Technology & MSG

At some point we noticed phantom entries in the Postfix mail log, mixed in with the rest of our valid mail. These phantom entries never took a long time to process, so we weren’t all that concerned about processor or bandwidth usage. Nevertheless after forcing yourself to ignore these useless entries for a while, you just want them to go away.

The entries looked like this, minus the text wrapping.

Mar 15 14:52:57 mail postfix/smtpd[11311]: connect from localhost[127.0.0.1]
Mar 15 14:52:57 mail postfix/smtpd[11311]: warning: Illegal address syntax from localhost[127.0.0.1]
  in MAIL command: <Received:frommail.beyond3d.com@mailbymx01.erols.comwithsmtp;Jan>
Mar 15 14:52:58 mail postfix/smtpd[11313]: connect from localhost[127.0.0.1]
Mar 15 14:52:58 mail postfix/smtpd[11313]: B4DF33FA5: client=localhost[127.0.0.1]
Mar 15 14:52:58 mail postfix/smtpd[11313]: warning: Illegal address syntax from localhost[127.0.0.1]
  in RCPT command: <Received:frommail.beyond3d.com@mailbymx01.erols.comwithsmtp;Jan>
Mar 15 14:52:59 mail postfix/smtpd[11313]: disconnect from localhost[127.0.0.1]
Mar 15 14:53:08 mail postfix/smtpd[11311]: disconnect from localhost[127.0.0.1]

Mar 15 15:08:52 mail postfix/smtpd[11622]: connect from localhost[127.0.0.1]
Mar 15 15:08:52 mail postfix/smtpd[11622]: warning: Illegal address syntax from localhost[127.0.0.1]
  in MAIL command: <Received:frommail.beyond3d.com@mailbymx01.erols.comwithsmtp;Jan>
Mar 15 15:08:53 mail postfix/smtpd[11768]: connect from localhost[127.0.0.1]
Mar 15 15:08:53 mail postfix/smtpd[11768]: 527E2404F: client=localhost[127.0.0.1]
Mar 15 15:08:53 mail postfix/smtpd[11768]: warning: Illegal address syntax from localhost[127.0.0.1]
  in RCPT command: <Received:frommail.beyond3d.com@mailbymx01.erols.comwithsmtp;Jan>

Mar 15 15:08:54 mail postfix/smtpd[11768]: disconnect from localhost[127.0.0.1]
Mar 15 15:09:03 mail postfix/smtpd[11622]: disconnect from localhost[127.0.0.1]

Here’s what we knew:

• the address wasn’t any variation of ours
• it was being handled by postfix/smtpd, from localhost
• it wasn’t being handled by postfix/qmgr, and as such mailq was of no use

As always, it can be helpful to see if anyone else has had. After the first Google search, we found a guy on the Postfix mailing list who was having the same issue as us. Well, almost. His phantom emails were directed towards one of his own accounts. Moving on, we found a guy on the the fetchmail mailing list who’s problem was a bit unclear. However, the solution was clear: update fetchmail first, as older versions had some issues.

Of course. The fetchmail utility was being used to check our backup mail exchanger for misdirected mail every five minutes, and would deliver the mail to Postfix locally. Looking at our logs - specifically the timestamps - it all made sense. Checking the version of fetchmail, it seems just a tad old.

user@mail ~ > fetchmail -V | head -1
This is fetchmail release 6.1.0+POP2+RPA+SDPS+SSL+OPIE+INET6+NLS

Might as well upgrade Fetchmail at this point. After recompiling, we checked the version.

user@mail ~ > fetchmail -V | head -1
This is fetchmail release 6.2.5+POP2+RPA+SDPS+SSL+OPIE+INET6+NLS

We restarted fetchmail, tailing the maillog at the same time. No new phantom entries. After five minutes in daemon mode, still no new entries. Problem solved.

Similar Articles

• Hotmail is “452 Out of memory” … Again.
• Fetchmail to Collect Mail from Secondary MX
• 1&1 Refuses To Accept Mail From Me
• Empty Nagios Notifications Caused by Lack of Disk Space
• Farewall Catch-All, I Will Miss You

Tags: email, fetchmail, postfix