The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

:fail: still generates a "Mail delivery failed..." return email

Discussion in 'E-mail Discussions' started by dev.null, Dec 20, 2007.

  1. dev.null

    dev.null Well-Known Member

    Joined:
    May 27, 2003
    Messages:
    75
    Likes Received:
    1
    Trophy Points:
    6
    Chirpy's site recommends to not use :blackhole:, rather :fail: and for some very good reasons. I can't figure out why it's not working for me. (see Chirpy's reasoning)

    I double-checked all my domains in /etc/valiases and made sure the default was set to fail (i.e. the line reads "*: :fail:").

    I look in exim's queue and see a huge number of emails (like 1,000+ out of 1,300 emails) that look like this in the logs:

    1J5FS2-0005pf-PR looks like this in exim -bp:

    Code:
     0m  1.9K 1J5FS2-0005pf-PR <>
              garelliyncry@xratedhost.com
    
    so I look it up in the logs:

    Code:
    [/var/log]# grep 1J5FS2-0005pf-PR exim_mainlog
    2007-12-20 01:04:14 1J5FS2-0005pf-PR <= <> R=1J5FS2-0005oE-Bn U=mailnull P=local S=1968 T="Mail delivery failed: returning message to sender"
    2007-12-20 01:04:14 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1J5FS2-0005pf-PR
    2007-12-20 01:04:15 1J5FS2-0005pf-PR xratedhost.com [82.98.86.170] Connection refused
    2007-12-20 01:04:15 1J5FS2-0005pf-PR == garelliyncry@xratedhost.com R=lookuphost T=remote_smtp defer (111): Connection refused
    
    OK, so this email was generated by another email that is a mail delivery fail, message 1J5FS2-0005oE-Bn, so I look at this one in the log:

    Code:
     [/var/log]# grep 1J5FS2-0005oE-Bn exim_mainlog
    2007-12-20 01:04:14 1J5FS2-0005oE-Bn <= garelliyncry@xratedhost.com H=pool-71-97-163-95.aubnin.dsl-w.verizon.net [71.97.163.95] P=esmtp S=1097 id=C2480C66.31BA5554@xratedhost.com T="ugoropaz"
    2007-12-20 01:04:14 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1J5FS2-0005oE-Bn
    2007-12-20 01:04:14 1J5FS2-0005oE-Bn ** morgan@ALocalDomain.com R=virtual_aliases:
    2007-12-20 01:04:14 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1J5FS2-0005oE-Bn
    2007-12-20 01:04:14 1J5FS2-0005pf-PR <= <> R=1J5FS2-0005oE-Bn U=mailnull P=local S=1968 T="Mail delivery failed: returning message to sender"
    2007-12-20 01:04:14 1J5FS2-0005oE-Bn Completed
    
    According to Chirpy's recommendation the local account check is suppose to happen while the remote server is still on the line, before we receive the email. It doesn't seem like that's what's happening with my exim, it appears it receives the email and then realizing it can't deliver locally decides to create the rejection email. I verified that <ALocalDomain.com> /etc/valias file has the *: :fail: instruction in it, and there is no "morgan" account on that domain.

    I've attached my exim.conf for your viewing pleasure. If there's already a thread on this, please just post the link.

    Thanks In Advance!

    P.S. This problem seemed to start exactly on the 12th. Maybe there was a cpanel update that messed up exim.conf?
     

    Attached Files:

  2. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
    2007-12-20 01:04:14 1J5FS2-0005oE-Bn ** morgan@ALocalDomain.com R=virtual_aliases:

    sure this address doesnt have a forwarder alias?
     
  3. dev.null

    dev.null Well-Known Member

    Joined:
    May 27, 2003
    Messages:
    75
    Likes Received:
    1
    Trophy Points:
    6
    100% sure. I just double-checked since you're asking.

    Look, the flow seems obvious. Email comes in for an account that doesn't exist and exim decideds to "fail" it and send a "fail" message out. Although this isn't what it's suppose to do. Maybe it would help if I post the order in which the email occurred instead of the way I investigated them.

    Here the email comes in to morgan@ALocalDomain.com (an account that doesn't exist and isn't aliased):
    Code:
    2007-12-20 01:04:14 1J5FS2-0005oE-Bn <= garelliyncry@xratedhost.com H=pool-71-97-163-95.aubnin.dsl-w.verizon.net [71.97.163.95] P=esmtp S=1097 id=C2480C66.31BA5554@xratedhost.com T="ugoropaz"
    2007-12-20 01:04:14 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1J5FS2-0005oE-Bn
    2007-12-20 01:04:14 1J5FS2-0005oE-Bn ** morgan@ALocalDomain.com R=virtual_aliases:
    2007-12-20 01:04:14 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1J5FS2-0005oE-Bn
    2007-12-20 01:04:14 1J5FS2-0005pf-PR <= <> R=1J5FS2-0005oE-Bn U=mailnull P=local S=1968 T="Mail delivery failed: returning message to sender"
    2007-12-20 01:04:14 1J5FS2-0005oE-Bn Completed
    
    The next to the last line indicates it's creating a "failed" return email. Here's the second email (fails delivery because the original email above was spam with a spoofed from email address):

    Code:
    2007-12-20 01:04:14 1J5FS2-0005pf-PR <= <> R=1J5FS2-0005oE-Bn U=mailnull P=local S=1968 T="Mail delivery failed: returning message to sender"
    2007-12-20 01:04:14 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1J5FS2-0005pf-PR
    2007-12-20 01:04:15 1J5FS2-0005pf-PR xratedhost.com [82.98.86.170] Connection refused
    2007-12-20 01:04:15 1J5FS2-0005pf-PR == garelliyncry@xratedhost.com R=lookuphost T=remote_smtp defer (111): Connection refused
    
     
Loading...

Share This Page