#1  
Old 10th March 2007, 22:00
Hawker Hawker is offline
Senior Member
 
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default Odd Mail Problem

Something is amiss with mail.

I don't have any catch-all mailboxes on my system and Postfix rejects 99% of unknown user email. But, at least 5 to 10 times a day unknown user email gets delivered to the server's root mailbox.

Any ideas what causes this and any ideas how to fix this?
Reply With Quote
Sponsored Links
  #2  
Old 11th March 2007, 13:06
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,495
Thanks: 835
Thanked 5,535 Times in 4,353 Posts
Default

Please check the headers of these mails, maybe they have been sent directly to a system user and then have been redirectd to the root mailbox.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 11th March 2007, 13:55
Hawker Hawker is offline
Senior Member
 
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default

I've starred at the headers and logs to find some kind of pattern but can't find anything. I never create users such as info@ or sales@ and I advise people not to do it because they are spam magnet addresses. But these are the very addresses that are being delivered to the server root.

Log example:
Code:
Mar 11 06:21:26 server postfix/smtpd[10937]: connect from unknown[121.7.2.161]
Mar 11 06:21:27 server postfix/smtpd[10937]: 4291C1CB1EE: client=unknown[121.7.2.161]
Mar 11 06:21:28 server postfix/cleanup[10940]: 4291C1CB1EE: message-id=<20070311112126.4291C1CB1EE@www.domain.com>
Mar 11 06:21:28 server postfix/qmgr[13032]: 4291C1CB1EE: from=<cy5fn2@zvmhrcb5qdd6.castingideal.info>, size=5282, nrcpt=1 (queue active)
Mar 11 06:21:28 server postfix/local[10941]: 4291C1CB1EE: to=<root@server.com>, orig_to=<info@domain.com>, relay=local, delay=2, status=sent (delivered to mailbox)
Mar 11 06:21:28 server postfix/qmgr[13032]: 4291C1CB1EE: removed
Mar 11 06:21:28 server postfix/smtpd[10937]: disconnect from unknown[121.7.2.161]
The message headers show the same thing. Original to: info@domain.com and delivered to: root@server.com.
Reply With Quote
  #4  
Old 11th March 2007, 14:00
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,495
Thanks: 835
Thanked 5,535 Times in 4,353 Posts
Default

Please do a:

grep info@domain.com /etc/postfix/virtusertable to be sure that this address is really not in there. Also have a look at /etc/postfix/alias if there is a alias for info
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 11th March 2007, 14:16
Hawker Hawker is offline
Senior Member
 
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default

BINGO!

/etc/aliases

mail :root
info : postmaster
sales : postmaster

The exact 3 that have been coming in.

removed them and ran newaliases.

Thank you Till!
Reply With Quote
  #6  
Old 11th March 2007, 16:13
Hawker Hawker is offline
Senior Member
 
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default

Well I spoke too soon.

Mail sent to unknown user mail.domain.com is now being delivered to a mailbox called mail.

Mail to sales@domain.com is being delivered to a mailbox called sales.
Reply With Quote
  #7  
Old 11th March 2007, 20:44
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

Yes, because mail and sales are existing system users on your server. If you want these mails to be delivered to another mailbox, create an email address/alias for sales/mail in ISPConfig.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 12th March 2007, 13:18
Hawker Hawker is offline
Senior Member
 
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default

OK, would it be "legal" to alias those names to a non-existent mailbox so they get rejected?

I know that postmaster must accept email, but the others are nothing but spam traps.
Reply With Quote
  #9  
Old 12th March 2007, 13:40
martinfst martinfst is offline
Senior Member
 
Join Date: Dec 2006
Location: Hilversum, The Netherlands
Posts: 880
Thanks: 1
Thanked 18 Times in 17 Posts
Send a message via MSN to martinfst Send a message via Skype™ to martinfst
 
Default

If it's only spam, remove the users, so mail is not even accepted at MTA level. Accepting mail means you are responsible. I would create those users and optionally modify the procmailrc to move all emails to /dev/null. But anything legitimate is also gone !
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix & mail forwarding loop varnik Server Operation 21 9th December 2008 16:13
Postfix reject connections gabrix Server Operation 27 25th January 2007 09:37
postfix-tls sasl2 mysql courier-authmysql gabrix Server Operation 4 12th January 2007 23:09
Core 4: Error Messages on Fresh Install re CTX/SSL jjw Installation/Configuration 30 6th September 2006 13:16
Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAs ebbay Installation/Configuration 9 4th March 2006 12:47


All times are GMT +2. The time now is 11:48.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.