The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim apparently causing delivery failures due to no recipient

Discussion in 'General Discussion' started by webignition, Feb 27, 2005.

  1. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    I have recently started to notice an odd problem whereby some mail addressed to one domain doesn't get delivered and generates a delivery failure message which is then sent to the default address. I have only noticed this with one domain as all other Cpanel accounts have the default address to :fail:

    The default address has been receiving a small number of delivery failure messages that state that the message could not be delivered due to there being no valid To: address, clearly supported by the headers stated within the delivery failure message. Here is an example, with all real email addresses for clarity:

    Code:
    ================================
    A message that you sent contained no recipient addresses, and therefore no
    delivery could be attempted.
    
    ------ This is a copy of your message, including all the headers. ------
    
    To: 
    Subject: 
    X-origin-From: admin@dev.cupofsugar.com Sun Feb 27 13:12:09 2005
    Received: from [209.97.205.177] (helo=webignition.net) 
    	by core.webignition.net with esmtpa (Exim 4.44) 
    	id 1D5ODN-0005bO-F7 
    	for jon1@cupofsugar.com; Sun, 27 Feb 2005 13:12:05 +0000
    Subject: Reactivate your account
    To: 
    To: 
    From: admin@dev.cupofsugar.com
    Message-ID: <eaae5436ecc63a263365073e36334975@dev.cupofsugar.com>
    Content-type: text/plain;
    Content-transfer-encoding: 8bit
    Date: Sun, 27 Feb 2005 13:12:05 +0000
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: PHP
    X-MimeOLE: Produced By phpBB2
    X-Webignition-MailScanner-Information: Please contact postmaster@webignition.net for more information
    X-Webignition-MailScanner: Found to be clean
    X-Webignition-MailScanner-SpamCheck: not spam, SpamAssassin (score=-2.642, 
    	required 5, autolearn=not spam, ALL_TRUSTED -2.82, 
    	NO_REAL_NAME 0.18)
    X-MailScanner-From: admin@dev.cupofsugar.com
    
    [The body of the message then follows. Removed by me as its not relevant]
    ================================
    I initally noticed this with all admin mail sent from a phpBB forum running at dev.cupofsugar.com to anything@cupofsugar.com (both dev.cupofsugar.com and cupofsugar.com being separate Cpanel accounts). After changing the admin email address in the forum from admin@dev.cupofsugar.com the problem no longer persisted and so I left it at that.

    However the default address for cupofsugar.com is now getting the odd delivery failure message of the same type for mail sent from external sources.

    Using MailWatch, I had a look at the headers of affected messages and, to my surprise, the headers of messages received by Exim are correct but then when Exim tries to deliver the message to the correct local recipient the headers are changed resulting in the To: field being made blank.

    Here is an example, with the first set of headers being those of the message received by Exim (viewed through MailWatch) and the second set being those of the message sent on by Exim to the recipient (extracted from the delivery failure message). You will notice that the id is the same in both sets of headers, indicating that it is the same message, however after being processed by Exim the To: field is blanked:

    Code:
    Received: from [209.97.205.177] (helo=webignition.net)
    by core.webignition.net with esmtpa (Exim 4.44)
    id 1D5ODN-0005bO-F7
    for jon1@cupofsugar.com; Sun, 27 Feb 2005 13:12:05 +0000
    Subject: Reactivate your account
    To: jon1@cupofsugar.com
    Reply-to: admin@dev.cupofsugar.com
    From: admin@dev.cupofsugar.com
    Message-ID: <eaae5436ecc63a263365073e36334975@dev.cupofsugar.com>
    MIME-Version: 1.0
    Content-type: text/plain; charset=iso-8859-1
    Content-transfer-encoding: 8bit
    Date: Sun, 27 Feb 2005 13:12:05 +0000
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: PHP
    X-MimeOLE: Produced By phpBB2
    Immediately following receipt of this message, a message is sent out by Exim to the default address for cupofsugar.com stating that the message could not be delivered due to it not having a valid recipient. The delivery failure message lists the headers as being:

    Code:
    To:
    Subject:
    X-origin-From: admin@dev.cupofsugar.com Sun Feb 27 13:12:09 2005
    Received: from [209.97.205.177] (helo=webignition.net)
    by core.webignition.net with esmtpa (Exim 4.44)
    id 1D5ODN-0005bO-F7
    for jon1@cupofsugar.com; Sun, 27 Feb 2005 13:12:05 +0000
    Subject: Reactivate your account
    To:
    To:
    From: admin@dev.cupofsugar.com
    Message-ID: <eaae5436ecc63a263365073e36334975@dev.cupofsugar.com>
    Content-type: text/plain;
    Content-transfer-encoding: 8bit
    Date: Sun, 27 Feb 2005 13:12:05 +0000
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: PHP
    X-MimeOLE: Produced By phpBB2
    X-Webignition-MailScanner-Information: Please contact postmaster@webignition.net for more information
    X-Webignition-MailScanner: Found to be clean
    X-Webignition-MailScanner-SpamCheck: not spam, SpamAssassin (score=-2.642,
    required 5, autolearn=not spam, ALL_TRUSTED -2.82,
    NO_REAL_NAME 0.18)
    X-MailScanner-From: admin@dev.cupofsugar.com

    Notice the vanishing To: address (and indeed three blankTo: addresses!).

    I have more sets of headers showing the same behaviour for messages sent from external sources to something@cupofsugar.com.

    The odd thing is that this doesn't happen to all mail and infact only happens very infrequently.

    Any suggestions would be greatly appreciated!
     
  2. easyhoster1

    easyhoster1 Well-Known Member

    Joined:
    Sep 25, 2003
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    16
    Looks like a white space in the message ID

    Message-ID: <eaae5436ecc63a263365073e36334975@dev.cupofsugar.co m>

    .co m>

    should be .com>

    You may want to pm chirpy, he knows his way around exim pretty good.
     
    #2 easyhoster1, Feb 27, 2005
    Last edited: Feb 27, 2005
  3. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    Thanks for spotting the whitespace, but it just looks like an oddity introduced when posting the details.

    When I take a look at the actual headers there is no space at all. Its a shame its nothing that simple!

    I've sent chirpy a message and hopefully his knowledge of Exim will save the day!
     
  4. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    I think I've cracked it

    I'm getting the distinct impression, from looking at the Exim logs, that some mail is being picked up by an email filter and piped to a script when it shouldn't be.

    I'll check things out and cry in despair if this is not the case!
     
  5. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    Well odd odd odd

    Well I've partially solved it.

    Mail was being picked up by an email filter and piped to a script when it shouldn't have been (or more precisely not when I thought it should have been).

    Removing the filter stops this from occuring, but the odd thing is that when testing the filter through cpanel using the headers of the messages that were being filtered off when they shouldn't be, the filter tester said it didn't match any filters and stated that the message should be deilvered as normal.

    I guess I'll just have to carefully check the filters again and rewrite the regexs.
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Guess I'm a bit late getting here :) I've seen some oddities when using piping and filtering together. Something that might help is that if instead of piping within the filter (if that is what you are doing), is to forward regex matches to a different email address on the domain only. Then setup a forwarder that pipes to the script that you want. It helps separate out the two functions so that you can perhaps better tell where the problem lies. If you're already doing that, ignore me ;)
     
  7. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    Thanks for the advice Chirpy.

    The confusion arose due to a combination of poor regexs in the filters and the output of the PHP script the mail was accidentally being piped to which led to headers convincingly similar to the original.

    The script the mail was being piped to is used to clean up mails sent to support email addresses by getting only the plain text part of a message, or textifying HTML formatting, and removing all attachments and then sending the message on to another address. The mail that is then sent on to the relevant support address should appear, headerwise, as close to the original as possible, the point being to make the cleaning process as transparent as possible.

    As the headers of the mesage outputted by the script closely remembled the original, I didn't instantly spot what was going on or even consider it. But then when I woke up and checked the exim logs it was pretty clear!
     
Loading...

Share This Page