# Not sure what these emails are about



## pentago (Oct 12, 2014)

I started receiving some emails from my host running couple of jailed services (http, db, cache, splunk) when i created them and I'm not entirely sure what am I supposed to to in order to fix it. Can somebody shed some light on this please? 

Thanks

*Email example:*


```
From MAILER-DAEMON Sat Oct  4 04:15:21 2014
Return-Path: <MAILER-DAEMON@jupiter.domain.com>
Received: from localhost (localhost)
	by jupiter.domain.com (8.14.7/8.14.7) id s942FLNK088809;
	Sat, 4 Oct 2014 04:15:21 +0200 (CEST)
	(envelope-from MAILER-DAEMON)
Date: Sat, 4 Oct 2014 04:15:21 +0200 (CEST)
From: Mail Delivery Subsystem <MAILER-DAEMON>
Message-Id: <201410040215.s942FLNK088809@jupiter.domain.com>
To: postmaster
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
	boundary="s942FLNK088809.1412388921/jupiter.domain.com"
Subject: Postmaster notify: see transcript for details
Auto-Submitted: auto-generated (postmaster-notification)
Status: RO
Content-Length: 3590
Lines: 108

This is a MIME-encapsulated message

--s942FLNK088809.1412388921/jupiter.domain.com

The original message was received at Sat, 4 Oct 2014 04:15:21 +0200 (CEST)
from http.domain.com [192.168.1.2]
with id s942FLNM088807

   ----- The following addresses had permanent fatal errors -----
<root@http>
    (reason: 550 Host unknown)

   ----- Transcript of session follows -----
550 5.1.2 <root@http>... Host unknown (Name server: http: host not found)

--s942FLNK088809.1412388921/jupiter.domain.com
Content-Type: message/delivery-status

Reporting-MTA: dns; jupiter.domain.com
Received-From-MTA: DNS; http.domain.com
Arrival-Date: Sat, 4 Oct 2014 04:15:21 +0200 (CEST)

Final-Recipient: RFC822; root@http
Action: failed
Status: 5.1.2
Remote-MTA: DNS; http
Diagnostic-Code: SMTP; 550 Host unknown
Last-Attempt-Date: Sat, 4 Oct 2014 04:15:21 +0200 (CEST)

--s942FLNK088809.1412388921/jupiter.domain.com
Content-Type: message/rfc822

Return-Path: <>
Received: from http (http.domain.com [192.168.1.2])
	by jupiter.domain.com (8.14.7/8.14.7) with ESMTP id s942FLNM088807
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
	for <root@http>; Sat, 4 Oct 2014 04:15:21 +0200 (CEST)
Received: from localhost (localhost)
	by http (8.14.7/8.14.7/Submit) id s942FLrk088798;
	Sat, 4 Oct 2014 04:15:21 +0200 (CEST)
	(envelope-from MAILER-DAEMON)
Date: Sat, 4 Oct 2014 04:15:21 +0200 (CEST)
From: Mail Delivery Subsystem <MAILER-DAEMON@http>
Message-Id: <201410040215.s942FLrk088798@http>
To: root@http
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
	boundary="s942FLrk088798.1412388921/http"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)

This is a MIME-encapsulated message

--s942FLrk088798.1412388921/http

The original message was received at Sat, 4 Oct 2014 04:15:21 +0200 (CEST)
from root@localhost

   ----- The following addresses had permanent fatal errors -----
root
    (reason: 553 5.1.8 <root@http>... Domain of sender address root@http does not exist)
    (expanded from: root)

   ----- Transcript of session follows -----
... while talking to [127.0.0.1]:
>>> MAIL From:<root@http> SIZE=425
<<< 553 5.1.8 <root@http>... Domain of sender address root@http does not exist
501 5.6.0 Data format error

--s942FLrk088798.1412388921/http
Content-Type: message/delivery-status

Reporting-MTA: dns; http
Arrival-Date: Sat, 4 Oct 2014 04:15:21 +0200 (CEST)

Final-Recipient: RFC822; root@http
Action: failed
Status: 5.1.8
Diagnostic-Code: SMTP; 553 5.1.8 <root@http>... Domain of sender address root@http does not exist
Last-Attempt-Date: Sat, 4 Oct 2014 04:15:21 +0200 (CEST)

--s942FLrk088798.1412388921/http
Content-Type: message/rfc822

Return-Path: <root>
Received: (from root@localhost)
	by http (8.14.7/8.14.7/Submit) id s942FLrj088798
	for root; Sat, 4 Oct 2014 04:15:21 +0200 (CEST)
	(envelope-from root)
Date: Sat, 4 Oct 2014 04:15:21 +0200 (CEST)
From: Charlie Root <root>
Message-Id: <201410040215.s942FLrj088798@http>
To: root
Subject: http weekly security run output

Warning: Variable $daily_status_security_ipfwdenied_enable is deprecated, use $security_status_ipfwdenied_enable instead.
Warning: Variable $daily_status_security_ipfwlimit_enable is deprecated, use $security_status_ipfwlimit_enable instead.

Checking for packages with security vulnerabilities:
Database fetched: Sat Oct  4 03:01:12 CEST 2014

-- End of security output --

--s942FLrk088798.1412388921/http--


--s942FLNK088809.1412388921/jupiter.domain.com--
```


----------



## nakal (Oct 12, 2014)

Every night a typical FreeBSD host (also every jail) run checks and send two mails about the system state (see periodic()).

You need to ensure that all systems have a minimal piece of mail infrastructure running. Before you do anything, give hosts reasonable host names and domain names (FQDN is the only serious way how servers should be named).

Then, you need to setup an MTA (sendmail is default) to relay the mails to their destination. Of course you need at least one destination where those emails will arrive and where you (administrator) can read them later (I like to have a local IMAP server where these reports arrive in a special IMAP folder). You need to specify your administrator email address in /etc/aliases. This is something like `nakal@home-server.mydomain.org` (you can leave out "home-server.", if you have an MX entry for it).


----------



## pentago (Oct 12, 2014)

ok, but what are these mails are telling me exactly?
These are not regular daily security checks etc..


----------



## drhowarddrfine (Oct 12, 2014)

I only scanned it quickly. It looks like something on your server was trying to send a message/email to 'root@http' and your mail server is not set up for any such address while mail to 'postermaster'  does work cause those are being forwarded to your jupiter account. You may need to configure your /etc/mail/aliases settings for root to receive mail.


----------



## SirDice (Oct 13, 2014)

The errors indicate you probably haven't run mergemaster(8) on your jails as it's still using some old variables.


----------



## pentago (Oct 13, 2014)

SirDice said:
			
		

> The errors indicate you probably haven't run mergemaster(8) on your jails as it's still using some old variables.



I didn't build jails from source (using sysutils/qjail ) and I'm using freebsd-update to keep patched both host and jails. Do I still need to use mergemaster?


----------



## SirDice (Oct 13, 2014)

pentago said:
			
		

> SirDice said:
> 
> 
> 
> ...


Not sure with qjail, with ezjail you do have to run mergemaster(8) or else the jail's /etc/ won't be updated.


----------



## pentago (Oct 13, 2014)

So mergemaster should be run no matter if you build jails from source or via binaries?


----------



## gessel (Dec 31, 2017)

I'm not sure why I'm seeing this after more than 3 years, but I found this thread because I was getting the same errors.

I just updated (to FreeBSD 10.3-RELEASE #0 r327345, minor update from 10.3 release earlier revision) and did a full mergemaster on all jails and this entry didn't get updated.  As the warning doesn't provide information about where it came from, I executed the following:
`# find . -type f -a -exec grep -HI daily_status_security_ipfwdenied_enable '{}' \;`
and found the only references returned as 
/usr/local/share/examples/ezjail/example/etc/periodic.conf:daily_status_security_ipfwdenied_enable="NO"  and
/etc/periodic.conf:daily_status_security_ipfwdenied_enable="NO"

The following should fix the issue (executed in each jail/host reporting errors as root)
`# cp /etc/periodic.conf /etc/periodic.conf.bak && sed -i -e 's/daily_status_security_ipfwdenied_enable/security_status_ipfwdenied_enable/g' /etc/periodic.conf`


----------



## SirDice (Jan 2, 2018)

gessel, please stop resurrecting threads that are several years old.


----------

