Is this considered as spam email generated by postfix?

aye asked:

I have just checked my email log at /var/log/mail.log

Apr 22 22:09:02 server2 postfix/pickup[14310]: D1FCF737C5B0B: uid=0 from=<root>
Apr 22 22:09:02 server2 postfix/cleanup[17071]: D1FCF737C5B0B: message-id=<20160423020902.D1FCF737C5B0B@server2.domain.com>
Apr 22 22:09:02 server2 postfix/qmgr[5168]: D1FCF737C5B0B: from=<root@server2.dollarhosting.com>, size=1007, nrcpt=1 (queue active)
Apr 22 22:09:02 server2 postfix/local[4179]: D1FCF737C5B0B: to=<root@server2.dollarhosting.com>, orig_to=<root>, relay=local, delay=0.08, delays=0/0/0/0.07, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Apr 22 22:09:02 server2 postfix/qmgr[5168]: D1FCF737C5B0B: removed
Apr 22 22:10:01 server2 postfix/pickup[14310]: 99D47737C5B18: uid=0 from=<root>
Apr 22 22:10:01 server2 postfix/cleanup[17071]: 99D47737C5B18: message-id=<20160423021001.99D47737C5B18@server2.domain.com>
Apr 22 22:10:01 server2 postfix/qmgr[5168]: 99D47737C5B18: from=<root@server2.dollarhosting.com>, size=1007, nrcpt=1 (queue active)
Apr 22 22:10:01 server2 postfix/local[4179]: 99D47737C5B18: to=<root@server2.dollarhosting.com>, orig_to=<root>, relay=local, delay=0.14, delays=0.02/0/0/0.12, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Apr 22 22:10:01 server2 postfix/qmgr[5168]: 99D47737C5B18: removed
Apr 22 22:11:01 server2 postfix/pickup[14310]: B73FF737C5B17: uid=0 from=<root>
Apr 22 22:11:01 server2 postfix/cleanup[17071]: B73FF737C5B17: message-id=<20160423021101.B73FF737C5B17@server2.domain.com>
Apr 22 22:11:01 server2 postfix/qmgr[5168]: B73FF737C5B17: from=<root@server2.dollarhosting.com>, size=1007, nrcpt=1 (queue active)
Apr 22 22:11:01 server2 postfix/local[18224]: B73FF737C5B17: to=<root@server2.dollarhosting.com>, orig_to=<root>, relay=local, delay=0.07, delays=0.01/0.02/0/0.04, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Apr 22 22:11:01 server2 postfix/qmgr[5168]: B73FF737C5B17: removed
Apr 22 22:11:04 server2 postfix/smtpd[18233]: connect from a0-10.smtp-out.eu-west-1.amazonses.com[54.240.0.10]
Apr 22 22:11:04 server2 postfix/smtpd[18233]: NOQUEUE: reject: RCPT from a0-10.smtp-out.eu-west-1.amazonses.com[54.240.0.10]: 454 4.7.1 <admin@zohan.com>: Relay access denied; from=<20160422104811b2c07451cbfc4253829673647cf0p0eu-C30TW32XKSM7YZ@bounces.amazon.co.uk> to=<admin@zohan.com> proto=ESMTP helo=<a0-10.smtp-out.eu-west-1.amazonses.com>
Apr 22 22:11:28 server2 postfix/smtpd[18233]: disconnect from a0-10.smtp-out.eu-west-1.amazonses.com[54.240.0.10]
Apr 22 22:12:02 server2 postfix/pickup[14310]: 6BC9A737C5AF6: uid=0 from=<root>
Apr 22 22:12:02 server2 postfix/cleanup[17071]: 6BC9A737C5AF6: message-id=<20160423021202.6BC9A737C5AF6@server2.domain.com>
Apr 22 22:12:02 server2 postfix/qmgr[5168]: 6BC9A737C5AF6: from=<root@server2.dollarhosting.com>, size=1007, nrcpt=1 (queue active)
Apr 22 22:12:02 server2 postfix/local[18224]: 6BC9A737C5AF6: to=<root@server2.dollarhosting.com>, orig_to=<root>, relay=local, delay=0.05, delays=0.01/0/0/0.04, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Apr 22 22:12:02 server2 postfix/qmgr[5168]: 6BC9A737C5AF6: removed
Apr 22 22:13:01 server2 postfix/pickup[14310]: D2079737C5B1A: uid=0 from=<root>
Apr 22 22:13:01 server2 postfix/cleanup[17071]: D2079737C5B1A: message-id=<20160423021301.D2079737C5B1A@server2.domain.com>
Apr 22 22:13:01 server2 postfix/qmgr[5168]: D2079737C5B1A: from=<root@server2.dollarhosting.com>, size=1007, nrcpt=1 (queue active)
Apr 22 22:13:01 server2 postfix/local[18224]: D2079737C5B1A: to=<root@server2.dollarhosting.com>, orig_to=<root>, relay=local, delay=0.05, delays=0.01/0/0/0.04, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Apr 22 22:13:01 server2 postfix/qmgr[5168]: D2079737C5B1A: removed
Apr 22 22:14:02 server2 postfix/pickup[14310]: 4979F737C5AF7: uid=0 from=<root>
Apr 22 22:14:02 server2 postfix/cleanup[17071]: 4979F737C5AF7: message-id=<20160423021402.4979F737C5AF7@server2.domain.com>
Apr 22 22:14:02 server2 postfix/qmgr[5168]: 4979F737C5AF7: from=<root@server2.dollarhosting.com>, size=1007, nrcpt=1 (queue active)
Apr 22 22:14:02 server2 postfix/local[18224]: 4979F737C5AF7: to=<root@server2.dollarhosting.com>, orig_to=<root>, relay=local, delay=0.05, delays=0.01/0/0/0.04, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Apr 22 22:14:02 server2 postfix/qmgr[5168]: 4979F737C5AF7: removed

The VPS had name server2.domain.com
After installation of OS, i set the hostname to be server2.dollarhosting.com

I have difficulty in understanding this log file, so really appreciate if anyone would give me a clear explanation about the following newbie questions:

1: Since i have already set the hostname to be server2.dollarhosting.com, why in the log file i still see some lines containing server2.domain.com? Does this indicate some improper VPS configuration? (I installed virtualmin using automated installation script).

2: I see many emails from root to root, so does this mean the server send out those email to the outside of the server and then those emails come back again to the server? This is important for me because i need to control the number of outgoing emails.

3: Those emails (from root to root) are really not useful at all to me. Why are they automatically generated? Is there anyway to stop this behavior, and should i do so, or will stopping it affect mail delivery of other users?

4: Is /var/log/mail.log the only mail log file in the system (I hope yes, because i need to have tight control/watching over email activity of the server).

Thank you very much for any help!

My answer:


You have several locally generated and delivered messages, which you should read, and which (if you don’t really want to read them on this server) you should forward somewhere. Once you know what the messages are, you can then take any appropriate action.

Most likely these messages are being generated or processed by a process which still thinks the old hostname is in effect, i.e. it has not been restarted since changing the hostname, thus the old hostname shows up in the message ID. Reboot the computer to take care of this.

You have one message which was attempted to be delivered via Amazon SES, but this was rejected, presumably because your mailer didn’t login with the right credentials.

Finally, since you say you installed virtualmin, you probably should wipe the whole thing and start over with a fresh installation which does not include such software.

It’s impossible to say anything further with the information given.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.