l01Hs58h017693: l01IJ3hJ020471: postmaster notify: User unknown
l01IJ3hJ020471: l01IJ3hK020471: return to sender: User unknown
l01IJ3hJ020471: Losing ./qfl01IJ3hJ020471: savemail panic
l01IJ3hJ020471: SYSERR(root): savemail: cannot save rejected email anywhere
l01I0cHb018314: l01IJ3hL020471: postmaster notify: User unknown
l01IJ3hL020471: l01IJ3hM020471: return to sender: User unknown
l01IJ3hL020471: Losing ./qfl01IJ3hL020471: savemail panic
l01IJ3hL020471: SYSERR(root): savemail: cannot save rejected email anywhere
l01Hsb2k017605: l01IJ3hN020471: postmaster notify: User unknown
l01IJ3hN020471: l01IJ3hO020471: return to sender: User unknown
I have never seen this before. Can someone please explain what causes this
messages? Anyhting I should be aware of?
--
Jørn Dahl-Stamnes
http://www.dahl-stamnes.net/dahls/
Have you defined postmaster alias in aliases file?
[ in /etc/mail/ or /etc/ directory, run newaliases after modifications]
To test deliveries to postmaster use test command below:
sendmail -d27.2 -bv postmaster
--
[pl2en: Andrew] Andrzej Adam Filip : an...@priv.onet.pl : an...@xl.wp.pl
Before You Ask: http://anfi.homeunix.net/sendmail/B4UAsk-Sendmail.html
http://anfi.homeunix.net/sendmail/
> Jřrn Dahl-Stamnes <newsma...@REMOVEdahl-stamnes.net> writes:
>
>> The following text was generated by logwatch when
>> analyzing /var/log/maillog:
>>
>> l01Hs58h017693: l01IJ3hJ020471: postmaster notify: User unknown
>> l01IJ3hJ020471: l01IJ3hK020471: return to sender: User unknown
>> l01IJ3hJ020471: Losing ./qfl01IJ3hJ020471: savemail panic
>> l01IJ3hJ020471: SYSERR(root): savemail: cannot save rejected email
>> anywhere l01I0cHb018314: l01IJ3hL020471: postmaster notify: User unknown
>> l01IJ3hL020471: l01IJ3hM020471: return to sender: User unknown
>> l01IJ3hL020471: Losing ./qfl01IJ3hL020471: savemail panic
>> l01IJ3hL020471: SYSERR(root): savemail: cannot save rejected email
>> anywhere l01Hsb2k017605: l01IJ3hN020471: postmaster notify: User unknown
>> l01IJ3hN020471: l01IJ3hO020471: return to sender: User unknown
>>
>> I have never seen this before. Can someone please explain what causes
>> this messages? Anyhting I should be aware of?
>
> Have you defined postmaster alias in aliases file?
No, I have removed it to avoid spam messages. Before I removed it (which I
didt 2 years ago), I recieved 10-20 spams every day to postmaster@...
This is the first time I see this kinds of messages, even if the postmaster
alias has been disabled. I have never seen a "savemail panic" message
before.
--
Jřrn Dahl-Stamnes
http://www.dahl-stamnes.net/dahls/
>>> The following text was generated by logwatch when
>>> analyzing /var/log/maillog:
>>> l01Hs58h017693: l01IJ3hJ020471: postmaster notify: User unknown
>>> l01IJ3hJ020471: l01IJ3hK020471: return to sender: User unknown
>>> l01IJ3hJ020471: Losing ./qfl01IJ3hJ020471: savemail panic
>>> l01IJ3hJ020471: SYSERR(root): savemail: cannot save rejected email
[..]
>> Have you defined postmaster alias in aliases file?
> No, I have removed it to avoid spam messages. Before I removed it (which I
> didt 2 years ago), I recieved 10-20 spams every day to postmaster@...
;(
Iirc this account is required by RFC. You will end up here, if
you aren't already:
--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvp...@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 280: Traceroute says that there is a routing
problem in the backbone. It's not our problem.
> In comp.mail.sendmail J?rn Dahl-Stamnes
> <newsma...@removedahl-stamnes.net>:
>> Andrzej Adam Filip wrote:
>>> J?rn Dahl-Stamnes <newsma...@REMOVEdahl-stamnes.net> writes:
>
>>>> The following text was generated by logwatch when
>>>> analyzing /var/log/maillog:
>
>>>> l01Hs58h017693: l01IJ3hJ020471: postmaster notify: User unknown
>>>> l01IJ3hJ020471: l01IJ3hK020471: return to sender: User unknown
>>>> l01IJ3hJ020471: Losing ./qfl01IJ3hJ020471: savemail panic
>>>> l01IJ3hJ020471: SYSERR(root): savemail: cannot save rejected email
> [..]
>
>>> Have you defined postmaster alias in aliases file?
>
>> No, I have removed it to avoid spam messages. Before I removed it (which
>> I didt 2 years ago), I recieved 10-20 spams every day to postmaster@...
>
> ;(
>
> Iirc this account is required by RFC. You will end up here, if
> you aren't already:
Even if the postmaster is forwared to /dev/null? After all, the postmaster
account is loved by spammers...
This looks like syslog entries for a ""lost message. The message in
question is probably a bounce that turned in to a double bounce. Try
looking in to using "define(`confDOUBLE_BOUNCE_ADDRESS',
`us...@domain.tld')" to direct double bounces somewhere. If you do not
want to see double bounce notifications, route them to /dev/null. This
should help make Sendmail happier.
Grant. . . .
=?ISO-8859-1?Q?J=F8rn?= Dahl-Stamnes <newsma...@REMOVEdahl-stamnes.net> writes:
>Michael Heiming wrote:
>> Iirc this account is required by RFC. You will end up here, if
>> you aren't already:
>> http://www.rfc-ignorant.org/
>Even if the postmaster is forwared to /dev/null? After all, the postmaster
>account is loved by spammers...
It is better to forward postmaster to /dev/null than to not have a
postmaster email address.
I'm inclined to challenge your assertion "After all, the postmaster
account is loved by spammers..." Sure, the postmaster address
receives spam. But, at least on my systems, it receives far less
spam than do many regular addresses.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFFnBmYvmGe70vHPUMRAsMuAKDq47C8XXrKI1pBoo30BLuAnVEIdACgudFu
+brkedRtYk7hYvoNxu8HpkQ=
=Jt7d
-----END PGP SIGNATURE-----
>> In comp.mail.sendmail J?rn Dahl-Stamnes
>> <newsma...@removedahl-stamnes.net>:
>>> Andrzej Adam Filip wrote:
>>>> J?rn Dahl-Stamnes <newsma...@REMOVEdahl-stamnes.net> writes:
[ no postmaster account? ]
>>>> Have you defined postmaster alias in aliases file?
>>> No, I have removed it to avoid spam messages. Before I removed it (which
>>> I didt 2 years ago), I recieved 10-20 spams every day to postmaster@...
>> ;(
>> Iirc this account is required by RFC. You will end up here, if
>> you aren't already:
> http://www.rfc-ignorant.org/
> Even if the postmaster is forwared to /dev/null? After all, the postmaster
> account is loved by spammers...
These days? I can hardly remember much if any spam to this
account lately, a couple of years ago I'd agreed with you.
--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvp...@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 147: Party-bug in the Aloha protocol.
> In comp.mail.sendmail J?rn Dahl-Stamnes
>> Even if the postmaster is forwared to /dev/null? After all, the
>> postmaster account is loved by spammers...
>
> These days? I can hardly remember much if any spam to this
> account lately, a couple of years ago I'd agreed with you.
Yes, postmaster@, uucp@ and mail@ is the 3 most used adresses which the
spammers try to use, unless I shall count all spam messages that use a
faked non-existent from-adresses at my domain.
During 24 hours I can receive over 5000 messages to bettab<???>@ where <???>
is some random character. The bettab<???> is used in the from messages. The
source are mail relays all over the world. But some are worse than other,
like tnetmx.telefonica.net (spain).
> Yes, postmaster@, uucp@ and mail@ is the 3 most used adresses which the
> spammers try to use, unless I shall count all spam messages that use a
> faked non-existent from-adresses at my domain.
Really? I get hardly any spam to my postmaster@ address. Since Dec
31, I've had 45 attempted e-mail attempts to postmaster (daily mail
volume is typically a couple of thousand.) None of the postmaster e-mails
got through because *every single one* was stopped by greylisting.
In the same time frame, I had 928 attempts to my primary address
dfsATroaringpenguinDOTcom.
Regards,
David.
Seconded, rechecking some logs there are about zero attempts to
deliver spam to postmaster accounts in weeks. It would although
be the most idiotic thing any spammer could do, chances aren't
that bad to piss of some people who will for sure hunt down the
IP and make it unusable for the spammer.
--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvp...@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 236: Fanout dropping voltage too much, try cutting
some of those little traces
Compared to mails to non-existant addresses, the amount of spam to legal
addresses is none. This is the output of the logwatch for the last 24
hours:
Unknown users:
bett...@dahl-stamnes.net: 22 Times(s)
mail-116792...@dahl-stamnes.net: 1 Times(s)
mailin-01.de.maxdata....@dahl-stamnes.net: 1 Times(s)
yy...@dahl-stamnes.net: 1 Times(s)
mail.matrix.odessa.u...@dahl-stamnes.net: 1 Times(s)
bett...@dahl-stamnes.net: 3 Times(s)
VUHBA...@dahl-stamnes.net: 4 Times(s)
bett...@dahl-stamnes.net: 17 Times(s)
mail.zm.celtelplus.c...@dahl-stamnes.net: 1 Times(s)
mx.lc-1.netline.cl...@dahl-stamnes.net: 1 Times(s)
betta...@dahl-stamnes.net: 85 Times(s)
+._-betta...@dahl-stamnes.net: 8 Times(s)
bett...@dahl-stamnes.net: 1 Times(s)
bett...@dahl-stamnes.net: 1 Times(s)
bett...@dahl-stamnes.net: 3090 Times(s)
FKIRHB...@dahl-stamnes.net: 4 Times(s)
frodo.thd1.uk.umis.n...@dahl-stamnes.net: 1 Times(s)
iris-ptc.zol.co.zw...@dahl-stamnes.net: 1 Times(s)
XRRJHB...@dahl-stamnes.net: 15 Times(s)
bett...@dahl-stamnes.net: 30 Times(s)
betta...@DAHL-STAMNES.NET: 3 Times(s)
iris-ptc.zol.co.zw...@dahl-stamnes.net: 1 Times(s)
iris-ptc.zol.co.zw...@dahl-stamnes.net: 1 Times(s)
betta...@dahl-stamnes.net: 1 Times(s)
bett...@dahl-stamnes.net: 20 Times(s)
betta...@dahl-stamnes.net: 3 Times(s)
betta...@dahl-stamnes.net: 3 Times(s)
Cerberus.myhost.co.z...@dahl-stamnes.net: 1 Times(s)
beckton.brain.int.dbplc...@dahl-stamnes.net: 1
Times(s)
betta...@DAHL-STAMNES.NET: 1 Times(s)
betta...@dahl-stamnes.net: 5 Times(s)
betta...@dahl-stamnes.net: 4605 Times(s)
mav1.ufmg.br-11...@dahl-stamnes.net: 1 Times(s)
HHBA...@dahl-stamnes.net: 1 Times(s)
vuhba...@dahl-stamnes.net: 1 Times(s)
bett...@dahl-stamnes.net: 1 Times(s)
relay-loc.dcunet.or...@dahl-stamnes.net: 1 Times(s)
betta...@dahl-stamnes.net: 2 Times(s)
betta...@dahl-stamnes.net: 1425 Times(s)
+._-bett...@dahl-stamnes.net: 6 Times(s)
bett...@dahl-stamnes.net: 1 Times(s)
bett...@dahl-stamnes.net: 1 Times(s)
bett...@dahl-stamnes.net: 9 Times(s)
relay.itsinternet.ne...@dahl-stamnes.net: 1 Times(s)
callout-check-bajaja...@dahl-stamnes.net: 1 Times(s)
bett...@dahl-stamnes.net: 1 Times(s)
bett...@DAHL-STAMNES.NET: 2 Times(s)
+._-betta...@dahl-stamnes.net: 14 Times(s)
I have no idea where the as*ls has got the bettab*** addresse from. There
has never been any account/e-mail addresses like it on my domain.
I also wonder the source of the *testing*@ addresses. Any kind of legal
test?