Hi, Brian - On 17 February 2017 at 00:45, ping murder <[email protected]> wrote:
> re-reading your reply - it looks like an ACL might work (as long as cPanel > updates don't clear them out) but would you have an example of a discard > ACL for all mail? Assuming I'm not going totally crackers (it is Friday, after all!), wouldn't this ACL do the job? In your *acl_smtp_mail* ACL put the one line discard With no conditions in place it'll always operate. In the *Exim Specification* section *13. ACL return codes <http://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html#SECID196>* says: If the ACL for MAIL returns “discard”, all recipients are discarded, and no ACL is run for subsequent RCPT commands. The effect of “discard” in a RCPT ACL is to discard just the one recipient address. If there are no recipients left when the message’s data is received, the DATA ACL is not run. Do having the ACL that runs in response the MAIL FROM that selects *discard* unconditionally should discard all recipients for that incoming message, meaning the message won't be delivered. Using *discard* rather than *deny* means the sending system thinks their message has been accepted so removes the outgoing message from its queue. The receiving Exim discards it. Done. Well, maybe not quite: you probably need an equivalent *acl_not_smtp* ACL entry to also pick up and discard messages being submitted on the WP server from the command line — eg, being piped into the exim/mail/sendmail commands. However as Chris suggests, you might find it valuable to create an SMTP server that accepts and silently discards all incoming mail (eg, using the above) and have your numerous client PHP servers send their email to it. That would indeed give you a single place where all attempts to send outgoing message would go so you could monitor its logs and look for unexpected activity, helping to idnetify WP systems that had been compromised. Cheers, Mike B-) -- Systems Administrator & Change Manager IT Services, University of York, Heslington, York YO10 5DD, UK Tel: +44-(0)1904-323811 Web: www.york.ac.uk/it-services Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
