SOLVED bounce spam issue

[chengkinhung]

Hi everybody,

I had worked hard to stop spam mails in my cPanel sever, thanks for the cPanel's good feature, I had drop lots of incoming and outgoing spam mails, but recently I found one situation that cPanel can not handle well. That is because some of spam mails sent to non-exist email account, and client domain setup "drop spam mail to spam-box", the cPanel system detected it as spam successfully, but failed to delivery it to spam-box and bounce back to the sender. We found hundreds this kind of spam mails every day.

My question is, why don't cPanel delivery this spam mail to default account, why delivery it to spam-box ?

Here is the one of exim SMTP logs:

2021-08-11 06:49:01 1mDaYQ-002QHd-Qk H=(hotmail.com) [27.189.131.162]:52834 Warning: Message has been scanned: no virus or other harmful content was found
2021-08-11 06:49:04 1mDaYQ-002QHd-Qk H=(hotmail.com) [27.189.131.162]:52834 Warning: "SpamAssassin as USERNAME detected message as spam (40.3)"
2021-08-11 06:49:04 1mDaYQ-002QHd-Qk <= [email protected] H=(hotmail.com) [27.189.131.162]:52834 P=esmtp S=3445 T="\325\346\266\220\306\2611353O236312" for [email protected]
2021-08-11 06:49:04 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1mDaYQ-002QHd-Qk
2021-08-11 06:49:04 1mDaYQ-002QHd-Qk ** [email protected] <[email protected]> R=virtual_user T=dovecot_virtual_delivery: LMTP error after RCPT TO:<[email protected]>: 550 5.1.1 <[email protected]> User doesn't exist: [email protected]
2021-08-11 06:49:04 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1mDaYQ-002QHd-Qk
2021-08-11 06:49:08 1mDaYS-002QIA-FH U=mailnull Warning: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as NOT spam (0.0)"
2021-08-11 06:49:08 1mDaYS-002QIA-FH <= <> R=1mDaYQ-002QHd-Qk U=mailnull P=local S=4783 T="Mail delivery failed: returning message to sender" for [email protected]
2021-08-11 06:49:08 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1mDaYS-002QIA-FH
2021-08-11 06:49:08 1mDaYQ-002QHd-Qk Completed
2021-08-11 06:49:08 1mDaYS-002QIA-FH Sender identification U=mailnull D=-system- S=mailnull
2021-08-11 06:49:10 1mDaYS-002QIA-FH ** [email protected] R=dkim_lookuphost T=dkim_remote_smtp H=hotmail-com.olc.protection.outlook.com [104.47.57.161] X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes: SMTP error from remote mail server after RCPT TO:<[email protected]>: 550 5.5.0 Requested action not taken: mailbox unavailable (S2017062302).
2021-08-11 06:49:10 1mDaYS-002QIA-FH Frozen (delivery error message)

 

[sahostking]

Check under tweak settings to see if "Initial default/catch-all forwarder destination" is set to fail. That may help.

 

[cPRex]

It seems there may be more going on the message is ended up in a Frozen state. It might be a good idea to submit a ticket to our team so we can check the server and make sure everything is working well.

 

[chengkinhung]

Check under tweak settings to see if "Initial default/catch-all forwarder destination" is set to fail. That may help.

Hi,

@sahostking , thanks for your reply. Yes, my "Initial default/catch-all forwarder destination" set to Blackhole . I do not think this option cause this issue.

@cPRex, thanks, the Frozen state is another old issue, I had opened ticket but can not solve. Thanks any way.

 

[chengkinhung]

Hi everyone, @sahostking , @cPRex , I am very sorry for my mistake, this issue do not cause by cPanel designed feature. This email account do not exist but somehow the mail path(/home/USERNAME/mail/DOMAIN.COM/general/) still exist. I guest client deleted this email account but some other error happened when removing this maildir. I am tried to delete this maildir manually and now the SPAM drop to default address. Thanks everyone.

 

[cPRex]

I'm glad you were able to get that resolved!