The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mail Delivery Reports>Sender>[System]

Discussion in 'E-mail Discussions' started by TCC, Nov 6, 2015.

  1. TCC

    TCC Member

    Joined:
    Mar 27, 2015
    Messages:
    11
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    I sometimes see in Mail Delivery Reports the sender as [System]. They're always a nonexistent randomuser@adomainIhost.whatever.

    What are they and where does the bounced "no such user here" go? Is it technically bounced but there's nowhere to bounce it to as the sender is [System]?

    Searching here returns nada with the term"[System]"in the reply that actually contains [System], yet I've been seeing and searching for this for nearly two years now. They come from Yahoo, outbound.protection.outlook.com, static.optonline.net and various domain names.

    Exim mainlog shows them as normal connections from whatever ip they're coming from. Is anyone else wondering about these entries?
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,449
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    More details needed I think. Can you post a screenshot (after editing personal details out) of the Delivery Event Details slide you see one of these on in Mail Delivery Reports?

    Assuming the below is the case.

    There's a setting in WHM here:
    Home »Server Configuration »Tweak Settings, Mail tab:

    Code:
    Initial default/catch-all forwarder destination
    Forwarding destination for a new account’s catch-all/default address. (Users may modify this value via the Default Address interface in cPanel.) “Fail” rejects the message and notifies the remote SMTP server. This is usually the best choice if you are getting mail attacks. “Blackhole” accepts and processes the message but then silently discards it. This avoids notifying the remote SMTP server but violates SMTP RFC 5321 and generally should not be used.
    
    There's a setting in cPanel here where you can add that message you mention:
    cPanel »EMAIL »Default Address

    Code:
    Discard the email while your server processes it by SMTP time with an error message.
    Failure Message (seen by sender) 
    The No Such User Here message has been added there I bet.

    This post by chirpy on ConfigServer's website might be of use:
    Why you should use :fail:
     
  3. TCC

    TCC Member

    Joined:
    Mar 27, 2015
    Messages:
    11
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Both locations are set to :fail, so I guess there is no bounce. Seems pointless to send this sort of email. They don't come in often or fast enough to be an attack. I received two today an hour and a half apart.
    In cPanel, the message is there by default, if you try to remove it, you get> Failure message cannot be empty.
    Here's an example of the Mail Delivery Report.
    system.GIF
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can search for the message in /var/log/exim_mainlog with a command such as:

    Code:
    exigrep user@yahoo /var/log/exim_mainlog
    This should help narrow down the cause of the bounce.

    Thank you.
     
Loading...

Share This Page