PowerMTA Support Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

PowerMTA 5.5r1 is out!!!!  Please contact support@port25.com for a license and download access.

Author Topic: auto mailing to hostname  (Read 75954 times)

123Greetings.com

  • Jr. Member
  • **
  • Karma: +3/-6
  • Posts: 30
auto mailing to hostname
« on: December 09, 2013, 06:00:43 AM »

Hi Support;

Pls. help us resolve our problem as PMTA produces log of bounces for

root@<hostaname 0f server>.

Thanking in advance.

Peter Mckenna

123Greetings.com
Logged

Port25-Admin2

  • Global Moderator
  • Hero Member
  • *****
  • Karma: +35/-1
  • Posts: 1527
Re: auto mailing to hostname
« Reply #1 on: December 09, 2013, 07:29:56 AM »

What is the exact problem?

What do the logs or messages show or contain?
Logged

123Greetings.com

  • Jr. Member
  • **
  • Karma: +3/-6
  • Posts: 30
Re: auto mailing to hostname
« Reply #2 on: December 10, 2013, 02:05:43 AM »

Hi Admin;

Thanks for the prompt reply,

our logs shows entries as :

acct-server4-2013-12-01-0000.csv:b,2013-12-01 00:02:02-0800,2013-12-01 00:02:02-0800,root@123greetings.biz,root@123greetings.biz,,failed,5.1.0 (unknown address-related status),smtp;550 5.1.0 <root@123greetings.biz>: Sender address rejected: User unknown in relay recipient table,mx1.emailsrvr.com (173.203.2.36),invalid-sender,smtp,123greetings.biz (127.0.0.1),smtp,72.232.23.3,173.203.2.36,"ENHANCEDSTATUSCODES,PIPELINING,8BITMIME,SIZE,STARTTLS",,{default},,,123greetings.biz/{default},,<201312010802.rB1822F2029203@123greetings.biz>

our pmta server hostname = 123greetings.biz

Regards
Peter
Logged

Port25-Admin2

  • Global Moderator
  • Hero Member
  • *****
  • Karma: +35/-1
  • Posts: 1527
Re: auto mailing to hostname
« Reply #3 on: December 10, 2013, 07:05:02 AM »

These are almost certainly autogenerated messages by some custom application there (perhaps a monitoring application), since PowerMTA does not create messages from or to root@hostname. 

To troubleshoot further, you may have to enable detailed logging for messages from this submission source IP (log-data  yes) and examine the content from the log file.  Note that this is very detailed logging, so you need to be careful and not define this level logging for your main submission source IPs.

 
Logged

123Greetings.com

  • Jr. Member
  • **
  • Karma: +3/-6
  • Posts: 30
Re: auto mailing to hostname
« Reply #4 on: December 12, 2013, 02:33:51 AM »

Hi Support,

Following are the excerpts from the log after enabling the log data :

2013-12-11 23:08:01 (in 1380)accepted connection from 127.0.0.1:56231 to 127.0.0.1
2013-12-11 23:08:01 (in 1380)<<< 220 123greetings.biz ESMTP service ready
2013-12-11 23:08:01 (in 1380)>>> EHLO 123greetings.biz
2013-12-11 23:08:01 (in 1380)<<< 250-123greetings.biz says hello
2013-12-11 23:08:01 (in 1380)<<< 250-ENHANCEDSTATUSCODES
2013-12-11 23:08:01 (in 1380)<<< 250-PIPELINING
2013-12-11 23:08:01 (in 1380)<<< 250-CHUNKING
2013-12-11 23:08:01 (in 1380)<<< 250-8BITMIME
2013-12-11 23:08:01 (in 1380)<<< 250-AUTH CRAM-MD5
2013-12-11 23:08:01 (in 1380)<<< 250-AUTH=CRAM-MD5
2013-12-11 23:08:01 (in 1380)<<< 250-XACK
2013-12-11 23:08:01 (in 1380)<<< 250-XMRG
2013-12-11 23:08:01 (in 1380)<<< 250-SIZE 0
2013-12-11 23:08:01 (in 1380)<<< 250-VERP
2013-12-11 23:08:01 (in 1380)<<< 250 DSN
2013-12-11 23:08:01 (in 1380)>>> MAIL From:<root@123greetings.biz> SIZE=389 AUTH=root@123greetings.biz
2013-12-11 23:08:01 (in 1380)<<< 250 2.1.0 MAIL ok
2013-12-11 23:08:01 (in 1380)>>> RCPT To:<root@123greetings.biz>
2013-12-11 23:08:01 (in 1380)<<< 250 2.1.5 <root@123greetings.biz> ok
2013-12-11 23:08:01 (in 1380)>>> DATA
2013-12-11 23:08:01 (in 1380)<<< 354 send message
2013-12-11 23:08:01 (in 1380)<<< 250 2.6.0 message received
2013-12-11 23:08:01 (in 1380)>>> QUIT
2013-12-11 23:08:01 (in 1380)<<< 221 2.0.0 123greetings.biz says goodbye


Pls. help us to identify the unwanted service

Thanks

Peter
Logged

123Greetings.com

  • Jr. Member
  • **
  • Karma: +3/-6
  • Posts: 30
Re: auto mailing to hostname
« Reply #5 on: December 12, 2013, 07:28:24 AM »

On further investigations,

did settings

<domain 123greetings.biz>
       type file
       file-format newfile-pickup
       file-destination  /var/log/pmta/mail/log
</domain>


produced log as

123greetings log # head 0004ed53c5ab4826.msg
x-sender: root@123greetings.biz
x-receiver: root@123greetings.biz
Return-Path: <root@123greetings.biz>
Received: by 123greetings.biz id hl67ji1ic5ge for <root@123greetings.biz>; Thu, 12 Dec 2013 02:26:01 -0800 (envelope-from <root@123greetings.biz>)
Date: Thu, 12 Dec 2013 02:26:01 -0800
Message-Id: <201312121026.rBCAQ1p6010839@123greetings.biz>
From: root@123greetings.biz (Cron Daemon)
To: root@123greetings.biz
Subject: Cron <root@123greetings> /bin/sh /var/log/pmta/script/DeleteQueue.sh
Content-Type: text/plain; charset=UTF-8
123greetings log #

Crontab

*/2     *       *       *       *       /bin/sh /var/log/pmta/script/DeleteQueue.sh

DeleteQueue.sh which only clears unwanted queues by 123greetings.biz

123greetings log # head /var/log/pmta/script/DeleteQueue.sh
#! /bin/sh

/usr/sbin/pmta delete --accounting --queue=123greetings.biz/vmta-offers125
/usr/sbin/pmta delete --accounting --queue=123greetings.biz/vmta-backupIP

Now why would crontab throw a mail whenever the above pmta commands are fired.
Is there any relation with pmta settings for /usr/sbin/pmta delete --accounting with this automailing.

Thanking

Peter
Logged

Port25-Admin2

  • Global Moderator
  • Hero Member
  • *****
  • Karma: +35/-1
  • Posts: 1527
Re: auto mailing to hostname
« Reply #6 on: December 12, 2013, 07:29:35 AM »

Looks like you used the log-commands option vs. log-data.  The latter will show you message content vs. SMTP commands, and thus why it was recommended to use log-data in this scenario.

Once you use log-data, your system administrator should then be able to examine the message content in the log file to see what application he or she had installed and which is running there that is submitting these messages.
Logged

Port25-Admin2

  • Global Moderator
  • Hero Member
  • *****
  • Karma: +35/-1
  • Posts: 1527
Re: auto mailing to hostname
« Reply #7 on: December 12, 2013, 08:48:59 AM »

This is really a question for whomever wrote the scripts that are being run there.  The delete command itself creates an output response however no email is generated from the command itself, so again, all of this is due to the motivation of the person that wrote the script.
Logged

123Greetings.com

  • Jr. Member
  • **
  • Karma: +3/-6
  • Posts: 30
Re: auto mailing to hostname
« Reply #8 on: December 18, 2013, 01:53:11 AM »

Hi Admin,

We have been successfull to route cron errors elsewhere,but one of theservers continued to mail and logging produced the following results

-bash-3.2# head 0004edc8f8c94fd0.msg
x-sender:
x-receiver: newsletter@123greetings.info
Return-Path: <>
Date: Tue, 17 Dec 2013 22:15:30 -0800
From: postmaster@123greetings.info
Subject: Delivery report
To: newsletter@123greetings.info
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
    boundary="report52B13D82@123greetings.info"
-bash-3.2# head -100 0004edc8f8c94fd0.msg
x-sender:
x-receiver: newsletter@123greetings.info
Return-Path: <>
Date: Tue, 17 Dec 2013 22:15:30 -0800
From: postmaster@123greetings.info
Subject: Delivery report
To: newsletter@123greetings.info
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
    boundary="report52B13D82@123greetings.info"


--report52B13D82@123greetings.info
Content-Type: text/plain

Hello, this is the mail server on 123greetings.info.

I am sending you this message to inform you on the delivery status of a
message you previously sent.  Immediately below you will find a list of
the affected recipients;  also attached is a Delivery Status Notification
(DSN) report in standard format, as well as a copy of the original message.

  <dbestrada4@aol.com>  delivery failed; will not continue trying

--report52B13D82@123greetings.info
Content-Type: message/delivery-status

Reporting-MTA: dns;123greetings.info
X-PowerMTA-VirtualMTA: vmta-newsletter
Received-From-MTA: dns;123greetings.info (127.0.0.1)
Arrival-Date: Tue, 17 Dec 2013 22:15:02 -0800

Final-Recipient: rfc822;dbestrada4@aol.com
Action: failed
Status: 5.3.2 (system not accepting network messages)
Remote-MTA: dns;mailin-02.mx.aol.com (64.12.88.164)
Diagnostic-Code: smtp;554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html
X-PowerMTA-BounceCategory: other

--report52B13D82@123greetings.info
Content-Type: message/rfc822

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=newsl; d=123greetings.info;
 h=Date:From:Content-Type:MIME-Version:List-Unsubscribe:Message-Id:To:Subject; i=newsletter@123greetings.info;
 bh=TjI+8V9xUJmW+KEvswUlkKGwTRE=;
 b=lb1YLYKOLUES9MoXOgEguRpjm+vsJ9c9DfTuiE//CU4//Lq/aSpj7XmZeqPsqCce4oNOIbDa/utU
   Lz9kTWyKfg==
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=newsl; d=123greetings.info;
 b=EMjNcxSKvVP5RufFqDp4gf/uY/V1WKaXu9Uxdqiq5B2F2E8TNiRR69TofL6z/4lun4xHCndTam7z
   JhS6OQCqxg==;
Received: by 123greetings.info id hm4uo41bov48 for <dbestrada4@aol.com>; Tue, 17 Dec 2013 22:15:02 -0800 (envelope-from <newsletter@123greetings.info>)
Date: Tue, 17 Dec 2013 22:15:02 -0800
From: 123Greetings <newsletter@123greetings.info>
Content-Type: text/html; charset='US-ASCII'
MIME-Version: 1.0
List-Unsubscribe: <mailto:unsubscribe@123greetings.info>
Precedence: bulk
Message-Id: <613151.nl031218201302.newsletter@123greetings.info>
To: dbestrada4@aol.com
Subject: Warmest Christmas Wishes To You And Your Family-From 123Greetings.com

....

Pls. help us to stop this mailing notifications.

Thanking you;

Peter
Logged

Port25-Admin2

  • Global Moderator
  • Hero Member
  • *****
  • Karma: +35/-1
  • Posts: 1527
Re: auto mailing to hostname
« Reply #9 on: December 18, 2013, 07:27:28 AM »

The below indicates that you have configured PowerMTA to write messages to 123greetings.info to file, and you just so happen to be using this domain as your SMTP MAIL FROM domain, and thus is where PowerMTA is sending the bounce below to.  What do you want PowerMTA to do with these instead?




Hi Admin,

We have been successfull to route cron errors elsewhere,but one of theservers continued to mail and logging produced the following results

-bash-3.2# head 0004edc8f8c94fd0.msg
x-sender:
x-receiver: newsletter@123greetings.info
Return-Path: <>
Date: Tue, 17 Dec 2013 22:15:30 -0800
From: postmaster@123greetings.info
Subject: Delivery report
To: newsletter@123greetings.info
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
    boundary="report52B13D82@123greetings.info"
-bash-3.2# head -100 0004edc8f8c94fd0.msg
x-sender:
x-receiver: newsletter@123greetings.info
Return-Path: <>
Date: Tue, 17 Dec 2013 22:15:30 -0800
From: postmaster@123greetings.info
Subject: Delivery report
To: newsletter@123greetings.info
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
    boundary="report52B13D82@123greetings.info"


--report52B13D82@123greetings.info
Content-Type: text/plain

Hello, this is the mail server on 123greetings.info.

I am sending you this message to inform you on the delivery status of a
message you previously sent.  Immediately below you will find a list of
the affected recipients;  also attached is a Delivery Status Notification
(DSN) report in standard format, as well as a copy of the original message.

  <dbestrada4@aol.com>  delivery failed; will not continue trying

--report52B13D82@123greetings.info
Content-Type: message/delivery-status

Reporting-MTA: dns;123greetings.info
X-PowerMTA-VirtualMTA: vmta-newsletter
Received-From-MTA: dns;123greetings.info (127.0.0.1)
Arrival-Date: Tue, 17 Dec 2013 22:15:02 -0800

Final-Recipient: rfc822;dbestrada4@aol.com
Action: failed
Status: 5.3.2 (system not accepting network messages)
Remote-MTA: dns;mailin-02.mx.aol.com (64.12.88.164)
Diagnostic-Code: smtp;554 5.7.1 : (RLY:B1) http://postmaster.info.aol.com/errors/554rlyb1.html
X-PowerMTA-BounceCategory: other

--report52B13D82@123greetings.info
Content-Type: message/rfc822

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=newsl; d=123greetings.info;
 h=Date:From:Content-Type:MIME-Version:List-Unsubscribe:Message-Id:To:Subject; i=newsletter@123greetings.info;
 bh=TjI+8V9xUJmW+KEvswUlkKGwTRE=;
 b=lb1YLYKOLUES9MoXOgEguRpjm+vsJ9c9DfTuiE//CU4//Lq/aSpj7XmZeqPsqCce4oNOIbDa/utU
   Lz9kTWyKfg==
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=newsl; d=123greetings.info;
 b=EMjNcxSKvVP5RufFqDp4gf/uY/V1WKaXu9Uxdqiq5B2F2E8TNiRR69TofL6z/4lun4xHCndTam7z
   JhS6OQCqxg==;
Received: by 123greetings.info id hm4uo41bov48 for <dbestrada4@aol.com>; Tue, 17 Dec 2013 22:15:02 -0800 (envelope-from <newsletter@123greetings.info>)
Date: Tue, 17 Dec 2013 22:15:02 -0800
From: 123Greetings <newsletter@123greetings.info>
Content-Type: text/html; charset='US-ASCII'
MIME-Version: 1.0
List-Unsubscribe: <mailto:unsubscribe@123greetings.info>
Precedence: bulk
Message-Id: <613151.nl031218201302.newsletter@123greetings.info>
To: dbestrada4@aol.com
Subject: Warmest Christmas Wishes To You And Your Family-From 123Greetings.com

....

Pls. help us to stop this mailing notifications.

Thanking you;

Peter
Logged

123Greetings.com

  • Jr. Member
  • **
  • Karma: +3/-6
  • Posts: 30
Re: auto mailing to hostname
« Reply #10 on: December 19, 2013, 02:02:45 AM »

Hi Support;

We want PMTA to not send any mail to newsletter@123greetings.info
for any failed messages e.g.
Action: failed
Status: 5.1.1 (bad destination mailbox address)
Remote-MTA: dns;mx2.ecs.soton.ac.uk (152.78.68.137)
Diagnostic-Code: smtp;550 5.1.1 recipient <mk2g08@ecs.soton.ac.uk> denied #300 (pBI5xn009822808100)
X-PowerMTA-BounceCategory: policy-related

Pls. suggest any changes in PMTA config or elsewhere to stop reporting of these mailing service.

Regards;

Peter


Logged

Port25-Admin2

  • Global Moderator
  • Hero Member
  • *****
  • Karma: +35/-1
  • Posts: 1527
Re: auto mailing to hostname
« Reply #11 on: December 19, 2013, 07:17:43 AM »

The two options are:

1. define "deliver-local-dsn  no" in the domain definition for 123greetings.info, which would have PowerMTA not creating the DSN when the SMTP MAIL FROM of your message is this domain, but still write the bounce detail in the acct file

or

2. Not creating any messages with the SMTP MAIL FROM of 123greetings.info
Logged