers (yes, one got done along with a qmail last week). Again, it was an address that should never appear as the SMTP sender. Again, I put something like
deny message = 553 That address is not used for outgoing email so should never get errors - please telephone us if in error senders = : recipients = !/etc/exim4/permitted-envelopes
into /etc/exim4/local-rcpt.acl
, added CHECK_RCPT_LOCAL_ACL_FILE = /etc/exim4/local-rcpt.acl
to /etc/exim4/conf.d/main/02_local_options
, put all permitted envelope addresses into /etc/exim4/permitted-envelopes
, then ran update-exim4.conf
and /etc/init.d/exim4 reload
and the flood stopped.
So far, it seems to be working like it should. Is there a drawback I haven’t spotted yet, apart from the obvious problem of needing to list all outgoing envelope addresses?
One Response to Another Wednesday, Another Joe-Job