backscatter issue
in [Postfix]
|
Prev: Accept mail when address verification fails due to connectiontimeout
Next: SMTPD resctrictions question
From: Dimitar Penev on 10 Feb 2010 13:51 Hello All, I am not sure if this mailing list is the best place to ask this question. If not please point me to the better one. I am running postfix based mailserver. Few days ago however I have noticed that some of the emails I am sending fall in the recipient spam filters. I have discovered that my ISP IP range is in uceprotect-level3 list, in addition I have found that my IP is listed in ips.backscatterer.org I don't have control of the ISP machines so I can not do much for the first problem, but at least I want to fix the backscatter issue. I have attached part of my mail log at the time suggested by backscatterer.org I indeed find the place where we see few "from=<>". I see also short below that that the recipient (I guess) mailservers reject my mailserver with reason "rejected due to spam or virus content" or "Your PROVIDER is BLACKLISTED at UCEPROTECT-LEVEL 3" I don't understand however who/how is sending those messages with "from=<>". I have setup local_recipient_maps = proxy:unix:passwd.byname $alias_maps So I should get local recipient reject if the recipient name is not in my alias_map or not and unix user Can someone help me interpreting the log below. Or can I make the log more detailed? Any suggestions will be appreciated! Feb 7 21:19:02 uCpbx postfix/anvil[14011]: statistics: max connection rate 1/60s for (smtp:109.187.243.221) at Feb 7 21:15:41 Feb 7 21:19:02 uCpbx postfix/anvil[14011]: statistics: max connection count 1 for (smtp:109.187.243.221) at Feb 7 21:15:41 Feb 7 21:19:02 uCpbx postfix/anvil[14011]: statistics: max cache size 1 at Feb 7 21:15:41 Feb 7 21:22:59 uCpbx dovecot: imap-login: Login: user=<mark_ucpbx>, method=PLAIN, rip=::ffff:204.225.113.99, lip=::ffff:192.168.1.2 , TLS Feb 7 21:23:06 uCpbx last message repeated 4 times Feb 7 21:23:07 uCpbx dovecot: IMAP(mark_ucpbx): Disconnected Feb 7 21:23:28 uCpbx postfix/smtpd[14183]: connect from unknown[190.149.93.28] Feb 7 21:23:28 uCpbx postfix/qmgr[3492]: 6BBD885C2BA: from=<apache(a)mail.bioidentic.com>, size=1237, nrcpt=1 (queue active) Feb 7 21:23:28 uCpbx postfix/qmgr[3492]: 2553085C34B: from=<apache(a)mail.bioidentic.com>, size=1232, nrcpt=1 (queue active) Feb 7 21:23:28 uCpbx postfix/qmgr[3492]: C69BF85BF81: from=<>, size=10970, nrcpt=1 (queue active) Feb 7 21:23:28 uCpbx postfix/qmgr[3492]: A841C85BECF: from=<>, size=6531, nrcpt=1 (queue active) Feb 7 21:23:28 uCpbx postfix/qmgr[3492]: A50BA85C31C: from=<apache(a)mail.bioidentic.com>, size=1236, nrcpt=1 (queue active) Feb 7 21:23:28 uCpbx postfix/qmgr[3492]: 4A1FD85BA11: from=<>, size=8765, nrcpt=1 (queue active) Feb 7 21:23:28 uCpbx postfix/qmgr[3492]: 7557D85BA7E: from=<>, size=11116, nrcpt=1 (queue active) Feb 7 21:23:28 uCpbx postfix/qmgr[3492]: 53DA685C1FC: from=<>, size=15070, nrcpt=1 (queue active) Feb 7 21:23:28 uCpbx postfix/qmgr[3492]: 5571885C34C: from=<>, size=4330, nrcpt=1 (queue active) Feb 7 21:23:28 uCpbx postfix/qmgr[3492]: DC72B85BA6E: from=<>, size=4084, nrcpt=1 (queue active) Feb 7 21:23:28 uCpbx postfix/qmgr[3492]: D228585C332: from=<>, size=18688, nrcpt=1 (queue active) Feb 7 21:23:28 uCpbx postfix/qmgr[3492]: BD4BE85C11C: from=<>, size=6789, nrcpt=1 (queue active) Feb 7 21:23:28 uCpbx postfix/qmgr[3492]: E73FD85BF7D: from=<apache(a)mail.bioidentic.com>, size=1239, nrcpt=1 (queue active) Feb 7 21:23:28 uCpbx postfix/smtp[14187]: connect to mail.mymail-in.net[217.20.163.8]: Connection refused (port 25) Feb 7 21:23:28 uCpbx postfix/smtp[14199]: connect to mail.mymail-in.net[217.20.163.8]: Connection refused (port 25) Feb 7 21:23:28 uCpbx postfix/smtp[14191]: connect to mail.mymail-in.net[217.20.163.8]: Connection refused (port 25) Feb 7 21:23:29 uCpbx postfix/smtpd[14183]: warning: support for restriction "check_relay_domains" will be removed from Postfix; use "reject_unauth_destination" instead Feb 7 21:23:29 uCpbx postfix/smtpd[14183]: 6318385AEC7: client=unknown[190.149.93.28] Feb 7 21:23:30 uCpbx postfix/smtp[14192]: 4A1FD85BA11: host smtp.secureserver.net[72.167.238.201] refused to talk to me: 554-p3pism tp01-015.prod.phx3.secureserver.net 554 Your access to this mail system has been rejected due to spam or virus content. If you belie ve that this failure is in error, please submit an unblock request at http://unblock.secureserver.net Feb 7 21:23:30 uCpbx postfix/smtp[14197]: D228585C332: host smtp.secureserver.net[72.167.238.201] refused to talk to me: 554-p3pism tp01-021.prod.phx3.secureserver.net 554 Your access to this mail system has been rejected due to spam or virus content. If you belie ve that this failure is in error, please submit an unblock request at http://unblock.secureserver.net Feb 7 21:23:31 uCpbx postfix/smtp[14192]: 4A1FD85BA11: to=<buckskinyfu94(a)northscottsdalesoccerleague.com>, relay=mailstore1.secures erver.net[72.167.238.201]:25, delay=236635, delays=236632/0.06/3.1/0, dsn=4.0.0, status=deferred (host mailstore1.secureserver.net[7 2.167.238.201] refused to talk to me: 554-p3pismtp01-006.prod.phx3.secureserver.net 554 Your access to this mail system has been rej ected due to spam or virus content. If you believe that this failure is in error, please submit an unblock request at http://unbloc k.secureserver.net) Feb 7 21:23:31 uCpbx postfix/smtp[14197]: D228585C332: to=<prosecutedy7(a)rcri.com>, relay=mailstore1.secureserver.net[72.167.238.201 ]:25, delay=147201, delays=147198/0.1/3.1/0, dsn=4.0.0, status=deferred (host mailstore1.secureserver.net[72.167.238.201] refused to talk to me: 554-p3pismtp01-014.prod.phx3.secureserver.net 554 Your access to this mail system has been rejected due to spam or viru s content. If you believe that this failure is in error, please submit an unblock request at http://unblock.secureserver.net) Feb 7 21:23:31 uCpbx postfix/cleanup[14200]: 6318385AEC7: message-id=<001e01caa7f8$ae232fb0$0a698f10$@fr> Feb 7 21:23:31 uCpbx postfix/qmgr[3492]: 6318385AEC7: from=<metier9O(a)mac-gratuit.fr>, size=5907, nrcpt=5 (queue active) Feb 7 21:23:31 uCpbx spamd[4606]: spamd: connection from localhost [127.0.0.1] at port 49323 Feb 7 21:23:31 uCpbx spamd[4606]: spamd: setuid to spamfilter succeeded Feb 7 21:23:31 uCpbx spamd[4606]: spamd: processing message <001e01caa7f8$ae232fb0$0a698f10$@fr> for spamfilter:527 Feb 7 21:23:31 uCpbx postfix/smtp[14195]: 5571885C34C: to=<mncyb(a)egiftplanet.com>, relay=mail.egiftplanet.com[208.91.131.6]:25, del ay=12844, delays=12841/0.13/1/2.4, dsn=5.0.0, status=bounced (host mail.egiftplanet.com[208.91.131.6] said: 571 Your PROVIDER is BLA CKLISTED at UCEPROTECT-LEVEL 3 - See: http://www.uceprotect.net/rblcheck.php?ipr=77.70.97.103 (in reply to RCPT TO command)) Feb 7 21:23:31 uCpbx postfix/qmgr[3492]: 5571885C34C: removed Feb 7 21:23:31 uCpbx postfix/smtpd[14183]: disconnect from unknown[190.149.93.28] Feb 7 21:23:33 uCpbx spamd[4606]: spamd: identified spam (28.9/5.0) for spamfilter:527 in 1.9 seconds, 5790 bytes. Feb 7 21:23:33 uCpbx spamd[4606]: spamd: result: Y 28 - BAYES_99,HTML_90_100,HTML_ATTR_UNIQUE,HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,R CVD_IN_XBL,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=1.9,size=5790,user=spamfilt er,uid=527,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=49323,mid=<001e01caa7f8$ae232fb0$0a698f10$@fr>,bayes=0.999999998 276899,autolearn=spam Feb 7 21:23:33 uCpbx spamd[2797]: prefork: child states: II Feb 7 21:23:33 uCpbx postfix/pipe[14203]: 6318385AEC7: to=<info(a)bioidentic.com>, relay=spamfilter, delay=4.4, delays=2.4/0.01/0/2, dsn=2.0.0, status=sent (delivered via spamfilter service) Feb 7 21:23:33 uCpbx postfix/pipe[14203]: 6318385AEC7: to=<sales(a)bioidentic.com>, relay=spamfilter, delay=4.4, delays=2.4/0.01/0/2, dsn=2.0.0, status=sent (delivered via spamfilter service) Best Regards Dimitar
From: Noel Jones on 10 Feb 2010 15:10 On 2/10/2010 12:51 PM, Dimitar Penev wrote: > Hello All, > > I am not sure if this mailing list is the best place to ask this question. > If not please point me to the better one. > > I am running postfix based mailserver. > Few days ago however I have noticed that some of the emails I am > sending fall in the recipient spam filters. > I have discovered that my ISP IP range is in uceprotect-level3 list, > in addition I have found that my IP is listed in ips.backscatterer.org > > I don't have control of the ISP machines so I can not do much for the > first problem, > but at least I want to fix the backscatter issue. > > I have attached part of my mail log at the time suggested by backscatterer.org > I indeed find the place where we see few "from=<>". > I see also short below that that the recipient (I guess) mailservers > reject my mailserver with reason > "rejected due to spam or virus content" or "Your PROVIDER is > BLACKLISTED at UCEPROTECT-LEVEL 3" > I don't understand however who/how is sending those messages with "from=<>". Search the mail log for the QUEUEID listed in the log for one particular message that looks like a bounce. That will help you trace one particular message. Some of these messages have been in your log for several days, so the original entry might be in a different log file. You can also search for log entries with "status=bounced". > > I have setup > local_recipient_maps = proxy:unix:passwd.byname $alias_maps > So I should get local recipient reject if the recipient name is not in > my alias_map or not and unix user Unless you have wildcards in virtual_alias_maps or *canonical_maps. Wildcards defeat recipient validation. > > Can someone help me interpreting the log below. Or can I make the log > more detailed? > Any suggestions will be appreciated! Not much interesting in the snippit below -- the good stuff is elsewhere in the file, or maybe in an older log file. Don't make the log more verbose, everything you need is logged already. > Feb 7 21:23:28 uCpbx postfix/qmgr[3492]: 6BBD885C2BA: > from=<apache(a)mail.bioidentic.com>, size=1237, nrcpt=1 (queue active) Maybe you have an abused web form on your web server. > Feb 7 21:23:28 uCpbx postfix/qmgr[3492]: C69BF85BF81: from=<>, > size=10970, nrcpt=1 (queue active) This is probably a bounced message. Search the logs for prior occurences of the QUEUEID, C69BF85BF81, to see where that message came from. > Feb 7 21:23:29 uCpbx postfix/smtpd[14183]: warning: support for > restriction "check_relay_domains" will be removed from Postfix; use > "reject_unauth_destination" instead That message seems pretty self-explanatory. > Feb 7 21:23:31 uCpbx postfix/smtp[14192]: 4A1FD85BA11: > to=<buckskinyfu94(a)northscottsdalesoccerleague.com>, > relay=mailstore1.secures > erver.net[72.167.238.201]:25, delay=236635, delays=236632/0.06/3.1/0, > dsn=4.0.0, status=deferred (host mailstore1.secureserver.net[7 > 2.167.238.201] refused to talk to me: > 554-p3pismtp01-006.prod.phx3.secureserver.net 554 Your access to this > mail system has been rej > ected due to spam or virus content. If you believe that this failure > is in error, please submit an unblock request at http://unbloc > k.secureserver.net) > Feb 7 21:23:31 uCpbx postfix/smtp[14195]: 5571885C34C: > to=<mncyb(a)egiftplanet.com>, > relay=mail.egiftplanet.com[208.91.131.6]:25, del > ay=12844, delays=12841/0.13/1/2.4, dsn=5.0.0, status=bounced (host > mail.egiftplanet.com[208.91.131.6] said: 571 Your PROVIDER is BLA > CKLISTED at UCEPROTECT-LEVEL 3 - See: > http://www.uceprotect.net/rblcheck.php?ipr=77.70.97.103 (in reply to > RCPT TO command)) These entries make it appear you have set soft_bounce=yes (remote replies with a 5xx "reject" response, but you treat it as a 4xx defer). Don't do that. If you need more help, see http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones
From: Dimitar Penev on 11 Feb 2010 04:50 Hi Noel, Thank you for your help! I have searched our log for 9FE3785BA10 signature and found the beginning. Please see below. I have searched the log for other similar signatures with "from=<>" and it seems each of those problematic e-mails starts with the two lines as I have put in the beginning of my log excerpt below. (those two lines have different signature though) I still however not sure what is causing this from=<>. As far as I can understand, somebody is trying to send e-mails to the root account. In addition as I log as root I get in the shell "You have mail." message. And I see that /root/Maildir/cur is pretty big in size. In a addition in order to stop bounces I have commented in /etc/postfix/master.cf #bounce unix - - n - 0 bounce I think our senders can live without nondelivery notifications I think. Do you think this will help? I am attaching at the end of this message some info which I think may be relevant. Thank you in advance ================================================================================================================ lines from the log related with 9FE3785BA10 signature ======================================================================= .... Feb 7 10:58:53 uCpbx postfix/local[27212]: 9FE3785BA10: to=<root(a)mail.bioidentic.com>, orig_to=<mail(a)bioidentic.com>, relay=local, delay=3.9, delays=1.8/0.01/0/2.1, dsn=5.2.0, status=bounced (can't create user output file. Command output: procmail: Couldn't creat e "/var/spool/mail/nobody" procmail: Couldn't chdir to "/root/Maildir" procmail: Couldn't read "// " procmail: Unable to treat as di rectory "/root/Maildir" procmail: Lock failure on "/root/Maildir.lock" procmail: Error while writing to "/root/Maildir" ) Feb 7 10:58:54 uCpbx postfix/local[27213]: 9FE3785BA10: to=<root(a)mail.bioidentic.com>, orig_to=<postmaster(a)bioidentic.com>, relay=l ocal, delay=5, delays=1.8/0.03/0/3.1, dsn=5.2.0, status=bounced (can't create user output file. Command output: procmail: Couldn't c reate "/var/spool/mail/nobody" procmail: Couldn't chdir to "/root/Maildir" procmail: Couldn't read "// " procmail: Unable to treat a s directory "/root/Maildir" procmail: Lock failure on "/root/Maildir.lock" procmail: Error while writing to "/root/Maildir" ) Feb 7 10:58:54 uCpbx postfix/cleanup[27200]: :message-id=<20100207085854.C69BF85BF81(a)mail.bioidentic.com> Feb 7 10:58:54 uCpbx postfix/qmgr[3492]: C69BF85BF81: from=<>, size=10970, nrcpt=1 (queue active) Feb 7 10:58:54 uCpbx postfix/bounce[27231]: 9FE3785BA10: sender non-delivery notification: C69BF85BF81 Feb 7 10:58:54 uCpbx postfix/qmgr[3492]: 9FE3785BA10: removed .... Feb 7 10:59:24 uCpbx postfix/smtp[27233]: C69BF85BF81: to=<dogtoothP1(a)dvb-brasil.org>, relay=none, delay=30, delays=0.01/0.01/30/0, dsn=4.4.1, status=deferred (connect to dvb-brasil.org[62.233.121.75]: Connection timed out) .... Feb 7 11:23:28 uCpbx postfix/qmgr[3492]: C69BF85BF81: from=<>, size=10970, nrcpt=1 (queue active) .... Feb 7 11:23:58 uCpbx postfix/smtp[28425]: C69BF85BF81: to=<dogtoothP1(a)dvb-brasil.org>, relay=none, delay=1503, delays=1473/0.02/30/ 0, dsn=4.4.1, status=deferred (connect to dvb-brasil.org[62.233.121.75]: Connection timed out) .... Feb 7 11:56:48 uCpbx postfix/qmgr[3492]: C69BF85BF81: from=<>, size=10970, nrcpt=1 (queue active) .... Feb 7 17:13:28 uCpbx postfix/qmgr[3492]: C69BF85BF81: from=<>, size=10970, nrcpt=1 (queue active) =============================================================================================================== Additional info which I think may be relevant to my issue. ====================================================================== Do I need to send additional info so we undestand what is going on. 1. I have /root/Maildir [root(a)uCpbx ~]# ls /root/Maildir/ cur new tmp 2. We run CRM system in our server and if I grep in the /var/www/html/crm folder [root(a)uCpbx crm]# grep root@ ./* -rs ../adodb/tests/test-active-record.php: $db = NewADOConnection('mysql://root(a)localhost/northwind'); ../adodb/tests/test-active-recs2.php: $db = NewADOConnection('mysql://root(a)localhost/northwind'); ../cron/class.phpmailer.php: var $From = "root(a)localhost"; ../modules/Emails/class.phpmailer.php: var $From = "root(a)localhost"; This CRM is sending emails as soon as our stock gets low. 3. We also have joomla instaled and in ../libraries/phpmailer/phpmailer.php there is var $From = 'root(a)localhost'; 4. In our /etc/aliases we have the following line commented #root: dpn_ucpbx =============================================================================================================== On Wed, Feb 10, 2010 at 10:10 PM, Noel Jones <njones(a)megan.vbhcs.org> wrote: > On 2/10/2010 12:51 PM, Dimitar Penev wrote: >> >> Hello All, >> >> I am not sure if this mailing list is the best place to ask this question. >> If not please point me to the better one. >> >> I am running postfix based mailserver. >> Few days ago however I have noticed that some of the emails I am >> sending fall in the recipient spam filters. >> I have discovered that my ISP IP range is in uceprotect-level3 list, >> in addition I have found that my IP is listed in ips.backscatterer.org >> >> I don't have control of the ISP machines so I can not do much for the >> first problem, >> but at least I want to fix the backscatter issue. >> >> I have attached part of my mail log at the time suggested by >> backscatterer.org >> I indeed find the place where we see few "from=<>". >> I see also short below that that the recipient (I guess) mailservers >> reject my mailserver with reason >> "rejected due to spam or virus content" or "Your PROVIDER is >> BLACKLISTED at UCEPROTECT-LEVEL 3" >> I don't understand however who/how is sending those messages with >> "from=<>". > > Search the mail log for the QUEUEID listed in the log for one particular > message that looks like a bounce. That will help you trace one particular > message. Some of these messages have been in your log for several days, so > the original entry might be in a different log file. > > You can also search for log entries with "status=bounced". > >> >> I have setup >> local_recipient_maps = proxy:unix:passwd.byname $alias_maps >> So I should get local recipient reject if the recipient name is not in >> my alias_map or not and unix user > > Unless you have wildcards in virtual_alias_maps or *canonical_maps. > Wildcards defeat recipient validation. > >> >> Can someone help me interpreting the log below. Or can I make the log >> more detailed? >> Any suggestions will be appreciated! > > Not much interesting in the snippit below -- the good stuff is elsewhere in > the file, or maybe in an older log file. Don't make the log more verbose, > everything you need is logged already. > >> Feb 7 21:23:28 uCpbx postfix/qmgr[3492]: 6BBD885C2BA: >> from=<apache(a)mail.bioidentic.com>, size=1237, nrcpt=1 (queue active) > > Maybe you have an abused web form on your web server. > >> Feb 7 21:23:28 uCpbx postfix/qmgr[3492]: C69BF85BF81: from=<>, >> size=10970, nrcpt=1 (queue active) > > This is probably a bounced message. Search the logs for prior occurences of > the QUEUEID, C69BF85BF81, to see where that message came from. > >> Feb 7 21:23:29 uCpbx postfix/smtpd[14183]: warning: support for >> restriction "check_relay_domains" will be removed from Postfix; use >> "reject_unauth_destination" instead > > That message seems pretty self-explanatory. > >> Feb 7 21:23:31 uCpbx postfix/smtp[14192]: 4A1FD85BA11: >> to=<buckskinyfu94(a)northscottsdalesoccerleague.com>, >> relay=mailstore1.secures >> erver.net[72.167.238.201]:25, delay=236635, delays=236632/0.06/3.1/0, >> dsn=4.0.0, status=deferred (host mailstore1.secureserver.net[7 >> 2.167.238.201] refused to talk to me: >> 554-p3pismtp01-006.prod.phx3.secureserver.net 554 Your access to this >> mail system has been rej >> ected due to spam or virus content. If you believe that this failure >> is in error, please submit an unblock request at http://unbloc >> k.secureserver.net) > >> Feb 7 21:23:31 uCpbx postfix/smtp[14195]: 5571885C34C: >> to=<mncyb(a)egiftplanet.com>, >> relay=mail.egiftplanet.com[208.91.131.6]:25, del >> ay=12844, delays=12841/0.13/1/2.4, dsn=5.0.0, status=bounced (host >> mail.egiftplanet.com[208.91.131.6] said: 571 Your PROVIDER is BLA >> CKLISTED at UCEPROTECT-LEVEL 3 - See: >> http://www.uceprotect.net/rblcheck.php?ipr=77.70.97.103 (in reply to >> RCPT TO command)) > > These entries make it appear you have set soft_bounce=yes (remote replies > with a 5xx "reject" response, but you treat it as a 4xx defer). Don't do > that. > > > If you need more help, see > http://www.postfix.org/DEBUG_README.html#mail > > -- Noel Jones >
From: Noel Jones on 11 Feb 2010 12:35
On 2/11/2010 3:50 AM, Dimitar Penev wrote: > Hi Noel, > > Thank you for your help! > > I have searched our log for 9FE3785BA10 signature and found the beginning. > Please see below. I have searched the log for other similar signatures > with "from=<>" > and it seems each of those problematic e-mails starts with the two > lines as I have put > in the beginning of my log excerpt below. (those two lines have > different signature though) > > I still however not sure what is causing this from=<>. As far as I can > understand, > somebody is trying to send e-mails to the root account. > In addition as I log as root I get in the shell "You have mail." message. > And I see that /root/Maildir/cur is pretty big in size. > > In a addition in order to stop bounces I have commented in > /etc/postfix/master.cf > #bounce unix - - n - 0 bounce > > I think our senders can live without nondelivery notifications I > think. Do you think this will help? > > I am attaching at the end of this message some info which I think may > be relevant. > > Thank you in advance > > ================================================================================================================ > lines from the log related with 9FE3785BA10 signature > ======================================================================= > ... > Feb 7 10:58:53 uCpbx postfix/local[27212]: 9FE3785BA10: > to=<root(a)mail.bioidentic.com>, orig_to=<mail(a)bioidentic.com>, > relay=local, > delay=3.9, delays=1.8/0.01/0/2.1, dsn=5.2.0, status=bounced (can't > create user output file. Command output: procmail: Couldn't creat > e "/var/spool/mail/nobody" procmail: Couldn't chdir to "/root/Maildir" > procmail: Couldn't read "// " procmail: Unable to treat as di > rectory "/root/Maildir" procmail: Lock failure on "/root/Maildir.lock" > procmail: Error while writing to "/root/Maildir" ) > Feb 7 10:58:54 uCpbx postfix/local[27213]: 9FE3785BA10: > to=<root(a)mail.bioidentic.com>, orig_to=<postmaster(a)bioidentic.com>, > relay=l > ocal, delay=5, delays=1.8/0.03/0/3.1, dsn=5.2.0, status=bounced (can't > create user output file. Command output: procmail: Couldn't c > reate "/var/spool/mail/nobody" procmail: Couldn't chdir to > "/root/Maildir" procmail: Couldn't read "// " procmail: Unable to > treat a > s directory "/root/Maildir" procmail: Lock failure on > "/root/Maildir.lock" procmail: Error while writing to "/root/Maildir" Looks as if procmail can't deliver mail for the root user. That's what you need to fix. I don't use procmail, but I think you might have better luck if you alias root's mail to a different non-root user. -- Noel Jones |