0

I have a fresh exim4 install without any tweaks on a Debian 8.6 machine.

I use it to send emails from PHP:

; /etc/php5/fpm/conf.d/mail.ini 
[mail function]
sendmail_path = /usr/sbin/exim4 -t
mail.add_x_header = On
mail.log = syslog

Recently we began to receive a lot of spam emails, which exim tries to send back, because of inexistent recepients.

So, I ran exim statistics tool and got:

# /usr/sbin/eximstats -ne -byhost -bydomain -byemail /var/log/exim4/mainlog

Top 50 local senders by message count
-------------------------------------
  Messages      Bytes    Average   Local sender
       603     1395KB       2368   Debian-exim
        38      127KB       3422   website1user
        33       94KB       2916   website2user
         7       91KB       13KB   website3user

Normal sites send tens of emails per day, and Debian-exim user sends hundreds of ones to some random addresses, which I even don’t know.

How can I completely deny some specified users to send emails through exim4?
Should I deny Debian-exim user? What is it used for?
Notice that I mean not sender email addresses to deny (they can be replaced with no effort in headers of the email) but local users here.

(Maybe I have completely lost an understanding of situation?)

Thank you.

Sasha MaximAL
  • 115
  • 4
  • This is a normal letter, formed by local shippers - your php scripts. I believe that *websiteXuser* - user names under which the work sites. You need to examine the `/var/log/exim4/mainlog` for the person to whom the emails from *websiteXuser* is addressed. This will provide information to fix problem. – Slipeer Jan 13 '17 at 14:31
  • **websiteXusers** send legit emails: all of them are normal and legitimate. My main concern is about abnormally huge amount of letters from **Debian-exim** account. How can this be? – Sasha MaximAL Jan 13 '17 at 14:56
  • Then check it recipients and ID. `exim -Mvh ` command will show you this message headers, and `exim -Mvb ` show it's body. – Slipeer Jan 13 '17 at 15:03
  • Maybe it’s easier to deny **Debian-exim** to send any letters? – Sasha MaximAL Jan 13 '17 at 15:18
  • It's not a good idea. Letters from the **Debian-exim** likely to contain diagnostic information about delivery problems - you should check their content and to whom they are addressed (probably it for root). – Slipeer Jan 16 '17 at 06:16
  • They are for random addresses, not even for local users. that *IS* the problem which I am trying to solve. – Sasha MaximAL Jan 17 '17 at 12:19
  • Can you provide example exim main log for this mails in your question? – Slipeer Jan 17 '17 at 12:21

0 Answers0