Email filter triggering twice per email

rolinger

Active Member
Feb 13, 2017
33
1
8
Tampa
cPanel Access Level
Root Administrator
I am testing email filters on a specific account. I am sending an email with a specific subject line to trigger the filter. Sending from [email protected] to [email protected].

The filter has two rules:
Rule 1: If subject contains "delivery failed", pipe to program "bouncedEmail.php
Rule 2: if subject contains "delivery failed, route to INBOX of [email protected] (this preserves the original bounce, so we know it happened)

However, our "bouncedEmail.php" is recording the captured contents of the email TWICE in the the log we are outputting content to. Diving deeper as to why its recording TWO entries in the log in the the cPanel "Delivery Report" section we are seeing THREE receipts for the same email. Two of the receipts show the Rule 1 pipe to program, and the the 3rd receipt shows Rule 2 "route to Inbox". I suppose two rules creates two receipts...but why are we getting TWO receipts for Rule 1 - causing double the log output?

I then tested sending an email from an external domain (hotmail) with a subject line that would trigger the filters, and again there were TWO entries in the log, but in the Delivery Report section there were only two receipts (instead of the three in the previous scenario)....one that mentioned Rule 1 and the other mentioned Rule 2 - but somehow the Rule 1 was triggering twice because our log file still records the captured content twice.

In both test cases ([email protected] to [email protected] AND [email protected] to [email protected]) Rule 1 was processing twice. What could be causing this?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,263
313
Houston
Hi @rolinger

Can you increase the logging for exim by either adding in the WHM UI Exim Configuration -> Advanced Configuration Editor -> log_selector = +all or adding the same in /etc/exim.conf.local under the CONFIG section as follows:

Code:
@[email protected]
log_selector = +all
You can leave the other log options there but +all does encompass all of them (when you're done troubleshooting this you may want to go back and just remove the +all to leave the defaults so I usually don't remove the other items)

Once this is enabled send your test message and provide the output here for the transaction in the exim logs at /var/log/exim_mainlog

Please also include the exact rule as listed at /etc/vfilters/domain.tld
 

rolinger

Active Member
Feb 13, 2017
33
1
8
Tampa
cPanel Access Level
Root Administrator
@cPanelLauren - my filters aren't in /etc/vfilters/domain.tld, they are the specific email accounts filter file in /home/myUser/etc/myDomain.com/register/filter. The vfilters/myDomain.com file is empty.

Here is my filter file:
Code:
# Exim filter - auto-generated by cPanel.
#
# Do not manually edit this file; instead, use cPanel APIs to manipulate
# email filters. MANUAL CHANGES TO THIS FILE WILL BE OVERWRITTEN.
#

headers charset "UTF-8"

if not first_delivery and error_message then finish endif

#Bounce Conditions
if
$header_subject: contains "Message Delivery Failure"
or $header_subject: contains "Undeliverable"
then
pipe "php -q /home/myUser/dev/scripts/email/bouncedEmail.php"
endif

#Copy bounce to Inbox
if
$header_subject: contains "Message Delivery Failure"
then
deliver "\"$local_part+INBOX\"@$domain"
endif

Email Log:
Code:
2020-06-29 17:08:56.130 [17144] SMTP connection from [47.200.103.183]:7771 I=[XX.176.22.YY]:465 (TCP/IP connection count= 1)
2020-06-29 17:08:56.276 [19261] no host name found for IP address 47.200.103.183
2020-06-29 17:08:56.276 [19261] list matching forced to fail: failed to find host name for 47.200.103.183
2020-06-29 17:08:56.692 [19261] 1jq11M-00050f-JS <= [email protected] H=(RPOHP) [47.200.103.183]:7771 I=[XX.176.22.YY]:465 P=esmtpsa L- X=TLS1.2:DHE-RSA-AES256-GCM-SHA384:256 CV=no SNI="mail.myDomain.com" A=dovecot_login:[email protected] S=5009 M8S=0 RT=0.087s [email protected] T="Whipster email verification" from <[email protected]> for [email protected]
2020-06-29 17:08:56.711 [19265] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1jq11M-00050f-JS
2020-06-29 17:08:56.792 [19265] 1jq11M-00050f-JS => [email protected] F=<[email protected]> P=<[email protected]> R=send_to_smart_host T=remote_smtp S=5151 H=A2NLvphout-v01.shr.prod.iad2.secureserver.net [198.71.232.2]:25 I=[XX.176.22.YY]:55624 C="250 2.0.0 q11Mj0f4Z6HzB mail accepted for delivery" QT=0.189s DT=0.047s
2020-06-29 17:08:56.792 [19265] 1jq11M-00050f-JS Completed QT=0.189s
2020-06-29 17:08:59.261 [19261] SMTP connection from (RPOHP) [47.200.103.183]:7771 I=[XX.176.22.YY]:465 closed by QUIT
2020-06-29 17:09:58.994 [17144] SMTP connection from [198.71.225.38]:34046 I=[XX.176.22.YY]:25 (TCP/IP connection count = 1)
2020-06-29 17:10:39.973 [19408] 1jq131-000532-3f H=a2nlsmtp01-04.prod.iad2.secureserver.net [198.71.225.38]:34046 I=[XX.176.22.YY]:25 Warning: "SpamAssassin as whipsteradmin detected message as NOT spam (4.5)"
2020-06-29 17:10:39.978 [19408] 1jq131-000532-3f <= <> H=a2nlsmtp01-04.prod.iad2.secureserver.net [198.71.225.38]:34046 I=[XX.176.22.YY]:25 P=esmtps L- X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=11497 M8S=0 RT=0.010s T="Message DeliveryFailure - Mail Delivery System" from <> for [email protected]
2020-06-29 17:10:40.002 [19502] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1jq131-000532-3f
2020-06-29 17:10:40.049 [19502] 1jq131-000532-3f => register+inbox ("register+INBOX"@myDomain.com) <[email protected]> F=<> P=<> R=virtual_user T=dovecot_virtual_delivery S=11886 C="250 2.0.0 <[email protected]>Z+dzAdBY+l4zTAAA9USnCQ Saved" QT=0.935s DT=0.039s
2020-06-29 17:10:40.244 [19502] 1jq131-000532-3f => |php -q /home/myUser/dev/scripts/email/bouncedEmail.php ("register+INBOX"@myDomain.com) <[email protected]> F=<> P=<> R=virtual_user_filter T=jailed_virtual_address_pipe S=11541 QT=1.131s DT=0.194s
2020-06-29 17:10:40.463 [19502] 1jq131-000532-3f => |php -q /home/myUser/dev/scripts/email/bouncedEmail.php <[email protected]> F=<> P=<> R=virtual_user_filter T=jailed_virtual_address_pipe S=11541 QT=1.350s DT=0.218s
2020-06-29 17:10:40.464 [19502] 1jq131-000532-3f Completed QT=1.350s
2020-06-29 17:10:52.336 [17144] SMTP connection from [52.188.150.173]:52036 I=[XX.176.22.YY]:587 (TCP/IP connection count = 2)
2020-06-29 17:10:52.346 [19544] no host name found for IP address 52.188.150.173
2020-06-29 17:10:52.346 [19544] list matching forced to fail: failed to find host name for 52.188.150.173
2020-06-29 17:10:52.346 [19544] list matching forced to fail: failed to find host name for 52.188.150.173
2020-06-29 17:10:52.350 [19544] SMTP protocol error in "AUTH LOGIN" H=(ADMIN) [52.188.150.173]:52036 I=[XX.176.22.YY]:587 AUTH command used when not advertised
2020-06-29 17:10:52.353 [19544] SMTP connection from (ADMIN) [52.188.150.173]:52036 I=[XX.176.22.YY]:587 closed by QUIT
2020-06-29 17:10:52.354 [19544] no MAIL in SMTP connection from (ADMIN) [52.188.150.173]:52036 I=[XX.176.22.YY]:587 D=0.013s C=EHLO,AUTH,QUIT
 
Last edited by a moderator:

rolinger

Active Member
Feb 13, 2017
33
1
8
Tampa
cPanel Access Level
Root Administrator
I then tried collapsing both rules into a single rule with two actions. But it did the same thing, it triggered the pipe to application twice.

New filter:

Code:
# Exim filter - auto-generated by cPanel.
#
# Do not manually edit this file; instead, use cPanel APIs to manipulate
# email filters. MANUAL CHANGES TO THIS FILE WILL BE OVERWRITTEN.
#

headers charset "UTF-8"

if not first_delivery and error_message then finish endif

#Bounce Conditions
if
 $header_subject: contains "Message Delivery Failure"
 or $header_subject: contains "Undeliverable"
then
 pipe "php -q /home/myUser/dev/scripts/email/bouncedEmail.php"
 deliver "\"$local_part+INBOX\"@$domain"
endif
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,263
313
Houston
The first part is fine you're just doing user-level filtering instead of global filtering.

Actually I think it's doing this twice because you're forwarding mail to the other inbox. What happens if you qualify the sender in first part?

Code:
if

$header_subject: contains "Message Delivery Failure"

or $header_subject: contains "Undeliverable"

and $header_to: contains "your identifier here"
 
Last edited:

rolinger

Active Member
Feb 13, 2017
33
1
8
Tampa
cPanel Access Level
Root Administrator
@cPanelLauren - Is there another method to get the email to the Inbox without adding a specific action for it? When setting this up if I didn't put in the "send to Inbox" action the bounced emails wouldn't get delivered. Not certain how adding another filter resolves the issue, all $header_to will be the same with "[email protected]"
 

rolinger

Active Member
Feb 13, 2017
33
1
8
Tampa
cPanel Access Level
Root Administrator
@cPanelLauren - I reversed the order of the actions, route to Inbox was first, pipe second, but it still processed twice. Then I commented out the "route to inbox" action altogether, the pipe got processed once, but the email never delivered to the Inbox. So it def must be related to having two rules or two actions that is causing the pipe to get processed twice. But what I don't understand is if that action is being processed twice, then in theory wouldn't the bounced email be delivered to the Inbox twice as well? But thats not happening.

I changed the "route to inbox" to a new folder "route to Bounces" just to see if it was the "INBOX" that was triggering the pipe twice - but changing the folder did not affect anything as the pipe was still getting processed twice.

I am pretty much out of ideas on how to test this. Every combination I could think of has resulted in the pipe getting processed twice - thus my logs that capture the necessary data are getting double the entries, my database is gets hit twice. Is this a bug?!
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,263
313
Houston
So I'm not asking you to add another filter, I'm asking you to identify just the initial inbound email. The reason I'm suggesting this is I believe because you're forwarding it the transaction happens twice according to exim. If you wanted it sent to two separate inboxes you could do that but having the forward there is going to cause rule processing to happen again.
 

rolinger

Active Member
Feb 13, 2017
33
1
8
Tampa
cPanel Access Level
Root Administrator
@cPanelLauren - Let me clarify the various things I have tested. I didn't add anything, just changed the order and/or where things were going to. In the end, how do I create a filter that A) allows my program to execute and B) delivers the email to the designated folder without having "A" repeat twice.

The following two filters had no impact on the behavior - the pipe program executed twice:
Code:
if not first_delivery and error_messages then finish endif

#Bounce Conditions
if
  $header_subject: contains "Message Delivery Failure"
  or $header_subject: contains "Undeliverable"
then
  pipe "php -q /home/myUser/dev/scripts/email/bouncedEmail.php"
  deliver "\"$local_part+INBOX\"@$domain"
endif

OR, I then reversed the order of the Actions

then
  deliver "\"$local_part+INBOX\"@$domain"
  pipe "php -q /home/myUser/dev/scripts/email/bouncedEmail.php"
endif
In either case, changing "$local_part+INBOX" to "$local_part+BOUNCE", did not fix anything.

Removing the "deliver" action completely in either test filter DID impact things, the pipe program only executed once (the desired outcome) BUT the email was never delivered to the designated folder (not the desired outcome).

Regarding y our comment: The reason I'm suggesting this is I believe because you're forwarding it the transaction happens twice according to exim. If you wanted it sent to two separate inboxes you could do that but having the forward there is going to cause rule processing to happen again.

I don't think this could be the issue, because if it were true, yes it would explain the pipe program firing twice, but it would also deliver/forward a 2nd copy of the email in the designated folder - and thus would trigger the filters again, causing a perpetual loop. And if this were the case, wouldn't the "if not first_delivery and error_messages then finish endif" prevent the filters from triggering again?

It appears this behavior has been seen before, a similar issue: 'Fail with message' shows the error message twice in the return e-mail

I am starting to think this is a bug.
 
Last edited:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,263
313
Houston
I'm showing this working, I don't see evidence of this on my own tests and I've got some questions about the log lines you do see. I'm testing the mail delivery in the cPanel UI with a pipe to a script and a delivery to the inbox of my user.

Here is the filter:
Code:
bounce
if
$header_subject: contains "Message Delivery Failure"
or $header_subject: contains "Undeliverable"
then
pipe "/home/user/public_html/bounced.php"
save "$home/mail/user.net/morticia/" 660
endif
Here is the filter test from the UI:
Code:
 Sub-condition is false: not first_delivery
Condition is false: not first_delivery and error_message
Sub-condition is false: $header_subject: contains Message Delivery Failure
Sub-condition is true: $header_subject: contains Undeliverable
Condition is true: $header_subject: contains Message Delivery Failure or $header_subject: contains Undeliverable
Return-path copied from sender
Sender      = [email protected]
Recipient   = [email protected]
Testing Exim filter file "/home/user/etc/user.net/morticia/filter"

Headers charset "UTF-8"
Pipe message to: /home/user/public_html/bounced.php
Save message to: /home/user/mail/user.net/morticia/ 0660
Filtering set up at least one significant delivery or other action.
No other deliveries will occur.
Here is some data from running the following to test on the command line: exim -d -odf [email protected]

Note that after you hit enter you will see something like the following but for your user:
Code:
At this point you need to enter in the subject line so that it gets caught by the filter:
Type:
Code:
Subject: Undeliverable
Hit enter and it will output: search_tidyup called
Type one period as follows:
Code:
.
Hit enter and it will go through the scanning process.

The portion you want to see is --------> virtual_user_filter router <--------
Code:
set transport virtual_address_pipe
virtual_user_filter router generated |/home/user/public_html/bounced.php
  pipe, file, or autoreply
  errors_to=NULL transport=virtual_address_pipe
  uid=1041 gid=1044 home=/home/user
routed by virtual_user_filter router
  envelope to: [email protected]
  transport: <none>
locking /var/spool/exim/db/retry.lockfile
locked  /var/spool/exim/db/retry.lockfile
EXIM_DBOPEN: file </var/spool/exim/db/retry> dir </var/spool/exim/db> flags=O_RDONLY
returned from EXIM_DBOPEN: 0x12e4d20
opened hints database /var/spool/exim/db/retry: flags=O_RDONLY
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Considering: |/home/user/public_html/bounced.php
unique = |/home/user/public_html/bounced.php:[email protected]
queued for virtual_address_pipe transport
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Considering: /home/user/mail/user.net/morticia/
unique = /home/user/mail/user.net/morticia/:[email protected]
queued for address_directory transport
EXIM_DBCLOSE(0x12e4d20)
closed hints database and lockfile
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
After routing:
  Local deliveries:
    /home/user/mail/user.net/morticia/
    |/home/user/public_html/bounced.php
  Remote deliveries:
  Failed addresses:
  Deferred addresses:
search_tidyup called
>>>>>>>>>>>>>>>> Local deliveries >>>>>>>>>>>>>>>>
It then breaks them down piece by piece:
Code:
changed uid/gid: local delivery to /home/user/mail/user.net/morticia/ </home/user/mail/user.net/morticia/> transport=address_directory
  uid=1041 gid=1044 pid=11923
  auxiliary group list: <none>
  home=/home/user current=/home/user
set_process_info: 11923 delivering 1jr5ef-00035l-Mm to /home/user/mail/user.net/morticia/ using address_directory
address_directory transport entered
direct command:
  argv[0] = '/usr/libexec/dovecot/dovecot-lda'
  argv[1] = '-f'
  argv[2] = '$sender_address'
  argv[3] = '-d'
  argv[4] = '${perl{convert_address_directory_to_dovecot_lda_destination_username}}'
  argv[5] = '-m'
  argv[6] = '${perl{convert_address_directory_to_dovecot_lda_mailbox}}'
direct command after expansion:
  argv[0] = /usr/libexec/dovecot/dovecot-lda
  argv[1] = -f
  argv[2] = [email protected]
  argv[3] = -d
  argv[4] = [email protected]
  argv[5] = -m
  argv[6] = INBOX
Writing message to pipe
writing data block fd=10 size=0 timeout=3600
set_process_info: 11925 reading output from |/usr/libexec/dovecot/dovecot-lda -f $sender_address -d ${perl{convert_address_directory_to_dovecot_lda_destination_username}} -m ${perl{convert_address_directory_to_dovecot_lda_mailbox}}
cannot use sendfile for body: spoolfile not wireformat
writing data block fd=10 size=493 timeout=3600
writing data block fd=10 size=0 timeout=3600
address_directory transport yielded 0
search_tidyup called
journalling /home/user/mail/user.net/morticia/:[email protected]
address_directory transport returned OK for /home/user/mail/user.net/morticia/
post-process /home/user/mail/user.net/morticia/ (0)
LOG: MAIN
  </home/user/mail/user.net/morticia/>: address_directory transport output: lda([email protected]): Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied
/home/user/mail/user.net/morticia/ delivered
LOG: MAIN
  => /home/user/mail/user.net/morticia/ <[email protected]> F=<[email protected]> P=<[email protected]> R=virtual_user_filter T=address_directory S=493 QT=3.920s DT=0.035s
Most Importantly we see this line which says it was delivered without issue to the INBOX:
Code:
address_directory transport returned OK for /home/user/mail/user.net/morticia/
Now we look at the pipe:

Code:
--------> |/home/user/public_html/bounced.php <--------
locking /var/spool/exim/db/retry.lockfile
locked  /var/spool/exim/db/retry.lockfile
EXIM_DBOPEN: file </var/spool/exim/db/retry> dir </var/spool/exim/db> flags=O_RDONLY
returned from EXIM_DBOPEN: 0x12e4d20
opened hints database /var/spool/exim/db/retry: flags=O_RDONLY
dbfn_read: key=T:|/home/user/public_html/bounced.php:[email protected]
no retry record exists
EXIM_DBCLOSE(0x12e4d20)
closed hints database and lockfile
search_tidyup called
changed uid/gid: local delivery to |/home/user/public_html/bounced.php <|/home/user/public_html/bounced.php> transport=virtual_address_pipe
  uid=1041 gid=1044 pid=11926
  auxiliary group list: <none>
  home=/home/user current=/home/user
set_process_info: 11926 delivering 1jr5ef-00035l-Mm to |/home/user/public_html/bounced.php using virtual_address_pipe
virtual_address_pipe transport entered
direct command:
  argv[0] = '/home/user/public_html/bounced.php'
direct command after expansion:
  argv[0] = /home/user/public_html/bounced.php
Writing message to pipe
set_process_info: 11928 reading output from |/home/user/public_html/bounced.php
writing data block fd=11 size=59 timeout=3600
cannot use sendfile for body: spoolfile not wireformat
writing data block fd=11 size=363 timeout=3600
writing data block fd=11 size=1 timeout=3600
virtual_address_pipe transport yielded 0
search_tidyup called
journalling |/home/user/public_html/bounced.php:[email protected]
virtual_address_pipe transport returned OK for |/home/user/public_html/bounced.php
post-process |/home/user/public_html/bounced.php (0)
|/home/user/public_html/bounced.php delivered
[email protected]: children all complete
LOG: MAIN
  => |/home/user/public_html/bounced.php <[email protected]> F=<[email protected]> P=<[email protected]> R=virtual_user_filter T=virtual_address_pipe S=423 QT=3.990s DT=0.067s

Here are the log lines similar to your own except a different transport (just virtual_address_pipe not the jailed version):
Code:
[[email protected] public_html]# exigrep 1jr5ef-00035l-Mm /var/log/exim_mainlog
2020-07-02 15:18:01.534 [11918] cwd=/var/spool/exim 5 args: /usr/sbin/exim -d=0xf7715cfd -odi -Mc 1jr5ef-00035l-Mm

2020-07-02 15:18:01.521 [11889] 1jr5ef-00035l-Mm <= [email protected] U=root P=local S=363 M8S=0 RT=3.755s id*[email protected] T="Undeliverable" from <[email protected]> for [email protected]
2020-07-02 15:18:01.626 [11918] 1jr5ef-00035l-Mm </home/user/mail/user.net/morticia/>: address_directory transport output: lda([email protected]): Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied
2020-07-02 15:18:01.627 [11918] 1jr5ef-00035l-Mm => /home/user/mail/user.net/morticia/ <[email protected]> F=<[email protected]> P=<[email protected]> R=virtual_user_filter T=address_directory S=493 QT=3.920s DT=0.035s
2020-07-02 15:18:01.696 [11918] 1jr5ef-00035l-Mm => |/home/user/public_html/bounced.php <[email protected]> F=<[email protected]> P=<[email protected]> R=virtual_user_filter T=virtual_address_pipe S=423 QT=3.990s DT=0.067s
2020-07-02 15:18:01.696 [11918] 1jr5ef-00035l-Mm Completed QT=3.990s
You can see that I don't have the two pipes to the script and I see the primary difference being in the following:

Code:
2020-06-29 17:10:40.244 [19502] 1jq131-000532-3f => |php -q /home/myUser/dev/scripts/email/bouncedEmail.php ("register+INBOX"@myDomain.com) <[email protected]> F=<> P=<> R=virtual_user_filter T=jailed_virtual_address_pipe S=11541 QT=1.131s DT=0.194s
2020-06-29 17:10:40.463 [19502] 1jq131-000532-3f => |php -q /home/myUser/dev/scripts/email/bouncedEmail.php <[email protected]> F=<> P=<> R=virtual_user_filter T=jailed_virtual_address_pipe S=11541 QT=1.350s DT=0.218s
Note that one is to:

Code:
("register+INBOX"@myDomain.com) <[email protected]>
and the other is to just:

There's something else happening here that is leading the system to believe there are two separate transactions occurring.
  • So in your case I'd say run the debug command I ran.
  • If you're using CloudLinux you might also pull the user out of CageFS and see if the issue still occurs


What I was initially trying to get you to add which I see no evidence you ever did in your responses was something like the following:
Code:
#bounce
if
$header_subject: contains "Message Delivery Failure"
or $header_subject: contains "Undeliverable"
and $header_to: is "[email protected]"
then
pipe "$home/public_html/bounced.php"
deliver "\"$local_part+INBOX\"@$domain"
endif
Rather than the + addressed version as you see in the output above.

I'd also like to request that you stop resurrecting old threads and opening multiple threads for the same issue.
 
Last edited:

rolinger

Active Member
Feb 13, 2017
33
1
8
Tampa
cPanel Access Level
Root Administrator
@cPanelLauren - wow, thats extensive and quite useful. I will step through some of these myself and verify things. However, I might not need to do all that if you can explain to me where "save" comes from? "Save" is not one of the 6 cPanel filters I can choose from - I selected "deliver" as the only applicable drop down choice.

Are there more action beyond the 6 drop down options? That looks to be the key difference between our filters. If you set up for "deliver" I wonder if you would experience the same issue as me. I will be testing the "save" option based on your example here in a bit.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,263
313
Houston
Ahh yea I used the following, I'll screenshot it for you:

Screenshot at Jul 02 14-59-35.png

Then manually selecting the folder path I want it sent it to:
Screenshot at Jul 02 15-06-05.png

Deliver instead of save would indeed start that delivery transaction all over again. It's not necessarily a bug but it will restart the filter matching process. What I do think is unusual is that it requires you do not allow the INBOX line there be modified in any way i.e., /.INBOX which it does automatically which I DO believe is an issue - since cPanel is changing your selection which changes the entire action.

The save line should look like this:

Code:
save "$home/mail/yourdomain.tld/emailuser/" 660
 

rolinger

Active Member
Feb 13, 2017
33
1
8
Tampa
cPanel Access Level
Root Administrator
@cPanelLauren - I tested using the "save" line instead of the "deliver" line and everything worked. Great!.

However, the raw filter file is says "Do Not Manually edit this file, instead use the cPanel API - Manual changes will be overwritten". If thats the case, then how do I add the "save" action? The "save" is NOT an option in the "ACTIONS" dropdown in the GUI. I don't want to risk this filter being overwritten - I need this filter in other locations to and will be automating creating new email accounts with filters pre-added to the new accounts. I need to ensure that using "save" isn't being overwritten by the GUI.

I tested this and sure enough it deleted the "save" action. I manually added it the "save" action via the vi editor, then I edited the filter via the gui - in the gui the "save" action doesn't even show up as a listed action. Then I made a change to the listed rule/action and saved it and back in the raw filter file, the "save" action was now gone.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,263
313
Houston
However, the raw filter file is says "Do Not Manually edit this file, instead use the cPanel API - Manual changes will be overwritten". If thats the case, then how do I add the "save" action? The "save" is NOT an option in the "ACTIONS" dropdown in the GUI. I don't want to risk this filter being overwritten - I need this filter in other locations to and will be automating creating new email accounts with filters pre-added to the new accounts. I need to ensure that using "save" isn't being overwritten by the GUI.

I did show you how to get it set to save in my last response hence the screenshots. You can also use the API:

Code:
uapi --user=username Email store_filter filtername=bounce_actions account=user%40example.com action1=save dest1=/home/mail/yourdomain.tld/emailuser/ action2=pipe dest2=/path/to/script part1=\$header_subject: match1=contains val1=Undeliverable opt1=or part2=\$header_subject match2=contains val2=Message%20Delivery%20Failure
 

rolinger

Active Member
Feb 13, 2017
33
1
8
Tampa
cPanel Access Level
Root Administrator
@cPanelLauren - I wrote out a detailed response and accidentally deleted it. Ugh, will summarize now.

I tested the following:
"Deliver To folder" = "/.INBOX" - writes "deliver" to filter file
"Deliver To folder" = "/Inbox" - writes "save" to filter file
"Deliver To folder" = "Inbox" - writes "save to filter file
= editing this one, shows "Inbox" rewritten to "/Inbox"
"Deliver to folder" = "/.OtherFolder", "/OtherFolder", "OtherFolder" - all write "deliver" to filter file.

Seems to me that they should have a separate GUI dropdown for "Save To Inbox" and remove "Inbox" and "/Inbox" from the "Deliver to Folder" option. Mixing the two easily causes confusion which is what has caused me to chase my tail on this one for over a week. Only allow the "/.FolderName" for the "Deliver to Folder" option.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,263
313
Houston
@cPanelLauren - I wrote out a detailed response and accidentally deleted it. Ugh, will summarize now.

I tested the following:
"Deliver To folder" = "/.INBOX" - writes "deliver" to filter file
"Deliver To folder" = "/Inbox" - writes "save" to filter file
"Deliver To folder" = "Inbox" - writes "save to filter file
= editing this one, shows "Inbox" rewritten to "/Inbox"
"Deliver to folder" = "/.OtherFolder", "/OtherFolder", "OtherFolder" - all write "deliver" to filter file.

Seems to me that they should have a separate GUI dropdown for "Save To Inbox" and remove "Inbox" and "/Inbox" from the "Deliver to Folder" option. Mixing the two easily causes confusion which is what has caused me to chase my tail on this one for over a week. Only allow the "/.FolderName" for the "Deliver to Folder" option.
I agree with you, I'm actually opening a case on this since i don't think that this changing automatically is the intended behavior. I'll update here with the internal case ID when I have it open.