The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

e-mails cause a problem in non-trivial(inc.RegEx) cPanel/Exim

Discussion in 'E-mail Discussions' started by OldB, Aug 15, 2015.

  1. OldB

    OldB Member

    Joined:
    Jan 5, 2015
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Approx. a week ago I started to get deferred e-mail deliveries stacked with a message "internal problem in central_filter router" - full text below. When I investigated - almost all of them were delivered from mail-random-id.outbound.protection.outlook.com.

    When I eventually got a full set of headers for some e-mails (9K+!) and ran them through the cPanel Filter Trace facility the tool didn't complete:
    1. it didn't summarise what matched and what didn't at the start
    2. there was a trace shown for a very simple RegEx filter shown as the first filter - although that should have matched it simply ended with "**** debug string too long - truncated ****"
    3. as it's very last message was: "**** debug string too long - truncated ****" then the start of a RegEx:

    Pattern = ((to|cc): | from (.|\n)*smtp(.|\n)*((( )+|\t)for ))<?((majordomo|uucp|root|fax|scans))\@(domain1|domain2|etc)\.(me|com?|org)(\.uk)?

    That was it - no mention about the actions or the usual:

    Filtering set up at least one significant delivery or other action.
    No other deliveries will occur.

    FYI when I looked at a few headers they were pretty huge - e.g. over 9k in 1 e-mail - a couple of very long ones shown below.

    When I change the very first filter to NOT be a RegEx *that matches* - the filter trace works AND IT has a proper trace start and end as I describe above.

    Is there a storage limit to the RegEx processor in Exim?

    Any ideas - either possible fixes or how to investigate further... Old B...

    Examples of those long headers - their lengths: 933 , 811 - given below.

    Code:
    X-Microsoft-Exchange-Diagnostics:1;AM3PR07MB0520;2:MI4+9YKC0hXJE9uZ/RLUt1PxSeuKlhcneEJiQ5wFpCWYu3XTtVYJylfWtKCegeEuBeyIkYLH4jKG4xVF1GbaH7tAqm7U0uoK3qA1XlXsVhoh0SXKEsyfxbCjCVC1ODmFrmL4FjvqtB8zOULfTliD2patUa1Z/XJQ9cXdGcKdArM=;3:VrY/7S6Oky2ARH4acKhZQYWCggG1fWSqr3ulNWzznj3gENIhfxGz52t3IOLHgqsZa4v4hQJ93UT5lqnvBbHr4JYzBNNfMYfQgvk1EA3DQqUtGOzjCZhwdZ80gTlkNyZBMK/VkyUJUz3fz63sRyLQKA==;25:8vYXCzOQh6BUtSTmsYoaekmk57n+0xj6IH8JVTmIDhACS6Sxvb6sVOxsljeXvhTb2EiPHSUUgN+ouRceFVB8+Th/9swmKcyeaT2tfYJG2SippY2lPkUpCv8rJo0km228chpLn6KADXVFtyMO5x8MgtPYe2jwMOCu5A5SMqXZ+UwtJmEBU9CfTEVUq8yEmVS4utUCkuhnnqx0xcVsZ5U5ILfNS9ByJPqCVA/lfyhmVr3TAhQTkkz87ZnP43d7DkhqKxoO7NRNiwYP7oNJzyDzgg==;4:J5cQRBIM+kw4Waxf/SJNpB8MLTdQd4JcH0/vNhTlxeA5UaRfiR7Qj5WbDtLvQrlVAW+vK5G9qmCGl0mO+6FaRmiOH4VJvc7Gb6ahYfKUxI/D91VhkcU7yoZsOV1yrGqSbXfFJk3NWc2dtadVKe9xf8ZkAECe9G7+SnYn5maFeYW6akNthDHbvM4OB4On4aN8iPIQOgT6NcfneAUGdH+rA8UDer0yO67Zh0gVT60QKvA7oMN4c7tl1g219kYbonUZ6PKAnI10a2oP4Z2c9RycQdvuIy/InOXakpkAY+gSGAY=
    X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(52604005)(199003)(71364002)(189002)(40100003)(19300405004)(46102003)(33646002)(105586002)(61296003)(97736004)(575784001)(19627595001)(84326002)(16236675004)(110136002)(5005140100001)(5001960100002)(81156007)(36756003)(5001830100001)(19617315012)(50986999)(96836002)(5001860100001)(19625215002)(42186005)(18717965001)(2950100001)(71636004)(77096005)(2656002)(76176999)(84116002)(16601075003)(68736005)(15975445007)(101416001)(66066001)(84392001)(72586001)(86362001)(102836002)(189998001)(92566002)(87976001)(50226001)(19580395003)(106356001)(77156002)(19580405001)(14726001)(4001540100001)(17760045003)(64706001)(18206015028)(512934002)(122386002)(62966003)(221733001)(7099028)(42262002);DIR:OUT;SFP:1102;SCL:1;SRVR:AM3PR07MB0520;H:LizPC;FPR:;SPF:None;PTR:InfoNoRecords;A:0;MX:1;LANG:en;
    
    
    I am a reseller but not a direct client of CPanel, Exim or WHM. I do not have root access but I have a responsive hosting service who have already run an Exim command as root for me to repeat the problem but I don't want to take too much of their time as the filters are created by me - so *if* the problem is my work then it is "my problem".

    What follows is the message in cPanel / WHM as the Result in "Mail delivery reports":
    internal problem in central_filter router (recipient is localpart@domain.co.uk): failure to transfer data from subprocess: status=000b readerror='Success'
     
    #1 OldB, Aug 15, 2015
    Last edited by a moderator: Aug 15, 2015
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you let us know the specific entry found in /var/log/exim_mainlog by your hosting provider when this occurs?

    Thank you.
     
  3. OldB

    OldB Member

    Joined:
    Jan 5, 2015
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    I *think* that the first part of what support gave me was a manual test
    I haven't included the repetition (deferred 20? times) of the 2nd part of this message as they are all the same.
    The very first line is from support...
    Code:
    These are all logs related to the message ID provided,
    -------------
    2015-08-13 11:38:41 1ZPpuD-003Mza-Mo <= RemoteLocalSender@btconnect.com H=mail-db3on0137.outbound.protection.outlook.com (emea01-db3-obe.outbound.protection.outlook.com) [157.55.234.137]:35328 P=esmtps X=TLSv1:AES256-SHA:256 S=49226 id=6A7FB3296E8B404C8F367B0FF32C6747@GedPC T="Re: Replacing your PC - steps to resolve/progress" for LocalRecip@LocalDom.co.uk
    2015-08-13 11:38:41 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1ZPpuD-003Mza-Mo
    .
    and just before I replaced the RegEx with a contains when it was then delivered:
    2015-08-15 09:56:34 1ZPpuD-003Mza-Mo internal problem in central_filter router (recipient is LocalRecip@LocalDom.co.uk): failure to transfer data from subprocess: status=000b readerror='Success'
    2015-08-15 09:56:34 1ZPpuD-003Mza-Mo == LocalRecip@LocalDom.co.uk <LocalRecip@LocalDom.co.uk> R=central_filter defer (-1): internal problem in central_filter router (recipient is LocalRecip@LocalDom.co.uk): failure to transfer data from subprocess: status=000b readerror='Success'
    I cut+paste the title line but it was truncated - it did have 'filtering - I can't tell which' at the end.

    Just to be clear:
    (1) If I make the 1st filter an IF "Any Header *contains* 'outbound.protection.outlook.com'" THEN Deliver to (Pending) Folder then there are no filter errors. When it was a v.simple equivalent Regex it failed as above.
    (2) For many months I have had thousands of e-mails a day that use one or more of several filters (inc. multiple RegEx) that I have written without a problem
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  5. OldB

    OldB Member

    Joined:
    Jan 5, 2015
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    From hosting support:
    No, we do not have any custom rules for spam filtering inside the server, we manage all spam filtering via Spamexperts only.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I suggest consulting with your hosting provider and having them open a support ticket with us if they are unable to determine the cause of the problem. There's not much further we can investigate without root access to the system.

    Thank you.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Were you able to get in touch with your hosting provider to have them take a closer look? I look forward to your response.

    Thank you.
     
Loading...

Share This Page