Forums

Resolved
0 votes
Good day!

Using latest 7.8.1 and I am having a few problems with my email and in looking at my /var/log/maillog, it was huge! Line after line of emails to root from user@arpwatch or from user@arpwatch. root, not being a mail user, it is rejected. My interfaces are set up correctly but this is just too much mail going nowhere, isn't it?

How do I make it stop sending bogus emails and filling up my maillog? Arpwatch config file has no entries to send emails to or from.

Below is just a couple examples which repeat every 15 to 20 seconds.

Thanks!

John

Jun 28 03:21:27 gateway postfix/pickup[15135]: 0E3D2804D577: uid=77 from=<arpwatch>
Jun 28 03:21:27 gateway postfix/cleanup[13700]: 0E3D2804D577: message-id=<20200628102127.0E3D2804D577@mail.mydomain.com>
Jun 28 03:21:27 gateway postfix/qmgr[2324]: 0E3D2804D577: from=<arpwatch@mydomain.com>, size=687, nrcpt=1 (queue active)
Jun 28 03:21:27 gateway mailfilter: starting up (sender=arpwatch@mydomain.com, recipients=root@mydomain.com, client_address=)
Jun 28 03:21:27 gateway postfix/smtpd[13834]: connect from localhost[127.0.0.1]
Jun 28 03:21:27 gateway postfix/smtpd[13834]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <root@mydomain.com>: Recipient address rejected: User unknown in local recipient table; from=<arpwatch@mydomain.com> to=<root@mydomain.com> proto=ESMTP helo=<localhost>
Jun 28 03:21:27 gateway mailfilter: Failed to set recipient: 5.1.1 <root@mydomain.com>: Recipient address rejected: User unknown in local recipient table, code=550, original code 550 <ID: <20200628102127.0E3D2804D577@mail.mydomain.com>>, /usr/clearos/apps/mail_routing/libraries/Transport.php, 83
Jun 28 03:21:27 gateway postfix/smtpd[13834]: lost connection after RCPT from localhost[127.0.0.1]
Jun 28 03:21:27 gateway postfix/smtpd[13834]: disconnect from localhost[127.0.0.1]
Jun 28 03:21:27 gateway postfix/pipe[14437]: 0E3D2804D577: to=<root@mydomain.com>, orig_to=<root>, relay=mailprefilter, delay=0.12, delays=0.02/0/0/0.09, dsn=5.3.0, status=bounced (service unavailable. Command output: Failed to set recipient: 5.1.1 <root@mydomain.com>: Recipient address rejected: User unknown in local recipient table, code=550, original code 550)
Jun 28 03:21:27 gateway postfix/cleanup[13700]: 276A5804D598: message-id=<20200628102127.276A5804D598@mail.mydomain.com>
Jun 28 03:21:27 gateway postfix/qmgr[2324]: 276A5804D598: from=<>, size=2866, nrcpt=1 (queue active)
Jun 28 03:21:27 gateway postfix/bounce[14091]: 0E3D2804D577: sender non-delivery notification: 276A5804D598
Jun 28 03:21:27 gateway postfix/qmgr[2324]: 0E3D2804D577: removed
Jun 28 03:21:27 gateway mailfilter: starting up (sender=mailer-daemon, recipients=arpwatch@mydomain.com, client_address=)
Jun 28 03:21:27 gateway lmtp[11637]: Delivered: <20200628102127.276A5804D598@mail.mydomain.com> to mailbox: user.arpwatch
Jun 28 03:21:27 gateway lmtp[11637]: USAGE arpwatch user: 0.000575 sys: 0.002496
Jun 28 03:21:27 gateway mailfilter: filter successfully completed.
Jun 28 03:21:27 gateway mailfilter: successfully completed (sender=mailer-daemon, recipients=arpwatch@mydomain.com, client_address=, id=<20200628102127.0E3D2804D577@mail.mydomain.com>;)
Jun 28 03:21:27 gateway postfix/pipe[11284]: 276A5804D598: to=<arpwatch@mydomain.com>, relay=mailpostfilter, delay=0.16, delays=0.01/0/0/0.15, dsn=2.0.0, status=sent (delivered via mailpostfilter service)
Jun 28 03:21:27 gateway postfix/qmgr[2324]: 276A5804D598: removed
Jun 28 03:21:44 gateway postfix/pickup[15135]: 1EC91804D577: uid=77 from=<arpwatch>
Jun 28 03:21:44 gateway postfix/cleanup[13700]: 1EC91804D577: message-id=<20200628102144.1EC91804D577@mail.mydomain.com>
Jun 28 03:21:44 gateway postfix/qmgr[2324]: 1EC91804D577: from=<arpwatch@mydomain.com>, size=688, nrcpt=1 (queue active)
Jun 28 03:21:44 gateway mailfilter: starting up (sender=arpwatch@mydomain.com, recipients=root@mydomain.com, client_address=)
Jun 28 03:21:44 gateway postfix/smtpd[15113]: connect from localhost[127.0.0.1]
Jun 28 03:21:44 gateway mailfilter: Failed to set recipient: 5.1.1 <root@mydomain.com>: Recipient address rejected: User unknown in local recipient table, code=550, original code 550 <ID: <20200628102144.1EC91804D577@mail.mydomain.com>>, /usr/clearos/apps/mail_routing/libraries/Transport.php, 83
Jun 28 03:21:44 gateway postfix/smtpd[15113]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <root@mydomain.com>: Recipient address rejected: User unknown in local recipient table; from=<arpwatch@mydomain.com> to=<root@mydomain.com> proto=ESMTP helo=<localhost>
Jun 28 03:21:44 gateway postfix/smtpd[15113]: lost connection after RCPT from localhost[127.0.0.1]
Jun 28 03:21:44 gateway postfix/smtpd[15113]: disconnect from localhost[127.0.0.1]
Jun 28 03:21:44 gateway postfix/pipe[13810]: 1EC91804D577: to=<root@mydomain.com>, orig_to=<root>, relay=mailprefilter, delay=0.14, delays=0.06/0/0/0.08, dsn=5.3.0, status=bounced (service unavailable. Command output: Failed to set recipient: 5.1.1 <root@mydomain.com>: Recipient address rejected: User unknown in local recipient table, code=550, original code 550)
Jun 28 03:21:44 gateway postfix/cleanup[15164]: 38C69804D598: message-id=<20200628102144.38C69804D598@mail.mydomain.com>
Jun 28 03:21:44 gateway postfix/bounce[14091]: 1EC91804D577: sender non-delivery notification: 38C69804D598
Jun 28 03:21:44 gateway postfix/qmgr[2324]: 38C69804D598: from=<>, size=2867, nrcpt=1 (queue active)
Jun 28 03:21:44 gateway postfix/qmgr[2324]: 1EC91804D577: removed
Jun 28 03:21:44 gateway mailfilter: starting up (sender=mailer-daemon, recipients=arpwatch@mydomain.com, client_address=)
Jun 28 03:21:44 gateway lmtp[11287]: Delivered: <20200628102144.38C69804D598@mail.mydomain.com> to mailbox: user.arpwatch
Jun 28 03:21:44 gateway lmtp[11287]: USAGE arpwatch user: 0.001124 sys: 0.002368
Jun 28 03:21:44 gateway mailfilter: filter successfully completed.
Jun 28 03:21:44 gateway mailfilter: successfully completed (sender=mailer-daemon, recipients=arpwatch@mydomain.com, client_address=, id=<20200628102144.1EC91804D577@mail.mydomain.com>;)
Jun 28 03:21:44 gateway postfix/pipe[15119]: 38C69804D598: to=<arpwatch@mydomain.com>, relay=mailpostfilter, delay=0.18, delays=0.02/0/0/0.16, dsn=2.0.0, status=sent (delivered via mailpostfilter service)
Jun 28 03:21:44 gateway postfix/qmgr[2324]: 38C69804D598: removed
Jun 28 03:21:45 gateway postfix/pickup[15135]: 14B05804D577: uid=77 from=<arpwatch>
Jun 28 03:21:45 gateway postfix/cleanup[15164]: 14B05804D577: message-id=<20200628102145.14B05804D577@mail.mydomain.com>
Jun 28 03:21:45 gateway postfix/qmgr[2324]: 14B05804D577: from=<arpwatch@mydomain.com>, size=686, nrcpt=1 (queue active)
Jun 28 03:21:45 gateway mailfilter: starting up (sender=arpwatch@mydomain.com, recipients=root@mydomain.com, client_address=)
Jun 28 03:21:45 gateway postfix/smtpd[13834]: connect from localhost[127.0.0.1]
Jun 28 03:21:45 gateway postfix/smtpd[13834]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <root@mydomain.com>: Recipient address rejected: User unknown in local recipient table; from=<arpwatch@mydomain.com> to=<root@mydomain.com> proto=ESMTP helo=<localhost>
Jun 28 03:21:45 gateway mailfilter: Failed to set recipient: 5.1.1 <root@mydomain.com>: Recipient address rejected: User unknown in local recipient table, code=550, original code 550 <ID: <20200628102145.14B05804D577@mail.mydomain.com>>, /usr/clearos/apps/mail_routing/libraries/Transport.php, 83
Jun 28 03:21:45 gateway postfix/smtpd[13834]: lost connection after RCPT from localhost[127.0.0.1]
Jun 28 03:21:45 gateway postfix/smtpd[13834]: disconnect from localhost[127.0.0.1]
Jun 28 03:21:45 gateway postfix/pipe[15107]: 14B05804D577: to=<root@mydomain.com>, orig_to=<root>, relay=mailprefilter, delay=0.12, delays=0.02/0/0/0.1, dsn=5.3.0, status=bounced (service unavailable. Command output: Failed to set recipient: 5.1.1 <root@mydomain.com>: Recipient address rejected: User unknown in local recipient table, code=550, original code 550)
Jun 28 03:21:45 gateway postfix/cleanup[15164]: 3027E804D598: message-id=<20200628102145.3027E804D598@mail.mydomain.com>
Jun 28 03:21:45 gateway postfix/bounce[14091]: 14B05804D577: sender non-delivery notification: 3027E804D598
Jun 28 03:21:45 gateway postfix/qmgr[2324]: 3027E804D598: from=<>, size=2865, nrcpt=1 (queue active)
Jun 28 03:21:45 gateway postfix/qmgr[2324]: 14B05804D577: removed
Jun 28 03:21:45 gateway mailfilter: starting up (sender=mailer-daemon, recipients=arpwatch@mydomain.com, client_address=)
Jun 28 03:21:45 gateway lmtp[11637]: Delivered: <20200628102145.3027E804D598@mail.mydomain.com> to mailbox: user.arpwatch
Jun 28 03:21:45 gateway mailfilter: filter successfully completed.
Jun 28 03:21:45 gateway lmtp[11637]: USAGE arpwatch user: 0.000076 sys: 0.003838
Jun 28 03:21:45 gateway mailfilter: successfully completed (sender=mailer-daemon, recipients=arpwatch@mydomain.com, client_address=, id=<20200628102145.14B05804D577@mail.mydomain.com>;)
Jun 28 03:21:45 gateway postfix/pipe[11634]: 3027E804D598: to=<arpwatch@mydomain.com>, relay=mailpostfilter, delay=0.16, delays=0.01/0/0/0.15, dsn=2.0.0, status=sent (delivered via mailpostfilter service)
Jun 28 03:21:45 gateway postfix/qmgr[2324]: 3027E804D598: removed
Friday, July 03 2020, 09:22 PM
Share this post:
Responses (4)
  • Accepted Answer

    Saturday, July 04 2020, 06:18 PM - #Permalink
    Resolved
    0 votes
    I wish I were a Linux/ClearOS programmer and knew a lot more about the system layout and I would tackle it. In any event, thanks Nick! I do know there are a lot of good feature requests in the queue and all good things come in time. Most everything has a work around!

    Thanks again!!!

    John
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, July 04 2020, 07:54 AM - #Permalink
    Resolved
    0 votes
    John Jarrett wrote:
    Shouldn't ClearOS be set up this way out of the box? By default? Feature request.
    I am in two minds about this. I block it and think the e-mails are useless, but they can have their uses if you don't have that sort of noise. The e-mails can indicate unknown coming on devices on your system. On the other hand, if you don't have root aliases to a valid user for e-mails, you get a massive build up or e-mails in /var/spool/mail/root. I'll put in an issue request against app-network-map, but it will need another panel adding to the app. I am not good at that, it takes me a long time and there are more pressing needs. If there are other takers, great!

    I've also added a small section the the Network Map documentation.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, July 04 2020, 02:53 AM - #Permalink
    Resolved
    0 votes
    Thank-you Nick! I did Google this and STFed and didn't find it.

    Shouldn't ClearOS be set up this way out of the box? By default? Feature request.

    You are very much appreciated!

    John
    The reply is currently minimized Show
  • Accepted Answer

    Friday, July 03 2020, 09:37 PM - #Permalink
    Resolved
    0 votes
    Like
    1
    The reply is currently minimized Show
Your Reply