Exim apparently causing delivery failures due to no recipient

I have recently started to notice an odd problem whereby some mail addressed to one domain doesn't get delivered and generates a delivery failure message which is then sent to the default address. I have only noticed this with one domain as all other Cpanel accounts have the default address to :fail:

The default address has been receiving a small number of delivery failure messages that state that the message could not be delivered due to there being no valid To: address, clearly supported by the headers stated within the delivery failure message. Here is an example, with all real email addresses for clarity:

Code:

================================
A message that you sent contained no recipient addresses, and therefore no
delivery could be attempted.

------ This is a copy of your message, including all the headers. ------

To: 
Subject: 
X-origin-From: admin@dev.cupofsugar.com Sun Feb 27 13:12:09 2005
Received: from [209.97.205.177] (helo=webignition.net) 
	by core.webignition.net with esmtpa (Exim 4.44) 
	id 1D5ODN-0005bO-F7 
	for jon1@cupofsugar.com; Sun, 27 Feb 2005 13:12:05 +0000
Subject: Reactivate your account
To: 
To: 
From: admin@dev.cupofsugar.com
Message-ID: <eaae5436ecc63a263365073e36334975@dev.cupofsugar.com>
Content-type: text/plain;
Content-transfer-encoding: 8bit
Date: Sun, 27 Feb 2005 13:12:05 +0000
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: PHP
X-MimeOLE: Produced By phpBB2
X-Webignition-MailScanner-Information: Please contact postmaster@webignition.net for more information
X-Webignition-MailScanner: Found to be clean
X-Webignition-MailScanner-SpamCheck: not spam, SpamAssassin (score=-2.642, 
	required 5, autolearn=not spam, ALL_TRUSTED -2.82, 
	NO_REAL_NAME 0.18)
X-MailScanner-From: admin@dev.cupofsugar.com

[The body of the message then follows. Removed by me as its not relevant]
================================

I initally noticed this with all admin mail sent from a phpBB forum running at dev.cupofsugar.com to anything@cupofsugar.com (both dev.cupofsugar.com and cupofsugar.com being separate Cpanel accounts). After changing the admin email address in the forum from admin@dev.cupofsugar.com the problem no longer persisted and so I left it at that.

However the default address for cupofsugar.com is now getting the odd delivery failure message of the same type for mail sent from external sources.

Using MailWatch, I had a look at the headers of affected messages and, to my surprise, the headers of messages received by Exim are correct but then when Exim tries to deliver the message to the correct local recipient the headers are changed resulting in the To: field being made blank.

Here is an example, with the first set of headers being those of the message received by Exim (viewed through MailWatch) and the second set being those of the message sent on by Exim to the recipient (extracted from the delivery failure message). You will notice that the id is the same in both sets of headers, indicating that it is the same message, however after being processed by Exim the To: field is blanked:

Code:

Received: from [209.97.205.177] (helo=webignition.net)
by core.webignition.net with esmtpa (Exim 4.44)
id 1D5ODN-0005bO-F7
for jon1@cupofsugar.com; Sun, 27 Feb 2005 13:12:05 +0000
Subject: Reactivate your account
To: jon1@cupofsugar.com
Reply-to: admin@dev.cupofsugar.com
From: admin@dev.cupofsugar.com
Message-ID: <eaae5436ecc63a263365073e36334975@dev.cupofsugar.com>
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit
Date: Sun, 27 Feb 2005 13:12:05 +0000
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: PHP
X-MimeOLE: Produced By phpBB2

Immediately following receipt of this message, a message is sent out by Exim to the default address for cupofsugar.com stating that the message could not be delivered due to it not having a valid recipient. The delivery failure message lists the headers as being:

Code:

To:
Subject:
X-origin-From: admin@dev.cupofsugar.com Sun Feb 27 13:12:09 2005
Received: from [209.97.205.177] (helo=webignition.net)
by core.webignition.net with esmtpa (Exim 4.44)
id 1D5ODN-0005bO-F7
for jon1@cupofsugar.com; Sun, 27 Feb 2005 13:12:05 +0000
Subject: Reactivate your account
To:
To:
From: admin@dev.cupofsugar.com
Message-ID: <eaae5436ecc63a263365073e36334975@dev.cupofsugar.com>
Content-type: text/plain;
Content-transfer-encoding: 8bit
Date: Sun, 27 Feb 2005 13:12:05 +0000
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: PHP
X-MimeOLE: Produced By phpBB2
X-Webignition-MailScanner-Information: Please contact postmaster@webignition.net for more information
X-Webignition-MailScanner: Found to be clean
X-Webignition-MailScanner-SpamCheck: not spam, SpamAssassin (score=-2.642,
required 5, autolearn=not spam, ALL_TRUSTED -2.82,
NO_REAL_NAME 0.18)
X-MailScanner-From: admin@dev.cupofsugar.com

Notice the vanishing To: address (and indeed three blankTo: addresses!).

I have more sets of headers showing the same behaviour for messages sent from external sources to something@cupofsugar.com.

The odd thing is that this doesn't happen to all mail and infact only happens very infrequently.

Any suggestions would be greatly appreciated!

 

Thanks for spotting the whitespace, but it just looks like an oddity introduced when posting the details.

When I take a look at the actual headers there is no space at all. Its a shame its nothing that simple!

I've sent chirpy a message and hopefully his knowledge of Exim will save the day!

 

I think I've cracked it

I'm getting the distinct impression, from looking at the Exim logs, that some mail is being picked up by an email filter and piped to a script when it shouldn't be.

I'll check things out and cry in despair if this is not the case!

 

Well odd odd odd

Well I've partially solved it.

Mail was being picked up by an email filter and piped to a script when it shouldn't have been (or more precisely not when I thought it should have been).

Removing the filter stops this from occuring, but the odd thing is that when testing the filter through cpanel using the headers of the messages that were being filtered off when they shouldn't be, the filter tester said it didn't match any filters and stated that the message should be deilvered as normal.

I guess I'll just have to carefully check the filters again and rewrite the regexs.

 

Thanks for the advice Chirpy.

The confusion arose due to a combination of poor regexs in the filters and the output of the PHP script the mail was accidentally being piped to which led to headers convincingly similar to the original.

The script the mail was being piped to is used to clean up mails sent to support email addresses by getting only the plain text part of a message, or textifying HTML formatting, and removing all attachments and then sending the message on to another address. The mail that is then sent on to the relevant support address should appear, headerwise, as close to the original as possible, the point being to make the cleaning process as transparent as possible.

As the headers of the mesage outputted by the script closely remembled the original, I didn't instantly spot what was going on or even consider it. But then when I woke up and checked the exim logs it was pretty clear!