Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mail not working on server (sending and receiving)

Discussion in 'E-mail Discussions' started by David_spm, Oct 13, 2017.

  1. David_spm

    David_spm Active Member

    Joined:
    May 28, 2017
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Thailand
    cPanel Access Level:
    Root Administrator
    I inherited a server some months ago and found that some of the accounts were seemed to be sending out spam mail. At the time there were records like this in exim_mainlog


    2017-06-28 23:02:42 1dQPj7-0005Mm-JP <=
    NAME@MYDOMAIN H=([127.0.0.1]) [78.90.72.196]:41899
    P=esmtpa A=dovecot_plain:NAME@one_of_my_site.com S=15548
    id=4D248BBE.3420710@one_of_my_sites.com T="Hand regard:
    following the hand with the eyes!" for some_name@prodigy.net

    I deleted the email account in question and all email accounts for that website.

    Also at that time I found that the directory for /var/spool/exim was filling up by several GB in the space of hours and the servers disk was becoming full because of it. I cant recall what I did exactly but I think I may have deleted or removed something that I followed in a guide and the disk usage stopped anyway.

    Since then though mail doesnt seem to work on the server at all and I need to fix it now. It seems that no messages sent to any of the email addresses for the accounts are received and no mails from cron jobs and other tools are received by the root email and test emails are never received too.

    Exim is still running though, here is some sample output from /exim_mainlog

    2017-10-13 05:28:34 SMTP connection from [51.254.125.108]:46176 (TCP/IP connection count = 2)
    2017-10-13 05:28:36 dovecot_login authenticator failed for 108.ip-51-254-125.eu (ADMIN) [51.254.125.108]:46176: 535 Incorrect authentication data (set_id=sales@my_site.com)
    2017-10-13 05:28:36 SMTP connection from [127.0.0.1]:59006 (TCP/IP connection count = 3)
    2017-10-13 05:28:36 SMTP connection from 108.ip-51-254-125.eu (ADMIN) [51.254.125.108]:46176 closed by QUIT


    2017-10-13 05:28:55 1e2T9p-0002wB-Jh Sender identification U=another_site D=another_site.net S=wordpress@another_site.net
    2017-10-13 05:28:55 1e2uKp-0001KM-Kt Sender identification U=another_site D=another_site.net S=wordpress@another_site.net
    2017-10-13 05:28:55 1e2pHa-0004vO-Vz Message is frozen
    2017-10-13 05:28:56 1e2vqV-0002Ey-GI Message is frozen
    2017-10-13 05:28:56 1e2uxV-0003Vm-47 Message is frozen

    a few other details:

    In the WHM sent summary there is no activity and same for the mail delivery reports.

    Mail queue manager seems to have a lot of activity in it, all messages there are either frozen or queued and seem to be from [System] and trying to go to either root, cpanel or fail2ban@server.myhost.com, there are also some mails trying to send from one of our sites to other email addresses I dont recognise (I would guess they are wither users signed up to the site or people that have left a comment).

    Im not sure how to tackle this, should I submit a ticket?

    I should add that a lot of the messages are not needed and Id be ok with re-instaling everything from scrath for the mail on the server if needed.

    thanks
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,502
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Do you notice any output to /var/log/exim_paniclog when encountering an issue with sending or receiving?

    Thank you.
     
  3. David_spm

    David_spm Active Member

    Joined:
    May 28, 2017
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Thailand
    cPanel Access Level:
    Root Administrator
    This is all I see in the current paniclog:

    2017-10-16 00:32:36 socket bind() to port 587 for address (any IPv6) failed: Address already in use: daemon abandoned

    I have the logs rotated weekly and the older ones are compressed but the logs dated 15th and 8th have nothing in them
     
  4. David_spm

    David_spm Active Member

    Joined:
    May 28, 2017
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Thailand
    cPanel Access Level:
    Root Administrator
    ..also this is what I can see listening on port 587

    tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 21565/exim
    tcp 0 0 :::587 :::* LISTEN 21565/exim
     
  5. David_spm

    David_spm Active Member

    Joined:
    May 28, 2017
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Thailand
    cPanel Access Level:
    Root Administrator
    One other thing, this is the output from a test mail I tried to send:

    -bash-4.1$ echo "Subject: test" | /usr/sbin/exim -v me@gmail.com
    LOG: MAIN
    cwd=/home/me 3 args: /usr/sbin/exim -v me@gmail.com
    LOG: MAIN
    <= me@server.myhostname.com U=me P=local S=323 T="test"
    -bash-4.1$ LOG: MAIN
    cwd=/var/spool/exim 4 args: /usr/sbin/exim -v -Mc 1e3zV1-0000MA-Py
    delivering 1e3zV1-0000MA-Py
    LOG: MAIN
    ** me@gmail.com R=enforce_mail_permissions: Gid 577 is not permitted to relay mail, or has directly called /usr/sbin/exim instead of /usr/sbin/sendmail.
    LOG: MAIN
    cwd=/var/spool/exim 8 args: /usr/sbin/exim -v -t -oem -oi -f <> -E1e3zV1-0000MA-Py
    LOG: MAIN
    <= <> R=1e3zV1-0000MA-Py U=mailnull P=local S=1645 T="Mail delivery failed: returning message to sender"
    LOG: MAIN
    cwd=/var/spool/exim 4 args: /usr/sbin/exim -v -Mc 1e3zV2-0000MF-23
    delivering 1e3zV2-0000MF-23
    LOG: MAIN
    Completed
    LMTP<< 220 server.myhostname.com Dovecot ready.
    LMTP>> LHLO server.myhostname.com
    LMTP<< 250-server.myhostname.com
    LMTP<< 250-STARTTLS
    LMTP<< 250-8BITMIME
    LMTP<< 250-ENHANCEDSTATUSCODES
    LMTP<< 250 PIPELINING
    LMTP>> MAIL FROM:<>
    LMTP<< 250 2.1.0 OK
    LMTP>> RCPT TO:<me@server.myhostname.com>
    LMTP<< 250 2.1.5 OK
    LMTP>> DATA
    LMTP<< 354 OK
    LMTP>> writing message and terminating "."
    LMTP<< 250 2.0.0 <me@server.myhostname.com> EN0WGsBa5FlsBQAAQA8zkQ Saved
    LMTP>> QUIT
    LMTP<< 221 2.0.0 OK
    LOG: MAIN
    => me <me@server.myhostname.com> R=localuser T=dovecot_delivery S=1798 C="250 2.0.0 <me@server.myhostname.com> EN0WGsBa5FlsBQAAQA8zkQ Saved"
    LOG: MAIN
    Completed
     
  6. David_spm

    David_spm Active Member

    Joined:
    May 28, 2017
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Thailand
    cPanel Access Level:
    Root Administrator
    Hi, should I submit a support ticket about this?
     
  7. cPWilliamL

    cPWilliamL cP Technical Analyst II
    Staff Member

    Joined:
    May 15, 2017
    Messages:
    257
    Likes Received:
    27
    Trophy Points:
    103
    Location:
    America
    cPanel Access Level:
    Root Administrator
    Your last output is just improper use of the commands, not a sign of your issue. Opening a ticket will allow us to provide you with the best support. Once opened, you can paste the ticket ID here, and we can update this thread with the outcome. Looking over your output, I am not sure if any information relevant to your issue has been provided. Ideally, you would provide a full transaction which failed(i.e. 'exigrep <exim-msg-id> /var/log/exim_mainlog').

    With that said, a random guess is that perhaps one of your exim databases is corrupt as in the post below:
    Exim db corrupt with a few entries?
     
Loading...

Share This Page