View Full Version : Odd Mail Problem

10th March 2007, 22:00
Something is amiss with mail.

I don't have any catch-all mailboxes on my system and Postfix rejects 99% of unknown user email. But, at least 5 to 10 times a day unknown user email gets delivered to the server's root mailbox.

Any ideas what causes this and any ideas how to fix this?

11th March 2007, 13:06
Please check the headers of these mails, maybe they have been sent directly to a system user and then have been redirectd to the root mailbox.

11th March 2007, 13:55
I've starred at the headers and logs to find some kind of pattern but can't find anything. I never create users such as info@ or sales@ and I advise people not to do it because they are spam magnet addresses. But these are the very addresses that are being delivered to the server root.

Log example:
Mar 11 06:21:26 server postfix/smtpd[10937]: connect from unknown[]
Mar 11 06:21:27 server postfix/smtpd[10937]: 4291C1CB1EE: client=unknown[]
Mar 11 06:21:28 server postfix/cleanup[10940]: 4291C1CB1EE: message-id=<20070311112126.4291C1CB1EE@www.domain.com>
Mar 11 06:21:28 server postfix/qmgr[13032]: 4291C1CB1EE: from=<cy5fn2@zvmhrcb5qdd6.castingideal.info>, size=5282, nrcpt=1 (queue active)
Mar 11 06:21:28 server postfix/local[10941]: 4291C1CB1EE: to=<root@server.com>, orig_to=<info@domain.com>, relay=local, delay=2, status=sent (delivered to mailbox)
Mar 11 06:21:28 server postfix/qmgr[13032]: 4291C1CB1EE: removed
Mar 11 06:21:28 server postfix/smtpd[10937]: disconnect from unknown[]

The message headers show the same thing. Original to: info@domain.com and delivered to: root@server.com.

11th March 2007, 14:00
Please do a:

grep info@domain.com /etc/postfix/virtusertable to be sure that this address is really not in there. Also have a look at /etc/postfix/alias if there is a alias for info

11th March 2007, 14:16


mail :root
info : postmaster
sales : postmaster

The exact 3 that have been coming in.

removed them and ran newaliases.

Thank you Till!

11th March 2007, 16:13
Well I spoke too soon.

Mail sent to unknown user mail.domain.com is now being delivered to a mailbox called mail.

Mail to sales@domain.com is being delivered to a mailbox called sales.

11th March 2007, 20:44
Yes, because mail and sales are existing system users on your server. If you want these mails to be delivered to another mailbox, create an email address/alias for sales/mail in ISPConfig.

12th March 2007, 13:18
OK, would it be "legal" to alias those names to a non-existent mailbox so they get rejected?

I know that postmaster must accept email, but the others are nothing but spam traps.

12th March 2007, 13:40
If it's only spam, remove the users, so mail is not even accepted at MTA level. Accepting mail means you are responsible. I would create those users and optionally modify the procmailrc to move all emails to /dev/null. But anything legitimate is also gone !