#1  
Old 10th March 2007, 21:00
Hawker Hawker is offline
Senior Member
  
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default Odd Mail Problem
Something is amiss with mail.

I don't have any catch-all mailboxes on my system and Postfix rejects 99% of unknown user email. But, at least 5 to 10 times a day unknown user email gets delivered to the server's root mailbox.

Any ideas what causes this and any ideas how to fix this?
Reply With Quote
Sponsored Links
  #2  
Old 11th March 2007, 12:06
till till is offline
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 31,872
Thanks: 689
Thanked 4,185 Times in 3,202 Posts
Default
Please check the headers of these mails, maybe they have been sent directly to a system user and then have been redirectd to the root mailbox.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 11th March 2007, 12:55
Hawker Hawker is offline
Senior Member
  
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default
I've starred at the headers and logs to find some kind of pattern but can't find anything. I never create users such as info@ or sales@ and I advise people not to do it because they are spam magnet addresses. But these are the very addresses that are being delivered to the server root.

Log example:
Code:
Mar 11 06:21:26 server postfix/smtpd[10937]: connect from unknown[121.7.2.161]
Mar 11 06:21:27 server postfix/smtpd[10937]: 4291C1CB1EE: client=unknown[121.7.2.161]
Mar 11 06:21:28 server postfix/cleanup[10940]: 4291C1CB1EE: message-id=<20070311112126.4291C1CB1EE@www.domain.com>
Mar 11 06:21:28 server postfix/qmgr[13032]: 4291C1CB1EE: from=<cy5fn2@zvmhrcb5qdd6.castingideal.info>, size=5282, nrcpt=1 (queue active)
Mar 11 06:21:28 server postfix/local[10941]: 4291C1CB1EE: to=<root@server.com>, orig_to=<info@domain.com>, relay=local, delay=2, status=sent (delivered to mailbox)
Mar 11 06:21:28 server postfix/qmgr[13032]: 4291C1CB1EE: removed
Mar 11 06:21:28 server postfix/smtpd[10937]: disconnect from unknown[121.7.2.161]
The message headers show the same thing. Original to: info@domain.com and delivered to: root@server.com.
Reply With Quote
  #4  
Old 11th March 2007, 13:00
till till is offline
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 31,872
Thanks: 689
Thanked 4,185 Times in 3,202 Posts
Default
Please do a:

grep info@domain.com /etc/postfix/virtusertable to be sure that this address is really not in there. Also have a look at /etc/postfix/alias if there is a alias for info
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 11th March 2007, 13:16
Hawker Hawker is offline
Senior Member
  
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default
BINGO!

/etc/aliases

mail :root
info : postmaster
sales : postmaster

The exact 3 that have been coming in.

removed them and ran newaliases.

Thank you Till!
Reply With Quote
  #6  
Old 11th March 2007, 15:13
Hawker Hawker is offline
Senior Member
  
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default
Well I spoke too soon.

Mail sent to unknown user mail.domain.com is now being delivered to a mailbox called mail.

Mail to sales@domain.com is being delivered to a mailbox called sales.
Reply With Quote
  #7  
Old 11th March 2007, 19:44
falko falko is offline
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,665
Thanks: 1,896
Thanked 2,592 Times in 2,443 Posts
Default
Yes, because mail and sales are existing system users on your server. If you want these mails to be delivered to another mailbox, create an email address/alias for sales/mail in ISPConfig.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 12th March 2007, 12:18
Hawker Hawker is offline
Senior Member
  
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default
OK, would it be "legal" to alias those names to a non-existent mailbox so they get rejected?

I know that postmaster must accept email, but the others are nothing but spam traps.
Reply With Quote
  #9  
Old 12th March 2007, 12:40
martinfst martinfst is offline
Senior Member
  
Join Date: Dec 2006
Location: Hilversum, The Netherlands
Posts: 880
Thanks: 1
Thanked 16 Times in 15 Posts
Send a message via MSN to martinfst Send a message via Skype™ to martinfst
 
Default
If it's only spam, remove the users, so mail is not even accepted at MTA level. Accepting mail means you are responsible. I would create those users and optionally modify the procmailrc to move all emails to /dev/null. But anything legitimate is also gone !
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix & mail forwarding loop varnik Server Operation 21 9th December 2008 15:13
Postfix reject connections gabrix Server Operation 27 25th January 2007 08:37
postfix-tls sasl2 mysql courier-authmysql gabrix Server Operation 4 12th January 2007 22:09
Core 4: Error Messages on Fresh Install re CTX/SSL jjw Installation/Configuration 30 6th September 2006 12:16
Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAs ebbay Installation/Configuration 9 4th March 2006 11:47


All times are GMT +2. The time now is 03:38.

Contact Us - HowtoForge - Linux Howtos and Tutorials - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.