Logwatch mail errors

Three days ago, I started getting errors similar to the following in my LogWatch report:

9F628AE8300: to=[email protected], relay=smtp.secureserver.net[]:25, delay=7.7, delays=1.6/0.02/3.8/2.3, dsn=5.0.0, status=bounced (host smtp.secureserver.net[] said: 550 #5.1.0 Address rejected. (in reply to RCPT TO command))
9F628AE8300: sender non-delivery notification: 35F4BAE8301

I am not sure what they mean and don’t know where to start looking.

My freepbx machine does not have a public IP address and is located on my local 192 subnet.

Where do I start to look? Is there a mail server directory where I can see what the content of these bounced emails is?

Any help would be greatly appreciated.

Thanks, Ross

It means that the mail server at smtp.secureserver.net has no way of sending mail to [email protected].

whois yourpbx.com


whois smtp.secureserver.net

might help you diagnose . . .

But diagnostically:-

dig mx yourpbx.com

; <<>> DiG 9.9.2-P1 <<>> mx yourpbx.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46407
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 1280
;yourpbx.com. IN MX

yourpbx.com. 3600 IN MX 10 mailstore1.secureserver.net.
yourpbx.com. 3600 IN MX 0 smtp.secureserver.net.

;; Query time: 209 msec
;; WHEN: Wed Sep 25 19:58:37 2013
;; MSG SIZE rcvd: 104

would indicate that you need to question whether [email protected] is a real email address.

Thanks for the response.

I appreciate the info about the email address and servers, however this is not the real issue.

This is a freepbx machine which does not run any other services apart from the standard Asterisk services.

While it has a mail server - this is only used for local mail and not as a general mail server for hosting mailboxes or sending mail from real people.

The only mail ever sent from this box is mail from the asterisk server, or for redirected local mail sent to the root mail account.

I am not sending any mail to or from this machine, and noone else should be either, as it is on a private subnet.

So, I am wondering if there is any freepbx service or process that would be trying to send mail to [email protected] (not my domain or machine name). I also don’t have any affiliation with the secureserver.net domain.

I would start by checking my maillogs and then “sweeping” my machine for likely culprits

grep [email protected] /var/log/mail*

grep -iR [email protected] /etc/ /var/www


grep -iR [email protected] /var/www

there are three grep lines here (I can’t edit my posts)

looking at some other recent posts, I would deduce that you are using the Schmooze fail2ban setup but you have not customized it for yourself.