The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim losing mail - You guys are my last hope

Discussion in 'E-mail Discussions' started by wzd, Feb 25, 2007.

  1. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Hey all,

    This is going to be a long post as i've run through quite a few things so far with serversupportguys.com and Cpanel Support. - Without much flaming i must say they've both been pretty useless and most of the hints and tips on how to fix this problem i've been getting from the forum :confused:

    The situation started off with clients complaining about them losing email - We did d a mass upgrade a while back on the live server (Which wasnt a very good idea) and things have been wobbly ever since.

    Trying to find an online support company who does Cpanel (As there is not much Cpanel support in South Africa) has been next to impossible -

    The following issues were identified in logs:

    2007-02-20 12:41:03 DNS list lookup defer (probably timeout) for
    129.155.255.81.relays.ordb.org: assumed not in list
    2007-02-20 12:41:04 1HJUIq-0008jx-2p discarded (system filter)
    2007-02-20 12:41:04 1HJUIq-0008jx-2p Completed
    2007-02-22 08:52:34 1HK9gm-000B12-Kz natalie
    R=virtual_user T=virtual_userdelivery
    2007-02-22 08:52:35 1HK9gm-000B12-Kz Completed
    2007-02-22 08:52:35 1HK9gm-000B0y-Gm => natalie
    R=virtual_sa_user T=virtual_sa_userdelivery
    2007-02-22 08:52:35 1HK9gm-000B0y-Gm Completed
    2007-02-22 08:52:58 DNS list lookup defer (probably timeout) for
    14.116.10.196.relays.ordb.org: assumed not in list
    2007-02-22 08:53:06 1HK9hD-000B1E-6l michelle
    R=virtual_user T=virtual_userdelivery
    2007-02-22 08:53:06 1HK9hD-000B1E-6l Completed
    2007-02-22 08:55:16 no host name found for IP address 196.34.242.139
    2007-02-22 08:55:18 1HK9jR-000B3L-0u discarded (system filter)


    What does the discarded system filter mean and is the host name found issue a RBL or DNS issue?

    I found (in a post on here) that the DNS lookup defer is because the one list isnt working very well so i removed the odbl.org list and the relays.org list from the exim.conf and reloaded this.

    2007-02-25 23:01:51 1HKU9m-000PzM-0T == chris@sharplines.co.za R=virtual_user T=virtual_userdelivery defer (-52): Retry time not yet reached

    We are still seeing these logs in the /var/log/exim/mainlog and we've tried the exim stop and then remove the retry and retry.lock from the exim db directory...


    AFTER i've removed the two entries from the exim.conf i've noticed that this is still appearing in the logs:

    2007-02-25 23:08:24 DNS list lookup defer (probably timeout) for 171.44.232.24.relays.ordb.org: assumed not in list

    STILL getting those messages and the string "ordb" is nowhere to be found in /etc/exim.conf

    2007-02-25 23:02:10 DNS list lookup defer (probably timeout) for 68.32.16.204.relays.ordb.org: assumed not in list
    2007-02-25 23:02:10 1HLSNe-000G3q-Bz <= 03|8|9|hx.zrqqh|_|frd5rsxjs62@message.myspace.com H=vmta01.myspace.com [204.16.32.68] P=esmtp S=2062
    2007-02-25 23:02:10 1HLSNe-000G3q-Bz => schwepps <schwepps@verge.co.za> R=virtual_user T=virtual_userdelivery
    2007-02-25 23:02:10 1HLSNe-000G3q-Bz Completed

    Doesn't this mean that they are, nevertheless, being delivered? ( => and Completed message) :confused:

    ---
    I believe that this lost email might still be a problem. How would i approach diagnosing this as i've tried to reset exim back to it's default settings as you can see advice from Cpanel:

    You should be able to get exim reinstalled with the defaults from cPanel with
    one command, `/scripts/eximup --force` . You may also want to try
    `/scripts/reseteximtodefaults` as well. Let us know if this removes the
    problems and narrows down the source of issues or not.

    Naturally this hasn't removed the problems and clients are still not getting some of the mail.

    Does anyone have any ideas of how this should be approached or ideally what the problem is so far? Furthermore if anyone has a exim config they are using quite well and with all the spam stuff setup (antivirus.exim) which they can upload that would be appreciated as well...

    Sorry about the long post

    Thanks
    Marko
     
  2. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    That error means DNS is returning an entry but the host itself is not responding, hence the timeout part of the error message.
     
  3. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    But is the email still being delivered from this error? => and completed indicate that the email is still being delivered into the mailbox, no?

    How would i fix the DNS list lookup defer and would this be the problem why email is being lost?

    Marko
     
  4. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    2007-02-22 14:11:50 no host name found for IP address 81.255.154.129
    2007-02-22 14:11:50 DNS list lookup defer (probably timeout) for 129.154.255.81.relays.ordb.org: assumed not in list
    2007-02-22 14:11:51 1HKEfm-000FNQ-OH <= amyer@za.loreal.com H=(loreal.com) [81.255.154.129] P=esmtps X=TLSv1:AES256-SHA:256 S=12037 id=772D2E062A03A949A6965BD8742E056801EF63EE@zacorpzaexc1.emea.loreal.intra
    2007-02-22 14:11:51 1HKEfm-000FNQ-OH => discarded (system filter)
    2007-02-22 14:11:51 1HKEfm-000FNQ-OH Completed



    The loreal.com emails are the ones that are having problems coming through --
    We either get that error above or this one:

    2007-02-22 16:32:52 DNS list lookup defer (probably timeout) for 129.154.255.81.relays.ordb.org: assumed not in list
    2007-02-22 16:32:53 1HKGsH-000H4h-07 <= dstanton@za.loreal.com H=(loreal.com) [81.255.154.129] P=esmtps X=TLSv1:AES256-SHA:256 S=199319 id=772D2E062A03A949A6965BD8742E056802007D48@zacorpzaexc1.emea.loreal.intra
    2007-02-22 16:32:56 1HKGsI-000H4l-0L <= dstanton@za.loreal.com U=sharp P=local-bsmtp S=199760 id=772D2E062A03A949A6965BD8742E056802007D48@zacorpzaexc1.emea.loreal.intra
     
  5. tolra

    tolra Active Member

    Joined:
    Mar 4, 2006
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    I'm guessing in your exim configuration you check against black lists and one of those checks is against ordb.org. However ordb.org closed down therefore your server can't find it and so the DNS lookup failure on it.

    Remove ordb.org from your list of checks, it's probably in box 3 of the exim configuration editor.
     
  6. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    It looks like you are facing clamav trouble. Try updating and then look through your clamd.conf

    /usr/local/cpanel/whostmgr/bin/whostmgr2 --updateaddons

    your clamd.conf should have boolean expressions "yes" for items that are uncommented such as

    ScanPE YES
    DetectBrokenExecutables yes
    ScanHTML yes

    You get the idea.

    Then, make sure your exim.conf has the entry for clamd.

    av_scanner = clamd:/var/clamd

    Restart your exim and if you see any boolean errors during startup, just put yes for that entry in your clamd.conf
     
  7. wa4fat

    wa4fat Well-Known Member

    Joined:
    Dec 30, 2001
    Messages:
    51
    Likes Received:
    1
    Trophy Points:
    8
    => discarded (system filter)

    This is obvious, but mentioned never-the-less in case you may have missed it.

    2007-02-22 14:11:51 1HKEfm-000FNQ-OH => discarded (system filter) tells you that this particular email was discarded based on an email ruleset, possibly created by the recipient. In other words, the client may have created an email filter from Control Panel, and the mail matched his filter, and was promptly discarded. Without some forethought, it's easy to create email rules/filters which are way too restrictive.

    This 'system filter' message would also apply if a ruleset in exim.antivirus was matched, so be sure to check there as well.

    Good luck!
     
  8. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Ok firstly
    Code:
    It looks like you are facing clamav trouble. Try updating and then look through your clamd.conf
    
    /usr/local/cpanel/whostmgr/bin/whostmgr2 --updateaddons
    
    Have done this and i am not running ClamAV - Running NOD32 antivirus for the virus check and this seems to be working fine (not receiving any error emails)
    Code:
    
    his 'system filter' message would also apply if a ruleset in exim.antivirus was matched, so be sure to check there as well.
    The client hasn't created any custom email filters, just checked, but i checked /var/log/filter.log and it seems that SOME of the emails that were inbound have been discarded due to "contains spam keywords"

    I've removed the custom filters from antivirus.exim completely. Maybe this might help. Will keep an eye on the incoming logs --

    I'm potentially thinking about reloading the server, how complicated do you guys believe this would be?
     
  9. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Oh additionally, i was unable to find the string ordb.org in the exim.conf at ALL. So i have no idea where it's pulling that from:

    # Check sending hosts against DNS black lists.
    # Accept all locally generated messages
    # Reject message if address listed in blacklist.
    deny message = Message rejected because $sender_fullhost is blacklisted at $dnslist_domain see $dnslist_text :
    !hosts = +relay_hosts
    !authenticated = *
    dnslists = dnsbl.njabl.org : bl.spamcop.net : sbl.spamhaus.org : cbl.abuseat.org :
    # RBL Bypass Local Domain List
    !domains = +rbl_bypass
    # RBL Whitelist incoming hosts
    !hosts = +rbl_whitelist


    That's the dnslists section which i've already removed two of them from

    Additionally: We're seeing quite a bit of these:

    2007-02-26 20:47:23 1HLfOE-000NqO-JH == heidi@sharplines.co.za R=virtual_user T=virtual_userdelivery defer (-52): Retry time not yet reached
    2007-02-26 20:47:23 1HLkVE-0000Ud-J8 == heidi@sharplines.co.za R=virtual_user_spam T=virtual_userdelivery_spam defer (-52): Retry time not yet reached
    2007-02-26 20:47:23 1HKYLH-0003GT-Nb Message is frozen
    2007-02-26 20:47:23 1HLkBR-0000L8-S4 == sharp@coder.devb0x.net R=localuser_spam T=local_delivery_spam defer (-52): Retry time not yet reached
    2007-02-26 20:47:23 1HLmFr-0001Iu-Kr == sharp@coder.devb0x.net R=localuser_spam T=local_delivery_spam defer (-52): Retry time not yet reached
    2007-02-26 20:47:23 1HKUqr-0000Yf-Fw Message is frozen
    2007-02-26 20:47:23 1HLmOr-0001OT-Ki == heidi@sharplines.co.za R=virtual_user_spam T=virtual_userdelivery_spam defer (-52): Retry time not yet reached
    2007-02-26 20:47:23 1HLmdi-0001VN-T6 == karl@sharplines.co.za R=virtual_user T=virtual_userdelivery defer (-52): Retry time not yet reached
    2007-02-26 20:47:24 1HKUZi-0000MW-Ir == heidi@sharplines.co.za R=virtual_user T=virtual_userdelivery defer (-52): Retry time not yet reached

    These emails @ sharplines are quite important accounts and maybe this is why they are also not receiving their email (as they are frozen)
    Delete all messages in Queue | Attempt to Deliver all messages in Queue
    Loading.....
    There are currently 0 messages in the mail queue.

    Any ideas?
     
    #9 wzd, Feb 26, 2007
    Last edited: Feb 26, 2007
  10. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    The "Attempt to deliver all messages in queue" doesn't work properly. You need to drop to the command line and execute:
    Code:
    exim -qff
    
    That will force a delivery attempt for every message. The "Attempt to deliver all messages in queue" function only attempts to deliver those whose retry time has been reached.

    As for the ordb.org issue, obviously it's coming from somewhere. Try doing a
    Code:
    grep -R ordb /etc/*
    
    and see what you get. The only other thing I can think of off-hand is it's being populated from one of the other RBLs, which just seems implausible at the moment....
     
  11. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Ok i've sorted out that issue. It seems that the specific users disk quota in question was over the limit - Suprised that we didnt receive any notifications of disk quota's being reached - Is this standard with Cpanel?

    Thanks for the exim command, forced delivery of the que

    /etc/exim.conf.buildtest:dnslists = dnsbl.njabl.org : bl.spamcop.net : sbl.spamhaus.org : list.dsbl.org : cbl.abuseat.org : relays.ordb.org :
    /etc/exim.conf.cpbak:dnslists = dnsbl.njabl.org : bl.spamcop.net : sbl.spamhaus.org : list.dsbl.org : cbl.abuseat.org : relays.ordb.org :

    Shows up that

    grep: /etc/vmail/passwd.googleappliances.co.za: No such file or directory
    grep: /etc/vmail/shadow.googleappliances.co.za: No such file or directory
    grep: /etc/vmail/passwd.interestinginfo.net: No such file or directory
    grep: /etc/vmail/shadow.interestinginfo.net: No such file or directory
    grep: /etc/vmail/passwd.yakov.co.za: No such file or directory
    grep: /etc/vmail/shadow.yakov.co.za: No such file or directory
    grep: /etc/vmail/passwd.domaintest.com: No such file or directory
    grep: /etc/vmail/shadow.domaintest.com: No such file or directory

    As well as a ton of these entries... Seems to be some broken links of sorts...

    -- Some of the other accounts reporting email loss were well under quota and this is not the issue then...

    Thanks for all the assistance Kenneth :)
    You've been quite helpful :)
     
    #11 wzd, Feb 26, 2007
    Last edited: Feb 26, 2007
  12. picoleto

    picoleto Member

    Joined:
    Aug 8, 2006
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    I can answer the first question.

    cPanel will send a automated email to whoever is listed as the contact owner for that account about the disk space usage for their email account.
     
  13. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Still getting a lot of these errors:

    T=virtual_userdelivery defer (-9): failed to lock mailbox
    /home/sharp/mail/sharplines.co.za/darryl/inbox (lock file)
    2007-02-27 14:19:55 1HM3Aj-000CX2-Cz => darryl R=virtual_sa_user
    T=virtual_sa_userdelivery
    2007-02-27 14:19:55 1HM3Aj-000CX2-Cz Completed

    Chirpy mentioned to use the /scripts/convert2maildir thing. How painfree/complicated is this process as we do not wish to make the server more unstable as it is now...

    T=virtual_userdelivery defer (-22): mailbox is full (MTA-imposed quota exceeded while writing to /home/sharp/mail/sharplines.co.za/heidi/inbox)
    2007-02-27 14:19:40 1HK7Pl-0009QX-SY Message is frozen
    2007-02-27 14:19:40 1HM165-000BSg-0x == heidi@sharp.co.za R=virtual_user T=virtual_userdelivery defer (-52): Retry time not yet reached
    2007-02-27 14:19:40 1HKbhW-0008SB-Sm Message is frozen
    2007-02-27 14:19:40 1HLfTW-000NtQ-MW Message is frozen
    2007-02-27 14:19:40 1HM3Aj-000CX2-Cz Spool file is locked (another process is handling this message)
    2007-02-27 14:19:40 1HK7Hj-0009CV-W6 Message is frozen

    Getting a wide variety of mail errors - quite unusual...

    Still can't find an instance of ordb.org and have no idea where it's pulling this from.

    Wzd
     
  14. xprt5

    xprt5 Well-Known Member

    Joined:
    Apr 6, 2003
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Houston
    Please open a new support ticket and we will gladly take a look at it for you again.
     
  15. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    A new support ticket where? :) With Cpanel?
    I'm still updating my current one and posting on the forum as well.

    I have like 5 tickets open with my data center, serversupport guys another independant support guy and with Cpanel -- and i have this post here...

    I'm just forwarding the critical mail to an offsite server for now otherwise will lose more clients. Looks like we just might reload the server in the next few days if we dont get any resolution...

    Marko
     
  16. xprt5

    xprt5 Well-Known Member

    Joined:
    Apr 6, 2003
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Houston
    Yes, cPanel Support ticket.

    PM me your ticket number and i will take a look at it if you wish.
     
  17. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Gotcha. Opened another ticket and mailed you the information

    Cpanel has tried to do a maildir conversion but the filesystem is a problem as the lincompatfs is far too small it seems to do any kind of porting there..

    Just suprising that not many other users are experiencing the same problems. I'm moving more and more mail to another backup location using mail forwarder for the mails that are causing problems...

    Still getting a crapload of these:

    2007-02-27 20:45:10 1HKBgP-000Cg9-G4 Message is frozen
    2007-02-27 20:45:10 1HK8eP-000AAr-8z Message is frozen
    2007-02-27 20:45:10 1HKb0P-0007zd-8W Message is frozen
    2007-02-27 20:45:10 1HKCcb-000DXC-FB Message is frozen
    2007-02-27 20:45:10 1HM2fb-000CGM-4u Message is frozen
    2007-02-27 20:45:10 1HKAsd-000C57-6B Message is frozen

    I would like to ask whoever is out there if they have ever done a server reload and what operating system? We're currently on FreeBSD but considering moving to another more cpanel friendly operating system ...
    This will require a data backup - reload then cpanel + fantastico reinstall + restoration of data.

    Is there a possibility that the configurations will also be restored and we're back to square one? :mad:

    Thanks
     
    #17 wzd, Feb 27, 2007
    Last edited: Feb 27, 2007
  18. ArbuZz

    ArbuZz Active Member

    Joined:
    Mar 27, 2007
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6

    I've got the same errors and client says messages are not delivered. How I can correct the problem?
     
Loading...

Share This Page