The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Just Received Mail From Another Account!!!

Discussion in 'E-mail Discussions' started by damainman, Oct 9, 2004.

  1. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    16
    I went to check my email account, and in one of my accounts i received two email from another client on a completly different domain, but hosted on the same server.


    What would cause their mail to go into my account?

    thank you in advance for your replies.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You'd need to post the full internet headers to be able to determine what went wrong. You should also check their /etc/valiases/domain.com file that they haven't miss-typed something.
     
  3. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    16
    Sorry i haven't updated this post, but I've been caught up with alot of things. Basically the problem is still happening, but only sometimes.

    It just happened again today, so i figured i'll just post my results here to fix everything.

    I checked my customers records in: /etc/valiases/customerdomain.com and everything seemed to be normal. Also i don't allow ssh accounts so theres no way my client could have missed typed something, unless there's another way to do it. As far as i know, cpanel created all the files there.

    Now this problem that i'm receiving only happens for one domain and this particular client. They host several domains, but its only this domain that i've been receiving mail from.. and its been from more then 1 email account using this domain.

    Note: My email account in which i'm receiving their email is a catchall account I have.

    You said to post the full headers from the email, so i'm going to post from the email i received today. I've changed the information for privacy purposes.

    - From: friend@theirdomain.com
    - To: client@customerdomain.com
    - My account: abuse@mydomain.com

    Now my email account is mentioned no where in there, so why would i be receiving their mail?

    Thank you in advance for your replies :)
     
  4. linux-image

    linux-image Well-Known Member

    Joined:
    Jun 8, 2004
    Messages:
    1,192
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    Root Administrator
    could you paste content of /etc/valiases/customerdomain.com here ?
     
  5. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    16
    Yeah but for his main account or for the add-on domain i'm receiving the email from?

    Thank you for your replies :)
     
  6. djmerlyn

    djmerlyn Well-Known Member

    Joined:
    Aug 31, 2004
    Messages:
    203
    Likes Received:
    1
    Trophy Points:
    16
    - From: friend@theirdomain.com
    - To: client@customerdomain.com
    - My account: abuse@mydomain.com


    It looks to me like you're just getting a copy of a bounced email from mailman, maybe there is a mis-config in your setup that is causing the route through server.mydomain.com to bounce back to postmaster%40server.mydomain.com (or abuse%40)

    :confused:
     
    #6 djmerlyn, Nov 17, 2004
    Last edited: Nov 17, 2004
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    It could be a bounce, in that it's emailing you as a last ditch attempt.

    Before coming to that conclusion, though, do you always get the email for the destination domain? Or only some of it, and only from that one sender?

    Is the destination domain listed in /etc/localdomains and does it have an MX record that points at your server correctly (no missing dots, for example in the MX record)?

    Are all the domains involved hosted on the same server?

    Can you watch what is happening in the exim mailllog to see the routing that exim is doing

    tail -f /var/log/exim_mainlog

    It ought to show why it's being routed into your account.
     
  8. rvskin

    rvskin Well-Known Member
    PartnerNOC

    Joined:
    Feb 19, 2003
    Messages:
    400
    Likes Received:
    1
    Trophy Points:
    18
    exigrep 1CUCzR-0002mk-PH /var/log/exim_mainlog
    will show you all communication for this mail message.
     
  9. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    16
    Okay, I was trying to reply back to everyones post so we can get to the bottom of this. Here are some facts I've gathered up from things I've done.

    1. My client has several add-on domains, and from test I've ran, it comes out that the problem is only affecting 1 of the add-on domains.
    2. The problem only pertains to emails sent to email accounts that don't exist for that particular domain. So the emails i've been receiving, have been from people emailing him at a wrong email address(mispelling the email account, but spelling the domain correctly)


    Conclusion: My client can receive all emails to the domain having problems, ONLY if it is sent to a valid email address. The email is sent to a nonexistant account for that particular domain, it is routed to MY catchall account. The problem only exist with 1 client, and only 1 of his add-on domains. All his other domains on the same account, fuction correctly.

    Now to answer your questions below :)

    Not a bounce from mailman, and my client doesn't have mailman running. This is an actual email sent by a friend of my client.



    1. I get the email from any sender, as long as its being sent to a email that doesn't exist for that particular domain.

    2. Yes the domain is listed in /etc/localdomains. The MX record points to the domain the same way all the other domains with working emails do.

    3. Only my account and the clients account is on my server. The emails are being sent from 3rd party providers(hotmail, aol, etc..)

    4. Okay I sent a test email to the email account i was receiving mail from..and again i received it lol. Below is the log from exim:

    Okay above there is something strange. Next to the clients email address it says "ABUSE", which is the same as the email account i'm receiving the email on (ABUSE@mydomain.com). My client doesn't have an "ABUSE" account for any of there domains. Now i ran several email tests using that particular domain, and I'm having the same results.

    Note: Keep in mind, that i'm sending emails to non existant accounts on that particular domain "customerdomain.com.

    Now I sent a email to a nonexistant email address on another domain on my clients account that is not having the problem. Here is the log below:

    Now above you can see the email which was sent to a fake account, was routed to the "WMP" account. From all the test i ran, all domains routed emails to nonexistant accounts to the "WMP" account, which is the catchall account for my client. However any emails sent to a nonexistant accounts on the domain which is having the issues, is being routed to the "ABUSE" account instead of the "WMP" account. The "ABUSE" account is what I have set on MY domain as the catchall account :confused:

    2004-11-16 18:44:01 1CUCzR-0002mk-PH <= friend@theirdomain.com H=(neusmtp01.theirdomain.com) [155.33.xx.xxx] P=esmtp S=2462 id=1466632.1100648646952.JavaMail.friend@theirdomain.com
    2004-11-16 18:44:01 1CUCzR-0002mk-PH => abuse <client@customerdomain.com> R=virtual_user T=virtual_userdelivery
    2004-11-16 18:44:01 1CUCzR-0002mk-PH Completed

    I think i found the problem. I looked in all the valiases of different clients just to compare them.

    1. All the domains that wasn't have the problem for my client said:

    *: wmp

    2. The domain that was having the routing problems said:
    *: postmaster

    - I changed it to say wmp, like all the other domains in his account.. However do i need to restart anything so the change has affect?

    Thanks to everyone who replied, and helped me out. I really appreciate the time you've taken to assist me :)
     
  10. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    16
    Okay I made the change in /etc/valiases/customerdomain.com , restarted exim.. and problem solved :)

    Thanks for everyones help.
     
  11. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Well done for getting to the bottom of it! :)
     
  12. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    16
    Thank you :).. I really learned alot from checking the things everyone told me to check and stuff. I couldn't have found the cause and answer if no one replied :)
     
Loading...

Share This Page