Odd Mail Problem

Discussion in 'Installation/Configuration' started by Hawker, Mar 10, 2007.

  1. Hawker

    Hawker New Member

    Something is amiss with mail.

    I don't have any catch-all mailboxes on my system and Postfix rejects 99% of unknown user email. But, at least 5 to 10 times a day unknown user email gets delivered to the server's root mailbox.

    Any ideas what causes this and any ideas how to fix this?
     
  2. till

    till Super Moderator

    Please check the headers of these mails, maybe they have been sent directly to a system user and then have been redirectd to the root mailbox.
     
  3. Hawker

    Hawker New Member

    I've starred at the headers and logs to find some kind of pattern but can't find anything. I never create users such as info@ or sales@ and I advise people not to do it because they are spam magnet addresses. But these are the very addresses that are being delivered to the server root.

    Log example:
    Code:
    Mar 11 06:21:26 server postfix/smtpd[10937]: connect from unknown[121.7.2.161]
    Mar 11 06:21:27 server postfix/smtpd[10937]: 4291C1CB1EE: client=unknown[121.7.2.161]
    Mar 11 06:21:28 server postfix/cleanup[10940]: 4291C1CB1EE: message-id=<20070311112126.4291C1CB1EE@www.domain.com>
    Mar 11 06:21:28 server postfix/qmgr[13032]: 4291C1CB1EE: from=<cy5fn2@zvmhrcb5qdd6.castingideal.info>, size=5282, nrcpt=1 (queue active)
    Mar 11 06:21:28 server postfix/local[10941]: 4291C1CB1EE: to=<root@server.com>, orig_to=<info@domain.com>, relay=local, delay=2, status=sent (delivered to mailbox)
    Mar 11 06:21:28 server postfix/qmgr[13032]: 4291C1CB1EE: removed
    Mar 11 06:21:28 server postfix/smtpd[10937]: disconnect from unknown[121.7.2.161]
    The message headers show the same thing. Original to: info@domain.com and delivered to: root@server.com.
     
  4. till

    till Super Moderator

    Please do a:

    grep info@domain.com /etc/postfix/virtusertable to be sure that this address is really not in there. Also have a look at /etc/postfix/alias if there is a alias for info
     
  5. Hawker

    Hawker New Member

    BINGO!

    /etc/aliases

    mail :root
    info : postmaster
    sales : postmaster

    The exact 3 that have been coming in.

    removed them and ran newaliases.

    Thank you Till!
     
  6. Hawker

    Hawker New Member

    Well I spoke too soon.

    Mail sent to unknown user mail.domain.com is now being delivered to a mailbox called mail.

    Mail to sales@domain.com is being delivered to a mailbox called sales.
     
  7. falko

    falko Super Moderator

    Yes, because mail and sales are existing system users on your server. If you want these mails to be delivered to another mailbox, create an email address/alias for sales/mail in ISPConfig.
     
  8. Hawker

    Hawker New Member

    OK, would it be "legal" to alias those names to a non-existent mailbox so they get rejected?

    I know that postmaster must accept email, but the others are nothing but spam traps.
     
  9. martinfst

    martinfst HowtoForge Supporter

    If it's only spam, remove the users, so mail is not even accepted at MTA level. Accepting mail means you are responsible. I would create those users and optionally modify the procmailrc to move all emails to /dev/null. But anything legitimate is also gone !
     

Share This Page