Ok, I was wrong about that.
It makes no difference if you use:
*: :fail: No such user here
or
*: :fail:
Either one should produce a rejection during SMTP if email is sent to a nonexistent address. However, having a failure reason afterwards that is sensible is recommended.
If you just use
*: :fail: you get:
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
[email protected]
If you use *:
:fail: some_reason_here, you get:
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
[email protected]
some_reason_here
So use a reason.
However, that isn't your problem. Maybe it is because you have modified your exim? Did you try going to Exim Configuration Editor and resetting all of the default ACLs and config?
Also, I know in WHM / Tweak Settings / Mail you will find:
Default catch-all/default address behavior for new accounts. "fail" is usually the best choice if you are getting mail attacks.
localuser blackhole fail
Do you have it set to localuser, blackhole or fail? Mine is set to fail. It sounds as if this should only be important for new account creation, but maybe not. I'd make sure it was set to
fail.
Mike