Email accepted by EXIM when "Remote Mail Exchanger" accidentally set. Where did this mail go?

ttremain

Well-Known Member
Feb 16, 2003
245
2
168
cPanel Access Level
Root Administrator
During some mail and DNS changes the setting "Remote Mail Exchanger" accidentally got set.

/var/log/exim_mainlog shows the server still accepted emails, but they seem to have disappeared, and not gotten delivered anywhere.

We are trying to recover a couple hundred emails.

Any advice where to look would be appreciated!

Thank you!
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,269
313
Houston
If it was accepted by exim you should be able to see the full transaction in those same logs. You can run something like the following for a few of the Message ID's:

Code:
exigrep MID /var/log/exim_mainlog
 

ttremain

Well-Known Member
Feb 16, 2003
245
2
168
cPanel Access Level
Root Administrator
If it was accepted by exim you should be able to see the full transaction in those same logs. You can run something like the following for a few of the Message ID's:

Code:
exigrep MID /var/log/exim_mainlog
Code:
2020-02-26 04:29:05 1j6voH-002Zaq-7y <= [email protected] H=stdel551.appriver.com [8.31.233.163]:63403 P=esmtp S=115562 [email protected] T="SOME SUBJECT" for [email protected]
2020-02-26 04:29:06 1j6voH-002Zaq-7y [8.19.118.108] SSL verify error: certificate name mismatch: DN="/C=US/ST=Florida/L=Gulf Breeze/O=Appriver LLC/OU=Engineering/CN=*.appriver.com" H="domain.com.1.0001.arsmtp.com"
2020-02-26 04:29:06 1j6voH-002Zaq-7y => [email protected] R=dkim_lookuphost T=dkim_remote_smtp H=domain.com.1.0001.arsmtp.com [8.19.118.108] X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no C="250 5018019 message accepted for delivery"
2020-02-26 04:29:06 1j6voH-002Zaq-7y Completed
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,269
313
Houston
This indicates that the mail was accepted by [email protected] for delivery and the transaction completed successfully.

I wouldn't want to go through the entire list but it looks like the mail made it there without issue, are you actually missing some?
 

ttremain

Well-Known Member
Feb 16, 2003
245
2
168
cPanel Access Level
Root Administrator
Glad to hear it, mailservers in cases where the host can't be reached (if configured properly) will retry several times.
The weird thing is, it IS the host. The mail should have gone right into a local mailbox, but did not for some time. Oh well, not repeating this, so maybe it's not something I should worry about discovering the root cause of.