issue 1: At 18:20 I downloaded mail.log. I restarted sshd at about 18:26. I got 2 emails in my gmail account. The good one and the root@localhost undelivered one. These are the additional entries I saw: Code: Jan 28 18:21:26 server1 postfix/smtpd[9784]: connect from localhost.localdomain[127.0.0.1] Jan 28 18:21:26 server1 postfix/smtpd[9784]: disconnect from localhost.localdomain[127.0.0.1] Jan 28 18:22:26 server1 postfix/smtpd[9784]: connect from localhost.localdomain[127.0.0.1] Jan 28 18:22:26 server1 postfix/smtpd[9784]: disconnect from localhost.localdomain[127.0.0.1] Jan 28 18:23:26 server1 postfix/smtpd[9784]: connect from localhost.localdomain[127.0.0.1] Jan 28 18:23:26 server1 postfix/smtpd[9784]: disconnect from localhost.localdomain[127.0.0.1] Jan 28 18:24:26 server1 postfix/smtpd[9784]: connect from localhost.localdomain[127.0.0.1] Jan 28 18:24:26 server1 postfix/smtpd[9784]: disconnect from localhost.localdomain[127.0.0.1] Jan 28 18:25:01 server1 postfix/pickup[10736]: 82FA29DBE39: uid=115 from=<munin> Jan 28 18:25:01 server1 postfix/cleanup[10830]: 82FA29DBE39: message-id=<[email protected]> Jan 28 18:25:01 server1 postfix/qmgr[9172]: 82FA29DBE39: from=<[email protected]>, size=731, nrcpt=1 (queue active) Jan 28 18:25:01 server1 postfix/local[10834]: 82FA29DBE39: to=<[email protected]>, orig_to=<root>, relay=local, delay=0.16, delays=0.11/0.02/0/0.02, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION") Jan 28 18:25:01 server1 postfix/qmgr[9172]: 82FA29DBE39: removed Jan 28 18:25:26 server1 postfix/smtpd[9784]: connect from localhost.localdomain[127.0.0.1] Jan 28 18:25:26 server1 postfix/smtpd[9784]: disconnect from localhost.localdomain[127.0.0.1] Jan 28 18:25:43 server1 postfix/smtpd[9784]: connect from s15424879.onlinehome-server.com[74.208.9.216] Jan 28 18:25:46 server1 postfix/smtpd[9784]: warning: s15424879.onlinehome-server.com[74.208.9.216]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jan 28 18:25:46 server1 postfix/smtpd[9784]: lost connection after AUTH from s15424879.onlinehome-server.com[74.208.9.216] Jan 28 18:25:46 server1 postfix/smtpd[9784]: disconnect from s15424879.onlinehome-server.com[74.208.9.216] Jan 28 18:26:23 server1 postfix/smtpd[9784]: connect from localhost.localdomain[127.0.0.1] Jan 28 18:26:23 server1 postfix/smtpd[9784]: disconnect from localhost.localdomain[127.0.0.1]
OK, I think I know why I receive the undeliverable emails: I am instructing GMAIL to send email to root@localhost. And gmail has no clue what this is. See this: Code: From: [email protected] To: root@localhost This is the undelivered message: Code: Delivery to the following recipient failed permanently: root@localhost Technical details of permanent failure: DNS Error: Domain name not found ----- Original message ----- DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:mime-version:content-type :content-transfer-encoding:message-id; bh=EAiCKCYUjBxqO3Zxp7YxLWhxLVo24YuuHJY5N+vdP6E=; b=LsoaObVMZjy+z7MJf3ih9M8tVPq8yu2oNSM2eFRxgFZAatZPSrwSLLDeAcvQg+JZVX 3N0U1EDUIA7PI/B4+onXIveB8WJIZE0HahE2NC7VOgW0oOK6XA70wWWRPHQYy/M8zutw mgYV9/JQabqOMEoY+Joy6hUcoRagMYicKXOKM792AHgCYFLM19GdDdmf66UVTV5ZOSWH XO8/4l/XlcYDf+oLR2CfFM1Wz1C9TVZ1bw9uI+ydUoQAt0vTJDE4XO2ivWspnrCfO1Gp UI4C9ufb1CtNY52Z88X1B1RzDq9cHEOxd8SrRyLJl1tN38WI/rXSXJGB7cZ7ENSG8Foa 5nOA== X-Received: by 10.236.128.97 with SMTP id e61mr2484244yhi.43.1390933579801; Tue, 28 Jan 2014 10:26:19 -0800 (PST) Return-Path: <[email protected]> Received: from server1.surf-anonymous.info ([192.210.214.129]) by mx.google.com with ESMTPSA id k3sm47883910yhc.13.2014.01.28.10.26.18 for <root@localhost> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 28 Jan 2014 10:26:19 -0800 (PST) [b]From: [email protected] To: root@localhost[/b] Subject: monit alert -- Action done sshd Date: Tue, 28 Jan 2014 10:26:19 -0800 (PST) X-Mailer: monit 5.3.2 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Message-id: <[email protected]> Action done Service sshd Date: Tue, 28 Jan 2014 18:26:16 Action: alert Host: server1.surf-anonymous.info Description: restart action done Your faithful employee, Monit When I remove the following line from monitrc, I do not have any undeliverable emails any more, since gmail does not try to send email to root@localhost (even I can understand this). Code: set alert root@localhost These pairs of connect/disconnect must be the tests you said. It is not monit (after I stopped monit they still generate). It may be ispconfig3 doing the tests? : Code: Jan 28 18:21:26 server1 postfix/smtpd[9784]: connect from localhost.localdomain[127.0.0.1] Jan 28 18:21:26 server1 postfix/smtpd[9784]: disconnect from localhost.localdomain[127.0.0.1] These five messages must be the action of monit trying to senfd me the messages for the sshd restart: Code: Jan 28 18:25:01 server1 postfix/pickup[10736]: 82FA29DBE39: uid=115 from=<munin> Jan 28 18:25:01 server1 postfix/cleanup[10830]: 82FA29DBE39: message-id=<[email protected]> Jan 28 18:25:01 server1 postfix/qmgr[9172]: 82FA29DBE39: from=<[email protected]>, size=731, nrcpt=1 (queue active) Jan 28 18:25:01 server1 postfix/local[10834]: 82FA29DBE39: to=<[email protected]>, orig_to=<root>, relay=local, delay=0.16, delays=0.11/0.02/0/0.02, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION") Jan 28 18:25:01 server1 postfix/qmgr[9172]: 82FA29DBE39: removed I don't know what these are: Code: Jan 28 18:25:46 server1 postfix/smtpd[9784]: warning: s15424879.onlinehome-server.com[74.208.9.216]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jan 28 18:25:46 server1 postfix/smtpd[9784]: lost connection after AUTH from s15424879.onlinehome-server.com[74.208.9.216] +++++++++++ Anyway, now in monitrc I use the gmail mailserver sending emails to my gmail account and it works fine. All initial issues are resolved. Thank you