The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

/home/domainname/mail/new

Discussion in 'E-mail Discussions' started by ejs, Mar 2, 2008.

  1. ejs

    ejs Member

    Joined:
    Aug 13, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Gadsden, Alabama
    I was looking at a domain today that has no email address in it. But they had 201mb in email. I traced it down to /home/domainname/mail/new . What puts email in this folder? The domain default address was set to :Fail: No such person at this address , in a test i have blackholed the default.
     
  2. XzaB

    XzaB Active Member

    Joined:
    Nov 20, 2005
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Egypt, Cairo
    weired ...

    P.S: Web Master have an email by default of New Account Creation !
     
  3. ejs

    ejs Member

    Joined:
    Aug 13, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Gadsden, Alabama
    Yes they do but i had it set to :fail:
     
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    If you are running PHP with suPHP or as CGI or if you are running suexec for CGI then by default this is the location where mail sent from PHP or CGI scripts will store their bounce messages.

    If you are running PHP as CGI (suPHP) and you send out an e-mail using the PHP mail() function but you do not specify an envelope sender in the fifth parameter of the mail() function, then by default the envelope sender is set to username@servername.com. Where username is the username of your account on the server and servername.com is the full hostname of the server that your account is hosted on.

    Mail sent to username@servername.com is not routed through the valiases file in exim. This means that regardless of what you have your default address set to, mail to username@servername.com will go into /home/username/mail. I would suspect that the user is sending out mail through a PHP or CGI script and a lot of those messages are not going out or reaching their recipient and are bouncing back.

    username@servername.com is really the only real e-mail address on the server associated with your account. Using @yourdomain.com e-mail addresses are really virtual e-mail addresses, where mail sent to those addresses arrives at the server and exim parses the domain as a virtual domain on the server and handles it accordingly. The valiases file (the forwarder file, where default address information is stored) is only applied to virtual domains.
     
  5. ejs

    ejs Member

    Joined:
    Aug 13, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Gadsden, Alabama
    this is just a plain jane html site.. no scripts running at all. They don't even use the domain for there email. Never have
     
  6. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Has the default address always been set to :fail: or did it used to be set to something else?

    If the default address was set to the account's username (this is what I think the default setting is in cPanel unless you change it through the Tweak Settings menu) then it could have accumulated mail. The default address may have been set to :fail: but the old message were not deleted.

    The best way to tell would be to have the user log into the mail account and read some of the messages to see what kind of messages they are and who they were enveloped to. The user can read this mail account by going to:

    http://theirdomain.com/webmail

    The username and password would be the same username and password they use to access their control panel.
     
  7. ejs

    ejs Member

    Joined:
    Aug 13, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Gadsden, Alabama
    yes from the beginning when I set this server up I tweaked the setting to set the default email address to :fail: . So when ever we created domains on this box it did it by default. Since this discovery I have changed the settings to :blackhole:

    There doesn't appear to be any more emails accumulating in the box. I did pull a couple of the emails and look at them . The ones I pulled look to be just junk mail. regular spam.

    I have also noticed that the /home/domainname/mail/cur file is also very large. What is posting messages in this file?
     
  8. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    The cur directory is where mail that has been read or is no longer flagged as new is stored. In the Maildir structure you have three directories, new, cur, and tmp. All of these directories play a role in the structure of the maildir setup, the POP or IMAP service that you are running (probably Courier) knows how to interpret this directory structure.

    Regarding the message, I would find the latest possible message, what is the date of that message? Is it relatively recent? I'd find the message ID, and run through exim_mainlog (and the archives) searching for that message ID and try to find out why that message was delivered. If the domain has always had their default address set to :fail: then the mailbox should never accumulate messages that are sent to that domain name. If the message was sent specifically to username@servername.com then it would gather there. It is best to figure out the root cause of this issue so that you can prevent it from happening again.
     
  9. ArbuZz

    ArbuZz Active Member

    Joined:
    Mar 27, 2007
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    I have set :fail in tweak settings, but I still have those spam messages accumulating in /home/domainname/mail/new...

    Why?..
     
  10. ArbuZz

    ArbuZz Active Member

    Joined:
    Mar 27, 2007
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    I've tried :blackhole setting too. Neither works.

    Maybe there some additional operations I must fulfill?
     
  11. ArbuZz

    ArbuZz Active Member

    Joined:
    Mar 27, 2007
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    As I've found out changing the setting to :fail: or :blackhole: won't change anything for existing account (it is kinda buggy, isn't it?) and you have to change it for every account manually. As far as I know (and I'm not sure already that what I know is worth knowing at all) the settings are located in /etc/valiases directory. Separate setting for every account. Ouch...

    I've used the following self-made php script to alter settings automatically:

    <?php

    $valiases = scandir('/etc/valiases');

    foreach ($valiases as $file) :
    if ($file == '..' || $file == '.') continue;
    echo "$file...\n";
    exec("echo '*: :fail:' > /etc/valiases/$file");
    endforeach;

    ?>

    Place it wherever you like in some php file, for example valiases.php, save and run. Everything must be changed to :fail:. Backup original /etc/valiases directory first and please use at your own risk, as I'm not sure in anything anymore.

    CAUTION: Obviously this script will OVERWRITE all the settings that your client has set about forwarding, rerouting, etc. So please, use carefully and consciously.

    Hope it helps.
     
    #11 ArbuZz, Oct 20, 2008
    Last edited: Oct 20, 2008
Loading...

Share This Page