SOLVED Mail queue is full of mails for non existing accounts

hayridumanli · Nov 30, 2017

There are a lot of spam mails in my VPS's Mail Queue, all the Recipient(s) are non existing accounts, there is no account like this or there is no alias for them.
It suddenly started a few days ago, I didn't have such a problem before.
What I did;
In "Tweak Settings / Mail" settings, I changed "Initial default/catch-all forwarder destination" to
"System account", "Fail" and "Blackhole" in order, and I restarted Exim after each change. None of the 3 methods worked, there are still a lot of spam mails waiting in the queue, everyday I delete the queue manually 4 - 5 times.
What may be the problem?

Infopro · Nov 30, 2017

hayridumanli said: ↑

In "Tweak Settings / Mail" settings, I changed "Initial default/catch-all forwarder destination" to
"System account", "Fail" and "Blackhole" in order
Click to expand...

That's for new accounts created after you change it I believe.

Initial default/catch-all forwarder destination
Forwarding destination for a new account’s catch-all/default address.
Click to expand...

You might check the cPanel account's setting under the Default Address section to make sure this is configured for the account itself assuming it's an existing account.

Preferred setting:
Discard the email while your server processes it by SMTP time with an error message.
Failure Message (seen by sender)
No Such User Here

(Or whatever you want.)

hayridumanli · Dec 1, 2017

OK, thank you for your message, here are what I did;
1) In WHM / Tweak Settings / Mail; I selected "System account" in "Initial default/catch-all forwarder destination", restarted Exim.
2) I have 48 accounts in VPS, I entered all of them cPanel's one by one, I entered "Default Address" as you said, selected "Forward to your system account “$user”" and click on "Change". I did this for all the accounts. I restarted VPS.
But there are still messages in the queue for non-existing accounts. Some of them are frozen, some of them are still queued. Unfortunately it seems like "Forward to your system account" setting is not working.
What can I do more?

cPanelMichael · Dec 4, 2017

Hello,

Could you let us know the output from WHM when attempting to deliver one of the messages in the queue?

Thank you.

hayridumanli · Dec 4, 2017

Here it is;

Code:

LOG: MAIN
cwd=/usr/local/cpanel/whostmgr/docroot 4 args: /usr/sbin/exim -v -M 1eLtd3-0002b4-8h
delivering 1eLtd3-0002b4-8h
LMTP<< 220 server.example.com Dovecot ready.
LMTP>> LHLO server.example.com
LMTP<< 250-server.example.com
LMTP<< 250-STARTTLS
LMTP<< 250-8BITMIME
LMTP<< 250-ENHANCEDSTATUSCODES
LMTP<< 250 PIPELINING
LMTP>> MAIL FROM:<>
LMTP<< 250 2.1.0 OK
LMTP>> RCPT TO:<cafeturc@server.example.com>
LMTP<< 250 2.1.5 OK
LMTP>> DATA
LMTP<< 354 OK
LMTP>> writing message and terminating "."
LMTP<< 451 4.2.0 <cafeturc@server.example.com> Internal error occurred. Refer to server log for more information. [2017-12-04 22:15:51]
LMTP>> QUIT
LMTP<< 221 2.0.0 OK
LOG: MAIN
== cafeturc@server.example.com <Newham.158@domain.com> R=localuser T=dovecot_delivery defer (-46): LMTP error after end of data: 451 4.2.0 <cafeturc@server.example.com> Internal error occurred. Refer to server log for more information. [2017-12-04 22:15:51]

Another one;

Code:

LOG: MAIN
cwd=/usr/local/cpanel/whostmgr/docroot 4 args: /usr/sbin/exim -v -M 1eLtJo-00028L-5V
delivering 1eLtJo-00028L-5V
LMTP<< 220 server.example.com Dovecot ready.
LMTP>> LHLO server.example.com
LMTP<< 250-server.example.com
LMTP<< 250-STARTTLS
LMTP<< 250-8BITMIME
LMTP<< 250-ENHANCEDSTATUSCODES
LMTP<< 250 PIPELINING
LMTP>> MAIL FROM:<>
LMTP<< 250 2.1.0 OK
LMTP>> RCPT TO:<econmtr1@server.example.com>
LMTP<< 250 2.1.5 OK
LMTP>> DATA
LMTP<< 354 OK
LMTP>> writing message and terminating "."
LMTP<< 451 4.2.0 <econmtr1@server.example.com> Internal error occurred. Refer to server log for more information. [2017-12-04 22:16:26]
LMTP>> QUIT
LMTP<< 221 2.0.0 OK
LOG: MAIN
== econmtr1@server.example.com <Mcrobbie.91@domain.com.tr> R=localuser T=dovecot_delivery defer (-46): LMTP error after end of data: 451 4.2.0 <econmtr1@server.example.com> Internal error occurred. Refer to server log for more information. [2017-12-04 22:16:26]

cPanelMichael · Dec 5, 2017

hayridumanli said: ↑

R=localuser T=dovecot_delivery defer (-46): LMTP error after end of data: 451 4.2.0 <> Internal error occurred. Refer to server log for more information. [2017-12-04 22:16:26]
Click to expand...

Hello,

This can suggest a missing email directory or an email directory with invalid ownership/permissions. First, check that the following directories exist:

/home/username/mail/cur/
/home/username/mail/new

If so, try running the following command for the cPanel user that's facing the issue to see if you notice any specific errors:
Code:
/scripts/mailperm $username --verbose
Thank you.

hayridumanli · Dec 5, 2017

Yes, "cur" and "new" directories exit in all users (total 48 user).
But when I try to run your following command, for example
/scripts/mailperm removed --verbose
for the first user, the result is;

[removed due to inclusion of real domain names]

Failed to chown “/home/removed/mail/cur” to group “removed”: Operation not permitted at /usr/local/cpanel/Cpanel/Email/Perms/User.pm line 312.
[removed due to inclusion of real domain names]

So, please tell me the next step.

cPanelMichael · Dec 5, 2017

Hello,

You can check the ownership/permissions/attributes of each of those directories with commands such as:
Code:
stat /home/user/mail/cur
lsattr  /home/user/mail/new
Check the parent directory as well (e.g. /home/user/mail). Permissions on the directories should be 0751, with both user and group ownership set to the account username. The file attribute output should look like this:
Code:
---------------- /home/user/mail
Thank you.

hayridumanli · Dec 5, 2017

Here are the results;

[root@server /]# stat /home/removed/mail/cur
File: ‘/home/removed/mail/cur’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 802h/2050d Inode: 6292309 Links: 2
Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-11-28 03:19:38.623009222 +0300
Modify: 2017-11-28 03:19:38.623009222 +0300
Change: 2017-11-28 03:19:38.623009222 +0300
Birth: -
[root@server /]# stat /home/removed/mail/new
File: ‘/home/removed/mail/new’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 802h/2050d Inode: 6292307 Links: 2
Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-11-28 03:19:39.183010775 +0300
Modify: 2017-11-28 03:19:39.183010775 +0300
Change: 2017-11-28 03:19:39.183010775 +0300
Birth: -
[root@server /]# stat /home/removed/mail
File: ‘/home/removed/mail’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 802h/2050d Inode: 6293594 Links: 14
Access: (0751/drwxr-x--x)
Access: 2017-08-05 14:36:07.496608037 +0300
Modify: 2017-12-05 22:23:45.439788551 +0300
Change: 2017-12-05 22:23:45.439788551 +0300
Birth: -

Yes, parent directory has 0751, but cur and new directories have 0755 permissions. If "Repair Mailbox Permissions" in WHM and "/scripts/mailperm $username --verbose" both don't work, how can I fix these permissions?

cPanelMichael · Dec 5, 2017

Hello,

hayridumanli said: ↑

Uid: ( 0/ root) Gid: ( 0/ root)
Click to expand...

The "cur" and "new" directories are owned by root. You need to update ownership to match the account username and then run the mailbox permission repair script again. EX:
Code:
chown user.user /home/user/mail/cur
chown user.user /home/user/mail/new
Note that you should refrain from using real domain names and usernames in your responses as this is a publicly visible forum.

Thank you.

hayridumanli · Dec 6, 2017

Yes, here is the solution, thank you so much Michael. What I did;
I made "chown user.user /home/user/mail/cur" and "chown user.user /home/user/mail/new" to all users, then "/scripts/mailperm $username --verbose" to all users again. So, all the cur and new directories had 0751 permissions, and mail queue is back to normal, no more queing non existing accounts.
Problem is solved, thank you so much again.

cPanelMichael · Dec 6, 2017

Hello,

I'm glad to see that helped! Thank you for updating us with the outcome. Note that ownership is typically set to root when a directory is created/restored directory via SSH while logged in as the "root" user. To prevent this from happening in the future, remember to access SSH as the account username when performing such actions.

Thanks!

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED Mail queue is full of mails for non existing accounts

hayridumanli Member

Infopro cPanel Sr. Product Evangelist Staff Member

hayridumanli Member

cPanelMichael Technical Support Community Manager Staff Member

hayridumanli Member

cPanelMichael Technical Support Community Manager Staff Member

hayridumanli Member

cPanelMichael Technical Support Community Manager Staff Member

hayridumanli Member

cPanelMichael Technical Support Community Manager Staff Member

hayridumanli Member

cPanelMichael Technical Support Community Manager Staff Member

Email stuck in queue due to faulty email address?

Many unknown spams in email queue

Setup cron to delete Exim Mail Queue

Forwarding email to gmail stuck in queue

Mails from root stay in mail queue

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED Mail queue is full of mails for non existing accounts

hayridumanli Member

Infopro cPanel Sr. Product Evangelist Staff Member

hayridumanli Member

cPanelMichael Technical Support Community Manager Staff Member

hayridumanli Member

cPanelMichael Technical Support Community Manager Staff Member

hayridumanli Member

cPanelMichael Technical Support Community Manager Staff Member

hayridumanli Member

cPanelMichael Technical Support Community Manager Staff Member

hayridumanli Member

cPanelMichael Technical Support Community Manager Staff Member

Email stuck in queue due to faulty email address?

Many unknown spams in email queue

Setup cron to delete Exim Mail Queue

Forwarding email to gmail stuck in queue

Mails from root stay in mail queue

Share This Page