Daniel Pocock: > Do any of the mailers (postfix, exim, etc) provide a convenient way > to exclude delivery to system accounts by default, or to exclude > these aliases and accounts from receiving mail from external senders? > Could anybody share examples of how they do it or pointers to > any blogs or wikis with examples?
The qmail convention of long standing is that an account does not receive mail in a local mailbox of its own (be that a Maildir in its home directory or an mboxrd file in /var/spool/mail) if (a) it has UID zero, (b) it has a non-existent or inaccessible home directory, (c) the account is not the owner of the home directory, or (d) the account has uppercase letters in its name. * https://manpages.debian.org/jessie/qmail/qmail-getpw.8.en.html * http://www.lifewithqmail.org/lwq.html#gotchasexim So, for examples: mail to ga...@example.com will not be delivered into a mailbox for the games user because that account is not the owner of /usr/games , its home directory. mail to sa...@example.com or usb...@example.com will not be delivered into a mailbox for the saned or usbmux users because their home directories, /home/saned and /home/usbmux, do not (normally) exist. So this is mostly not a packaging problem, and far more a question of whether your chosen mail system employs a similar convention to that of qmail. One could in theory configure exim4 to do the same, but that is not the case in Debian, where exim4 is merely configured to treat an account as a real person only unless the account name is the string "root". Similarly, postfix on Debian is configured to use the aliases mechanism to filter out rôle accounts, but the supplied default aliases file in Debian includes almost none of the rôle accounts employed by Debian packages. * https://sources.debian.net/src/exim4/4.89-2/debian/debconf/conf.d/router/900_exim4-config_local_user/ * https://sources.debian.net/src/postfix/3.1.4-4/conf/aliases/ It is to *some* extent a packaging problem inasmuch as some of the rôle user accounts that some softwares employ are created with seemingly valid home directories that exist and that they fully own. The possibly worst offences here are where people have decided to re-use service runtime directories in /run as account home directories, given that (with ~/Mailbox or ~/Maildir/ delivery) this will result in the rôle accounts' junk mail being delivered to a mailbox in /run . The avahi account has /var/run/avahi-daemon as its home directory, which it owns. Similarly, the irc account has /var/run/ircd as its home directory, which it owns. (The hplip account has /var/run/hplip, and messagebus has /var/run/dbus; but they do not own those directories.) Because of this, avahi and irc satisfy the conventional qmail criteria for being real people user accounts to whose mailboxes mail should be delivered.
