diff --git a/CHANGES b/CHANGES
index 7f26163fd..3727412a2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1575,4 +1575,5 @@
 * Ensure MySQL is storing data/time in UTC
 * Fix bug where the UI redirects to login screen when enabling 2FA with invalid token
 * Use unbound resolver when resolving NS record of a domain
+* Various fixes for notifications
 
diff --git a/src/auditsource.js b/src/auditsource.js
new file mode 100644
index 000000000..26d54a9bd
--- /dev/null
+++ b/src/auditsource.js
@@ -0,0 +1,5 @@
+'use strict';
+
+exports = module.exports = {
+    CRON:  { userId: null, username: 'cron' }
+};
diff --git a/src/cron.js b/src/cron.js
index 34fb1b8ab..5eac2bdee 100644
--- a/src/cron.js
+++ b/src/cron.js
@@ -13,6 +13,7 @@ var appHealthMonitor = require('./apphealthmonitor.js'),
     apps = require('./apps.js'),
     appstore = require('./appstore.js'),
     assert = require('assert'),
+    auditSource = require('./auditsource.js'),
     backups = require('./backups.js'),
     caas = require('./caas.js'),
     cloudron = require('./cloudron.js'),
@@ -50,7 +51,6 @@ var gJobs = {
 };
 
 var NOOP_CALLBACK = function (error) { if (error) debug(error); };
-var AUDIT_SOURCE = { userId: null, username: 'cron' };
 
 // cron format
 // Seconds: 0-59
@@ -120,7 +120,7 @@ function recreateJobs(tz) {
     if (gJobs.backup) gJobs.backup.stop();
     gJobs.backup = new CronJob({
         cronTime: '00 00 */6 * * *', // check every 6 hours
-        onTick: backups.ensureBackup.bind(null, AUDIT_SOURCE, NOOP_CALLBACK),
+        onTick: backups.ensureBackup.bind(null, auditSource.CRON, NOOP_CALLBACK),
         start: true,
         timeZone: tz
     });
@@ -164,7 +164,7 @@ function recreateJobs(tz) {
     if (gJobs.cleanupBackups) gJobs.cleanupBackups.stop();
     gJobs.cleanupBackups = new CronJob({
         cronTime: '00 45 */6 * * *', // every 6 hours. try not to overlap with ensureBackup job
-        onTick: backups.startCleanupTask.bind(null, AUDIT_SOURCE, NOOP_CALLBACK),
+        onTick: backups.startCleanupTask.bind(null, auditSource.CRON, NOOP_CALLBACK),
         start: true,
         timeZone: tz
     });
@@ -196,7 +196,7 @@ function recreateJobs(tz) {
     if (gJobs.certificateRenew) gJobs.certificateRenew.stop();
     gJobs.certificateRenew = new CronJob({
         cronTime: '00 00 */12 * * *', // every 12 hours
-        onTick: cloudron.renewCerts.bind(null, {}, AUDIT_SOURCE, NOOP_CALLBACK),
+        onTick: cloudron.renewCerts.bind(null, {}, auditSource.CRON, NOOP_CALLBACK),
         start: true,
         timeZone: tz
     });
@@ -234,7 +234,7 @@ function boxAutoupdatePatternChanged(pattern) {
             var updateInfo = updateChecker.getUpdateInfo();
             if (updateInfo.box) {
                 debug('Starting autoupdate to %j', updateInfo.box);
-                updater.updateToLatest(AUDIT_SOURCE, NOOP_CALLBACK);
+                updater.updateToLatest(auditSource.CRON, NOOP_CALLBACK);
             } else {
                 debug('No box auto updates available');
             }
@@ -260,7 +260,7 @@ function appAutoupdatePatternChanged(pattern) {
             var updateInfo = updateChecker.getUpdateInfo();
             if (updateInfo.apps) {
                 debug('Starting app update to %j', updateInfo.apps);
-                apps.autoupdateApps(updateInfo.apps, AUDIT_SOURCE, NOOP_CALLBACK);
+                apps.autoupdateApps(updateInfo.apps, auditSource.CRON, NOOP_CALLBACK);
             } else {
                 debug('No app auto updates available');
             }
@@ -279,7 +279,7 @@ function dynamicDnsChanged(enabled) {
     if (enabled) {
         gJobs.dynamicDns = new CronJob({
             cronTime: '00 */10 * * * *',
-            onTick: dyndns.sync,
+            onTick: dyndns.sync.bind(null, auditSource.CRON, NOOP_CALLBACK),
             start: true,
             timeZone: gJobs.boxUpdateCheckerJob.cronTime.zone // hack
         });
diff --git a/src/dyndns.js b/src/dyndns.js
index e03fd03c8..c895f6f3e 100644
--- a/src/dyndns.js
+++ b/src/dyndns.js
@@ -6,6 +6,7 @@ exports = module.exports = {
 
 var appdb = require('./appdb.js'),
     apps = require('./apps.js'),
+    assert = require('assert'),
     async = require('async'),
     config = require('./config.js'),
     constants = require('./constants.js'),
@@ -16,11 +17,10 @@ var appdb = require('./appdb.js'),
     safe = require('safetydance'),
     sysinfo = require('./sysinfo.js');
 
-var NOOP_CALLBACK = function (error) { if (error) debug(error); };
-
 // called for dynamic dns setups where we have to update the IP
-function sync(callback) {
-    callback = callback || NOOP_CALLBACK;
+function sync(auditSource, callback) {
+    assert.strictEqual(typeof auditSource, 'object');
+    assert.strictEqual(typeof callback, 'function');
 
     sysinfo.getPublicIp(function (error, ip) {
         if (error) return callback(error);
@@ -51,7 +51,7 @@ function sync(callback) {
 
                     debug('refreshDNS: updated apps');
 
-                    eventlog.add(eventlog.ACTION_DYNDNS_UPDATE, { userId: null, username: 'cron' }, { fromIp: info.ip, toIp: ip });
+                    eventlog.add(eventlog.ACTION_DYNDNS_UPDATE, auditSource, { fromIp: info.ip, toIp: ip });
                     info.ip = ip;
                     safe.fs.writeFileSync(paths.DYNDNS_INFO_FILE, JSON.stringify(info), 'utf8');
 
diff --git a/src/notifications.js b/src/notifications.js
index cc9fb08db..5b5ea5832 100644
--- a/src/notifications.js
+++ b/src/notifications.js
@@ -343,8 +343,8 @@ function onEvent(id, action, source, data, callback) {
         return certificateRenewalError(id, data.domain, data.errorMessage, callback);
 
     case eventlog.ACTION_BACKUP_FINISH:
-        if (!data.errorMessage) return callback();
-        return backupFailed(id, data.taskId, data.errorMessage, callback);
+        if (!data.errorMessage || source.username !== 'cron') return callback();
+        return backupFailed(id, data.taskId, data.errorMessage, callback); // only notify for automated backups
 
     default:
         return callback();