Mail Errors: Bounced, Unknown User

Discussion in 'Installation/Configuration' started by linus3x, Nov 8, 2010.

  1. linus3x

    linus3x New Member

    I just set up a new ISPConfig 3 Debian Lenny system in Production and I’ve been going over the error logs, tightening things up, etc. I followed the Perfect Server tutorial, the one with Courier and MyDNS.

    This morning, I noticed over 30 errors like the following that accumulated over the weekend in /var/log/mail.log:

    Nov  8 10:35:10 ServerID postfix/local[1032]: 40D1E12646: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=0.06, delays=0.01/0.02/0/0.02, dsn=5.1.1, status=bounced (unknown user: "admin1")
    Here’s the thing – I didn’t set up a user named “admin1” on this system. I’m guessing that admin1 is a leftover from a previous installation that my hosting provider did. But that’s just a guess.

    I searched the hard drive for admin1 and, besides the error logs, I found the following match:

    Binary file /etc/aliases.db matches
    /etc/aliases:root: admin1
    How can I solve these errors?

    Is there any way to clean up the aliases.db file given that I don't have the original?

    Is there any way to know which program is sending out these emails and maybe correct the address there?

    Or is there some other simpler way?
  2. linus3x

    linus3x New Member

    More Information

    I did a grep for anything with admin1 in it and I see the following ISPConfig-looking entries:

    Binary file /var/lib/mysql/dbispconfig/monitor_data.MYD matches
    /var/cache/debconf/config.dat-old:Value: admin1
    /var/cache/debconf/config.dat-old:Value: admin1
    /var/cache/debconf/config.dat:Value: admin1
    /var/cache/debconf/config.dat:Value: admin1

    Could that be anything?
  3. linus3x

    linus3x New Member

    Found It

    Never mind - dug around this afternoon and found the culprit.

    munin creates two cron files on Debian in /etc/cron.d called munin and munin-node. Both of these files have MAILTO specified at the top. They were trying to send mail to root who doesn't have a mail account defined. I went in and changed MAILTO to a real address and now the mail is getting sent.

    As to why it was substituting in a non-existent alias of "admin1" I have no idea.

Share This Page