Forums

Subscribe via email Subscribe via email
Subscribe via rss
Guest
or Ask a Question
Add a reply View Replies (4) →
John Jarrett
John Jarrett
Offline

Huge mail log because of numerous emails to root from arpwatch

Resolved
0 votes
Good day!

Using latest 7.8.1 and I am having a few problems with my email and in looking at my /var/log/maillog, it was huge! Line after line of emails to root from user@arpwatch or from user@arpwatch. root, not being a mail user, it is rejected. My interfaces are set up correctly but this is just too much mail going nowhere, isn't it?

How do I make it stop sending bogus emails and filling up my maillog? Arpwatch config file has no entries to send emails to or from.

Below is just a couple examples which repeat every 15 to 20 seconds.

Thanks!

John

Jun 28 03:21:27 gateway postfix/pickup[15135]: 0E3D2804D577: uid=77 from=<arpwatch>

Jun 28 03:21:27 gateway postfix/cleanup[13700]: 0E3D2804D577: message-id=<20200628102127.0E3D2804D577@mail.mydomain.com>

Jun 28 03:21:27 gateway postfix/qmgr[2324]: 0E3D2804D577: from=<arpwatch@mydomain.com>, size=687, nrcpt=1 (queue active)

Jun 28 03:21:27 gateway mailfilter: starting up (sender=arpwatch@mydomain.com, recipients=root@mydomain.com, client_address=)

Jun 28 03:21:27 gateway postfix/smtpd[13834]: connect from localhost[127.0.0.1]

Jun 28 03:21:27 gateway postfix/smtpd[13834]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <root@mydomain.com>: Recipient address rejected: User unknown in local recipient table; from=<arpwatch@mydomain.com> to=<root@mydomain.com> proto=ESMTP helo=<localhost>

Jun 28 03:21:27 gateway mailfilter: Failed to set recipient: 5.1.1 <root@mydomain.com>: Recipient address rejected: User unknown in local recipient table, code=550, original code 550 <ID: <20200628102127.0E3D2804D577@mail.mydomain.com>>, /usr/clearos/apps/mail_routing/libraries/Transport.php, 83

Jun 28 03:21:27 gateway postfix/smtpd[13834]: lost connection after RCPT from localhost[127.0.0.1]

Jun 28 03:21:27 gateway postfix/smtpd[13834]: disconnect from localhost[127.0.0.1]

Jun 28 03:21:27 gateway postfix/pipe[14437]: 0E3D2804D577: to=<root@mydomain.com>, orig_to=<root>, relay=mailprefilter, delay=0.12, delays=0.02/0/0/0.09, dsn=5.3.0, status=bounced (service unavailable. Command output: Failed to set recipient: 5.1.1 <root@mydomain.com>: Recipient address rejected: User unknown in local recipient table, code=550, original code 550)

Jun 28 03:21:27 gateway postfix/cleanup[13700]: 276A5804D598: message-id=<20200628102127.276A5804D598@mail.mydomain.com>

Jun 28 03:21:27 gateway postfix/qmgr[2324]: 276A5804D598: from=<>, size=2866, nrcpt=1 (queue active)

Jun 28 03:21:27 gateway postfix/bounce[14091]: 0E3D2804D577: sender non-delivery notification: 276A5804D598

Jun 28 03:21:27 gateway postfix/qmgr[2324]: 0E3D2804D577: removed

Jun 28 03:21:27 gateway mailfilter: starting up (sender=mailer-daemon, recipients=arpwatch@mydomain.com, client_address=)

Jun 28 03:21:27 gateway lmtp[11637]: Delivered: <20200628102127.276A5804D598@mail.mydomain.com> to mailbox: user.arpwatch

Jun 28 03:21:27 gateway lmtp[11637]: USAGE arpwatch user: 0.000575 sys: 0.002496

Jun 28 03:21:27 gateway mailfilter: filter successfully completed.

Jun 28 03:21:27 gateway mailfilter: successfully completed (sender=mailer-daemon, recipients=arpwatch@mydomain.com, client_address=, id=<20200628102127.0E3D2804D577@mail.mydomain.com>;)

Jun 28 03:21:27 gateway postfix/pipe[11284]: 276A5804D598: to=<arpwatch@mydomain.com>, relay=mailpostfilter, delay=0.16, delays=0.01/0/0/0.15, dsn=2.0.0, status=sent (delivered via mailpostfilter service)

Jun 28 03:21:27 gateway postfix/qmgr[2324]: 276A5804D598: removed

Jun 28 03:21:44 gateway postfix/pickup[15135]: 1EC91804D577: uid=77 from=<arpwatch>

Jun 28 03:21:44 gateway postfix/cleanup[13700]: 1EC91804D577: message-id=<20200628102144.1EC91804D577@mail.mydomain.com>

Jun 28 03:21:44 gateway postfix/qmgr[2324]: 1EC91804D577: from=<arpwatch@mydomain.com>, size=688, nrcpt=1 (queue active)

Jun 28 03:21:44 gateway mailfilter: starting up (sender=arpwatch@mydomain.com, recipients=root@mydomain.com, client_address=)

Jun 28 03:21:44 gateway postfix/smtpd[15113]: connect from localhost[127.0.0.1]

Jun 28 03:21:44 gateway mailfilter: Failed to set recipient: 5.1.1 <root@mydomain.com>: Recipient address rejected: User unknown in local recipient table, code=550, original code 550 <ID: <20200628102144.1EC91804D577@mail.mydomain.com>>, /usr/clearos/apps/mail_routing/libraries/Transport.php, 83

Jun 28 03:21:44 gateway postfix/smtpd[15113]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <root@mydomain.com>: Recipient address rejected: User unknown in local recipient table; from=<arpwatch@mydomain.com> to=<root@mydomain.com> proto=ESMTP helo=<localhost>

Jun 28 03:21:44 gateway postfix/smtpd[15113]: lost connection after RCPT from localhost[127.0.0.1]

Jun 28 03:21:44 gateway postfix/smtpd[15113]: disconnect from localhost[127.0.0.1]

Jun 28 03:21:44 gateway postfix/pipe[13810]: 1EC91804D577: to=<root@mydomain.com>, orig_to=<root>, relay=mailprefilter, delay=0.14, delays=0.06/0/0/0.08, dsn=5.3.0, status=bounced (service unavailable. Command output: Failed to set recipient: 5.1.1 <root@mydomain.com>: Recipient address rejected: User unknown in local recipient table, code=550, original code 550)

Jun 28 03:21:44 gateway postfix/cleanup[15164]: 38C69804D598: message-id=<20200628102144.38C69804D598@mail.mydomain.com>

Jun 28 03:21:44 gateway postfix/bounce[14091]: 1EC91804D577: sender non-delivery notification: 38C69804D598

Jun 28 03:21:44 gateway postfix/qmgr[2324]: 38C69804D598: from=<>, size=2867, nrcpt=1 (queue active)

Jun 28 03:21:44 gateway postfix/qmgr[2324]: 1EC91804D577: removed

Jun 28 03:21:44 gateway mailfilter: starting up (sender=mailer-daemon, recipients=arpwatch@mydomain.com, client_address=)

Jun 28 03:21:44 gateway lmtp[11287]: Delivered: <20200628102144.38C69804D598@mail.mydomain.com> to mailbox: user.arpwatch

Jun 28 03:21:44 gateway lmtp[11287]: USAGE arpwatch user: 0.001124 sys: 0.002368

Jun 28 03:21:44 gateway mailfilter: filter successfully completed.

Jun 28 03:21:44 gateway mailfilter: successfully completed (sender=mailer-daemon, recipients=arpwatch@mydomain.com, client_address=, id=<20200628102144.1EC91804D577@mail.mydomain.com>;)

Jun 28 03:21:44 gateway postfix/pipe[15119]: 38C69804D598: to=<arpwatch@mydomain.com>, relay=mailpostfilter, delay=0.18, delays=0.02/0/0/0.16, dsn=2.0.0, status=sent (delivered via mailpostfilter service)

Jun 28 03:21:44 gateway postfix/qmgr[2324]: 38C69804D598: removed

Jun 28 03:21:45 gateway postfix/pickup[15135]: 14B05804D577: uid=77 from=<arpwatch>

Jun 28 03:21:45 gateway postfix/cleanup[15164]: 14B05804D577: message-id=<20200628102145.14B05804D577@mail.mydomain.com>

Jun 28 03:21:45 gateway postfix/qmgr[2324]: 14B05804D577: from=<arpwatch@mydomain.com>, size=686, nrcpt=1 (queue active)

Jun 28 03:21:45 gateway mailfilter: starting up (sender=arpwatch@mydomain.com, recipients=root@mydomain.com, client_address=)

Jun 28 03:21:45 gateway postfix/smtpd[13834]: connect from localhost[127.0.0.1]

Jun 28 03:21:45 gateway postfix/smtpd[13834]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <root@mydomain.com>: Recipient address rejected: User unknown in local recipient table; from=<arpwatch@mydomain.com> to=<root@mydomain.com> proto=ESMTP helo=<localhost>

Jun 28 03:21:45 gateway mailfilter: Failed to set recipient: 5.1.1 <root@mydomain.com>: Recipient address rejected: User unknown in local recipient table, code=550, original code 550 <ID: <20200628102145.14B05804D577@mail.mydomain.com>>, /usr/clearos/apps/mail_routing/libraries/Transport.php, 83

Jun 28 03:21:45 gateway postfix/smtpd[13834]: lost connection after RCPT from localhost[127.0.0.1]

Jun 28 03:21:45 gateway postfix/smtpd[13834]: disconnect from localhost[127.0.0.1]

Jun 28 03:21:45 gateway postfix/pipe[15107]: 14B05804D577: to=<root@mydomain.com>, orig_to=<root>, relay=mailprefilter, delay=0.12, delays=0.02/0/0/0.1, dsn=5.3.0, status=bounced (service unavailable. Command output: Failed to set recipient: 5.1.1 <root@mydomain.com>: Recipient address rejected: User unknown in local recipient table, code=550, original code 550)

Jun 28 03:21:45 gateway postfix/cleanup[15164]: 3027E804D598: message-id=<20200628102145.3027E804D598@mail.mydomain.com>

Jun 28 03:21:45 gateway postfix/bounce[14091]: 14B05804D577: sender non-delivery notification: 3027E804D598

Jun 28 03:21:45 gateway postfix/qmgr[2324]: 3027E804D598: from=<>, size=2865, nrcpt=1 (queue active)

Jun 28 03:21:45 gateway postfix/qmgr[2324]: 14B05804D577: removed

Jun 28 03:21:45 gateway mailfilter: starting up (sender=mailer-daemon, recipients=arpwatch@mydomain.com, client_address=)

Jun 28 03:21:45 gateway lmtp[11637]: Delivered: <20200628102145.3027E804D598@mail.mydomain.com> to mailbox: user.arpwatch

Jun 28 03:21:45 gateway mailfilter: filter successfully completed.

Jun 28 03:21:45 gateway lmtp[11637]: USAGE arpwatch user: 0.000076 sys: 0.003838

Jun 28 03:21:45 gateway mailfilter: successfully completed (sender=mailer-daemon, recipients=arpwatch@mydomain.com, client_address=, id=<20200628102145.14B05804D577@mail.mydomain.com>;)

Jun 28 03:21:45 gateway postfix/pipe[11634]: 3027E804D598: to=<arpwatch@mydomain.com>, relay=mailpostfilter, delay=0.16, delays=0.01/0/0/0.15, dsn=2.0.0, status=sent (delivered via mailpostfilter service)

Jun 28 03:21:45 gateway postfix/qmgr[2324]: 3027E804D598: removed
In Mail Notification
Friday, July 03 2020, 09:22 PM
Subscribe via email
Share this post:
Responses (4)

  • Accepted Answer

    John Jarrett
    John Jarrett
    Offline
    Saturday, July 04 2020, 06:18 PM - #Permalink
    Resolved
    0 votes
    I wish I were a Linux/ClearOS programmer and knew a lot more about the system layout and I would tackle it. In any event, thanks Nick! I do know there are a lot of good feature requests in the queue and all good things come in time. Most everything has a work around!

    Thanks again!!!

    John
    The reply is currently minimized Show

  • Accepted Answer

    Nick Howitt
    Nick Howitt
    Offline
    Saturday, July 04 2020, 07:54 AM - #Permalink
    Resolved
    0 votes
    John Jarrett wrote:
    Shouldn't ClearOS be set up this way out of the box? By default? Feature request.
    I am in two minds about this. I block it and think the e-mails are useless, but they can have their uses if you don't have that sort of noise. The e-mails can indicate unknown coming on devices on your system. On the other hand, if you don't have root aliases to a valid user for e-mails, you get a massive build up or e-mails in /var/spool/mail/root. I'll put in an issue request against app-network-map, but it will need another panel adding to the app. I am not good at that, it takes me a long time and there are more pressing needs. If there are other takers, great!

    I've also added a small section the the Network Map documentation.
    The reply is currently minimized Show

  • Accepted Answer

    John Jarrett
    John Jarrett
    Offline
    Saturday, July 04 2020, 02:53 AM - #Permalink
    Resolved
    0 votes
    Thank-you Nick! I did Google this and STFed and didn't find it.

    Shouldn't ClearOS be set up this way out of the box? By default? Feature request.

    You are very much appreciated!

    John
    The reply is currently minimized Show

  • Accepted Answer

    Nick Howitt
    Nick Howitt
    Offline
    Friday, July 03 2020, 09:37 PM - #Permalink
    Resolved
    1 votes
    Link
    Like
    1
    The reply is currently minimized Show
Your Reply