After upgrade to 10.1.16p1 Maldua FOSS, I noticed 1411 mails sended every day by mail.domain.com (my domain)!
I've looked up in zimbra.log and I've found a lot of this:
00:04:49 mail zmconfigd[1669]: Fetching All configs
Apr 4 00:04:49 mail zmconfigd[1669]: All configs fetched in 0.07 seconds
Apr 4 00:05:00 mail /postfix-script[1534973]: the Postfix mail system is running: PID: 15781
Apr 4 00:05:01 mail postfix/pickup[1508636]: ED91B802A9: uid=0 from=<root>
Apr 4 00:05:01 mail postfix/cleanup[1520078]: ED91B802A9: message-id=<20260403210501.ED91B802A9@mail.domain.com>
Apr 4 00:05:01 mail postfix/qmgr[15784]: ED91B802A9: from=<root@mail.domain.com>, size=618, nrcpt=1 (queue active)
Apr 4 00:05:01 mail amavis[1435540]: process_request: fileno sock=19, STDIN=0, STDOUT=1
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) ESMTP :10024 /opt/zimbra/data/amavisd/tmp/amavis-20260403T221032-1435540-SVDvvc19: <root@mail.domain.com> -> <root@mail.domain.com> SIZE=618 BODY=8BITMIME Received: from mail.domain.com ([127.0.0.1]) by localhost (mail.domain.com [127.0.0.1]) (amavis, port 10024) with ESMTP for <root@mail.domain.com>; Sat, 4 Apr 2026 00:05:02 +0300 (EEST)
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) smtp connection cache, dt: 539.5, state: 0
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) body hash: 15a1f9e5e7b2ff567e6c0e5d2085afb5
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) trace: ESMTP://[127.0.0.1]:42032 < x
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) client IP address unknown, fetched from Received: 127.0.0.1
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) Checking: 0HlDqUXwXZTv [127.0.0.1] <root@mail.domain.com> -> <root@mail.domain.com>
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) 2822.From: <root@mail.domain.com>
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) p001 1 Content-Type: text/plain, 8bit, size: 68, SHA1 digest: 765fd34e4e6c522107a8252dd59e3fb46e9ecb03
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) inspect_dsn: not a bounce
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) Checking for banned types and filenames
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) collect banned table[0]: root@mail.domain.com, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x556e16fe4978)
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) p.path root@mail.domain.com: "P=p001,L=1,M=text/plain,T=asc"
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) presenting full original message to scanners as /opt/zimbra/data/amavisd/tmp/amavis-20260403T221032-1435540-SVDvvc19/parts/p002
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) run_av Using (ClamAV-clamd): (code) CONTSCAN /opt/zimbra/data/amavisd/tmp/amavis-20260403T221032-1435540-SVDvvc19/parts\n
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) ClamAV-clamd: Connecting to socket /opt/zimbra/data/clamav/clamav.sock
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) new socket by IO::Socket::UNIX to /opt/zimbra/data/clamav/clamav.sock, timeout set to 10
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) verifycn_name:
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) ClamAV-clamd: Sending CONTSCAN /opt/zimbra/data/amavisd/tmp/amavis-20260403T221032-1435540-SVDvvc19/parts\n to socket /opt/zimbra/data/clamav/clamav.sock
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) rw_loop read: got eof
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) run_av (ClamAV-clamd): CLEAN
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) run_av (ClamAV-clamd) result: clean
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) calling SA parse (0), SA vers 4.0.1, 4.000001, data as STRING_REF, recips_ind [0], user: "zimbra"
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) spam_scan: score=-1.9 autolearn=ham autolearn_force=no tests=[BAYES_00=-1.9,NO_RELAYS=-0.001,URIBL_DBL_BLOCKED_OPENDNS=0.001] recips=0
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) mangling NO: 0 (was: disclaimer), discl_allowed=0, <root@mail.domain.com> -> <root@mail.domain.com>
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) do_notify_and_quar: ccat=CleanTag (1,1) ("1,1":CleanTag, "1":Clean, "0":CatchAll) ccat_block=(), qar_mth=
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) delivery method is 1, recips: root@mail.domain.com
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) spam-tag, <root@mail.domain.com> -> <root@mail.domain.com>, No, score=-1.9 required=6.6 tests=[BAYES_00=-1.9, NO_RELAYS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) smtp session: setting up a new session
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) new socket using IO::Socket::IP to [127.0.0.1]:10025, timeout 35
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) verifycn_name: 127.0.0.1
Apr 4 00:05:02 mail postfix/amavisd/smtpd[1515545]: connect from localhost[127.0.0.1]
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) smtp greeting: 220 mail.domain.com ESMTP Postfix, dt: 1.5 ms
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) smtp cmd> EHLO localhost
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) smtp resp to EHLO: 250 mail.domain.com\nPIPELINING\nSIZE 52428800\nVRFY\nETRN\nSTARTTLS\nENHANCEDSTATUSCODES\n8BITMIME\nDSN
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) AUTH not needed, user='', MTA offers ''
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) smtp cmd> MAIL FROM:<root@mail.domain.com> BODY=7BIT
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) smtp cmd> RCPT TO:<root@mail.domain.com> ORCPT=rfc822;root@mail.domain.com
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) smtp cmd> DATA
Apr 4 00:05:02 mail postfix/amavisd/smtpd[1515545]: 534CA8021F: client=localhost[127.0.0.1]
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) smtp resp to MAIL (pip): 250 2.1.0 Ok
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) smtp resp to RCPT (pip) (<root@mail.domain.com>): 250 2.1.5 Ok
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) smtp resp to DATA: 354 End data with <CR><LF>.<CR><LF>
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) smtp cmd> QUIT
Apr 4 00:05:02 mail postfix/cleanup[1520078]: 534CA8021F: message-id=<20260403210501.ED91B802A9@mail.domain.com>
Apr 4 00:05:02 mail postfix/amavisd/smtpd[1515545]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Apr 4 00:05:02 mail postfix/qmgr[15784]: 534CA8021F: from=<root@mail.domain.com>, size=1266, nrcpt=1 (queue active)
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) smtp resp to data-dot (<root@mail.domain.com>): 250 2.0.0 Ok: queued as 534CA8021F, dt: 7.5 ms
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) Amavis::Out::SMTP::Session close, disconnecting
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) 0HlDqUXwXZTv FWD from <root@mail.domain.com> -> <root@mail.domain.com>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 534CA8021F
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) status counters: InMsgsStatus{Relayed,RelayedUntagged,RelayedUntaggedInbound}
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) Passed CLEAN {RelayedInbound}, [127.0.0.1] <root@mail.domain.com> -> <root@mail.domain.com>, Message-ID: <20260403210501.ED91B802A9@mail.domain.com>, mail_id: 0HlDqUXwXZTv, Hits: -1.9, size: 618, queued_as: 534CA8021F, 363 ms
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) TIMING-SA [total 246 ms, cpu 203 ms] - parse: 1.29 (0.5%), extract_message_metadata: 2.7 (1.1%), tests_pri_-10000: 3.2 (1.3%), get_uri_detail_list: 1.83 (0.7%), tests_pri_-2000: 3.1 (1.3%), tests_pri_-1000: 3.5 (1.4%), tests_pri_-950: 2.2 (0.9%), tests_pri_-900: 2.2 (0.9%), tests_pri_-100: 69 (28.1%), check_dkim_adsp: 42 (17.2%), check_spf: 0.71 (0.3%), tests_pri_-90: 15 (6.0%), check_bayes: 12 (5.0%), b_tokenize: 3.6 (1.5%), b_tok_get_all: 2.8 (1.2%), b_comp_prob: 2.4 (1.0%), b_tok_touch_all: 0.30 (0.1%), b_finish: 0.95 (0.4%), tests_pri_0: 96 (39.0%), tests_pri_10: 2.3 (0.9%), tests_pri_500: 2.6 (1.1%), learn: 27 (10.8%), b_learn: 21 (8.5%), b_count_change: 7 (2.7%), get_report: 0.75 (0.3%)
Apr 4 00:05:02 mail amavis[1435540]: (1435540-15) sending SMTP response: "250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 534CA8021F"
Apr 4 00:05:02 mail postfix/smtp[1520076]: ED91B802A9: to=<root@mail.domain.com>, orig_to=<root>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.4, delays=0.03/0/0/0.36, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 534CA8021F)
Apr 4 00:05:02 mail postfix/qmgr[15784]: ED91B802A9: removed
Any help, please!!
A bunch of mails sent by root@domain.com
-
liverpoolfcfan
- Elite member
- Posts: 1233
- Joined: Sat Sep 13, 2014 12:47 am
Re: A bunch of mails sent by root@domain.com
What is in the emails?
It shows they are being delivered to root@your domain - so where does root's email go to? Do you have an alias that is sending them to a mailbox?
It shows they are being delivered to root@your domain - so where does root's email go to? Do you have an alias that is sending them to a mailbox?
Re: A bunch of mails sent by root@domain.com
The mails are "removed". No trace of them but are counted in daily reports as sent mails.
-
liverpoolfcfan
- Elite member
- Posts: 1233
- Joined: Sat Sep 13, 2014 12:47 am
Re: A bunch of mails sent by root@domain.com
If you send an email to root@mail.domain.com - what happens to it?
When you see - Apr 4 00:05:02 mail postfix/qmgr[15784]: ED91B802A9: removed - it just means that delivery to the mailbox was successful so it was removed from the mail queue.
Do you have an account for root@mail.domain.com?
Do you have a Distribution List - root@mail.domain.com?
Do you have root@mail.domain.com added as an alias on another account?
The mail must be going somewhere. What happens if you send an email to root@mail.domain.com ? Does it get delivered, or do you get delivery failure?
When you see - Apr 4 00:05:02 mail postfix/qmgr[15784]: ED91B802A9: removed - it just means that delivery to the mailbox was successful so it was removed from the mail queue.
Do you have an account for root@mail.domain.com?
Do you have a Distribution List - root@mail.domain.com?
Do you have root@mail.domain.com added as an alias on another account?
The mail must be going somewhere. What happens if you send an email to root@mail.domain.com ? Does it get delivered, or do you get delivery failure?
-
liverpoolfcfan
- Elite member
- Posts: 1233
- Joined: Sat Sep 13, 2014 12:47 am
Re: A bunch of mails sent by root@domain.com
You can check if you have any account with an alias of root@mail.domain.com by
Code: Select all
su - zimbra
zmprov ga root@mail.domain.com
Re: A bunch of mails sent by root@domain.com
zmprov ga root@mail.domain.com
ERROR: account.NO_SUCH_ACCOUNT (no such account: root@mail.domain.com)
Of course I've replaced domain.com with my real domain!
Every day I got exactly 1411 mails from root@mail.domain.com ...
ERROR: account.NO_SUCH_ACCOUNT (no such account: root@mail.domain.com)
Of course I've replaced domain.com with my real domain!
Every day I got exactly 1411 mails from root@mail.domain.com ...
-
liverpoolfcfan
- Elite member
- Posts: 1233
- Joined: Sat Sep 13, 2014 12:47 am
Re: A bunch of mails sent by root@domain.com
Do you have a lot of CRON jobs running under root?
You could try running (as the root user)
and adding a known mailbox as the sender/receiver of the CRON emails. Place the MAILTO/MAILFROM at the top of the crontab file
This would allow you to see if it is cron related.
You could try running (as the root user)
Code: Select all
crontab -eCode: Select all
MAILTO=myMailbox@mail.domain.com
MAILFROM=myMailbox@mail.domain.com
Re: A bunch of mails sent by root@domain.com
Do you have an account root@domain.com?
If you don't, by adding that as an alias to your own mailbox account, you would be able to view those messages.
If you don't, by adding that as an alias to your own mailbox account, you would be able to view those messages.