spam email to user who no longer exists

[keat63]

I've 2 users on a domain who no longer exist, and haven't done for a considerable number of years (10 or more).
These email addresses must be on a spam mailing list somewhere as I'm seeing outbound bounce messages every few minutes 24/7 in my exim reject log.

Yesterday, I sampled 100 records to see if there were any patterns in the sending IP's, but couldn't really see anything standing out, maybe 4 or 5 duplicate IP's at most, so it wouldn't be practical to block them in CSF.

I'm mindful that whilst nothing is being delivered, the server is working on these messages and bounces, when it could be doing something else instead.

Could anyone suggest anything to help.

 

[rpvw]

Set up Global Email Filters for that domain to check the two specific To addresses and discard them, which I believe will route them to /dev/null rather than bouncing them.

 

[keat63]

I tried that shortly after posting my original thread, but I'm still seeing the outbound bounce messages.
I suspect it's because the email account doesn't exist, that the global filter doesn't work. ?

 

[keat63]

In the account cpanel, I remembered the 'default address' option, which I've now set to blackhole.
Lets see what this does over then next hour.

 

[rpvw]

I tried that shortly after posting my original thread, but I'm still seeing the outbound bounce messages.

Yes you are right. I just ran some tests and it sends the bounce message before it looks at any domain filters.

Setting the cPanel domain Default address option to Discard should blackhole it without a bounce

Discard (Not Recommended) — Select this option to delete incoming messages and do not send a failure notice.

• Important:
  We do not recommend this option, because the sender will not know that the delivery failed.

This will however impact sending mail to working accounts that may not be delivered (eg mailbox full) and the sender will never know.

Default Address - Version 76 Documentation - cPanel Documentation

 

[keat63]

There are only 2 accounts on that domain these days, niether of which have limited space and one of those is barely utilised.

 

[rpvw]

I wonder if a more elegant (and RFC acceptable) solution might be to set up an Email Account Forwarder configured to "Discard" for each of the two accounts in question; which does send to /dev/null without a bounce (tested and confirmed)

That way, mails to legitimate mailboxs will still get bounce messages as necessary

 

[cPanelLauren]

You might also set up an exim system filter - I believe that would be processed before the bounce would in either case.