Yesterday, another of our mailboxes got joe-jobbed, just like last week. Again, it was one of our Exim servers (yes, one got done along with a qmail last week). Again, it was an address that should never appear as the SMTP sender. Again, I put something like
deny message = 553 That address is not used for outgoing email so should never get errors - please telephone us if in error senders = : recipients = !/etc/exim4/permitted-envelopes
CHECK_RCPT_LOCAL_ACL_FILE = /etc/exim4/local-rcpt.acl to
/etc/exim4/conf.d/main/02_local_options, put all permitted envelope addresses into
/etc/exim4/permitted-envelopes, then ran
/etc/init.d/exim4 reload and the flood stopped.
So far, it seems to be working like it should. Is there a drawback I haven’t spotted yet, apart from the obvious problem of needing to list all outgoing envelope addresses?