I've been reading these forums and seeing others with similar problems and I believe it's about time someone, (Cpanel?) step up to the plate and resolve this situation.
Here (for about the 6th time posting here) is the problem:
firstname.lastname@example.org gets ton of spam. He decides to delete email@example.com and creates firstname.lastname@example.org. However the spam keeps coming to email@example.com, but now bounces, and goes into the queue where it sits... Now multiple that by a few dozen users per account, times 200 accounts per box... and you have a real problem.
Every account that the admin or a reseller creates also has with it an email firstname.lastname@example.org associated with it. 99.99% of the users never use that email address, but because spammer use finger (or something else) they always find that login and instantly send millions of spams to it.
Many of us used to use the catchall. That was fine in the days of a civilized internet, but today, it's email anarchy and now we get email@example.com firstname.lastname@example.org, email@example.com etc... even totally random names firstname.lastname@example.org.
Now you add all these together, run top and you see exim sitting there all day long at the top of the chart. You see sever loads going from 1 to 20, even as high as 900 one day, all with multiple runnings of exim.
I completely admit, I don't know the ins and outs of exim, so I need someone, (CPanel?) to step up and find some solution to this.
The first one is simple: if there is no email@example.com account, just FAIL it. To me that's a no brainer. We don't need to bounce it to the admin to tell him there is no such user.
Second, every email account firstname.lastname@example.org should instantly be set to FAIL. IN fact, why (and how) are we broadcasting this information? it's half the login sequence. Sure makes it easier for the hackers and creeps.
Third, on catchalls... we need something, but frankly I don't know what. Maybe someone here has an idea. Perhaps a checkbox system where the admin could log in and either "confirm" or "fail" and email address. If they are confirmed, they pass thru, if they fail, everything to that address just goes away.
In the 12 hours since I last cleared the queue, there are now over 5000 email sitting in there. And I have it set to flush every 24 hours. I can't imagine how much better all of our servers would run if there would be an end to these "lower than pig sh*t" spammers.
The situation, imo, is completely out of hand and all network administrators are wasting untold hours fighting something that should not exist in the first place.