PDA

View Full Version : Odd Mail Problem


Hawker
10th March 2007, 21:00
Something is amiss with mail.

I don't have any catch-all mailboxes on my system and Postfix rejects 99% of unknown user email. But, at least 5 to 10 times a day unknown user email gets delivered to the server's root mailbox.

Any ideas what causes this and any ideas how to fix this?

till
11th March 2007, 12:06
Please check the headers of these mails, maybe they have been sent directly to a system user and then have been redirectd to the root mailbox.

Hawker
11th March 2007, 12:55
I've starred at the headers and logs to find some kind of pattern but can't find anything. I never create users such as info@ or sales@ and I advise people not to do it because they are spam magnet addresses. But these are the very addresses that are being delivered to the server root.

Log example:
Mar 11 06:21:26 server postfix/smtpd[10937]: connect from unknown[121.7.2.161]
Mar 11 06:21:27 server postfix/smtpd[10937]: 4291C1CB1EE: client=unknown[121.7.2.161]
Mar 11 06:21:28 server postfix/cleanup[10940]: 4291C1CB1EE: message-id=<20070311112126.4291C1CB1EE@www.domain.com>
Mar 11 06:21:28 server postfix/qmgr[13032]: 4291C1CB1EE: from=<cy5fn2@zvmhrcb5qdd6.castingideal.info>, size=5282, nrcpt=1 (queue active)
Mar 11 06:21:28 server postfix/local[10941]: 4291C1CB1EE: to=<root@server.com>, orig_to=<info@domain.com>, relay=local, delay=2, status=sent (delivered to mailbox)
Mar 11 06:21:28 server postfix/qmgr[13032]: 4291C1CB1EE: removed
Mar 11 06:21:28 server postfix/smtpd[10937]: disconnect from unknown[121.7.2.161]

The message headers show the same thing. Original to: info@domain.com and delivered to: root@server.com.

till
11th March 2007, 13:00
Please do a:

grep info@domain.com /etc/postfix/virtusertable to be sure that this address is really not in there. Also have a look at /etc/postfix/alias if there is a alias for info

Hawker
11th March 2007, 13:16
BINGO!

/etc/aliases

mail :root
info : postmaster
sales : postmaster

The exact 3 that have been coming in.

removed them and ran newaliases.

Thank you Till!

Hawker
11th March 2007, 15:13
Well I spoke too soon.

Mail sent to unknown user mail.domain.com is now being delivered to a mailbox called mail.

Mail to sales@domain.com is being delivered to a mailbox called sales.

falko
11th March 2007, 19:44
Yes, because mail and sales are existing system users on your server. If you want these mails to be delivered to another mailbox, create an email address/alias for sales/mail in ISPConfig.

Hawker
12th March 2007, 12:18
OK, would it be "legal" to alias those names to a non-existent mailbox so they get rejected?

I know that postmaster must accept email, but the others are nothing but spam traps.

martinfst
12th March 2007, 12:40
If it's only spam, remove the users, so mail is not even accepted at MTA level. Accepting mail means you are responsible. I would create those users and optionally modify the procmailrc to move all emails to /dev/null. But anything legitimate is also gone !