We are running a mail server and redirecting all mails for former users via an entry in the /etc/aliases file. Unfortunately, we appeared on some spam detection services. I checked our mail logs, there are no indication that some of our hosts are sending SPAM themselves, so this must be our forwards. When users get SPAM, this will be forwarded to their external address. So, we are not sending SPAM, we are relaying it.
To stop this, I invented the following solution:
In /etc/aliases, we do not set a forward for this user, but a pipe:
testuser: /usr/bin/procmail -t -m FORWARD=testuser /etc/procmailrc
The /etc/procmailrc contains the following:
:0
* X-Spam-Level: \*\*\*\*\*\*
{ EXITCODE=77 HOST }
:0
! `cat /etc/forwards/$FORWARD`
Now, we just have to create a file in /etc/forwards for each user, e.g. /etc/forwards/testuser:
new-address@example.com