SOLVED Mail queue is full of mails for non existing accounts

There are a lot of spam mails in my VPS's Mail Queue, all the Recipient(s) are non existing accounts, there is no account like this or there is no alias for them.
It suddenly started a few days ago, I didn't have such a problem before.
What I did;
In "Tweak Settings / Mail" settings, I changed "Initial default/catch-all forwarder destination" to
"System account", "Fail" and "Blackhole" in order, and I restarted Exim after each change. None of the 3 methods worked, there are still a lot of spam mails waiting in the queue, everyday I delete the queue manually 4 - 5 times.
What may be the problem?

 

OK, thank you for your message, here are what I did;
1) In WHM / Tweak Settings / Mail; I selected "System account" in "Initial default/catch-all forwarder destination", restarted Exim.
2) I have 48 accounts in VPS, I entered all of them cPanel's one by one, I entered "Default Address" as you said, selected "Forward to your system account “$user”" and click on "Change". I did this for all the accounts. I restarted VPS.
But there are still messages in the queue for non-existing accounts. Some of them are frozen, some of them are still queued. Unfortunately it seems like "Forward to your system account" setting is not working.
What can I do more?

 

Here it is;

Code:

LOG: MAIN
cwd=/usr/local/cpanel/whostmgr/docroot 4 args: /usr/sbin/exim -v -M 1eLtd3-0002b4-8h
delivering 1eLtd3-0002b4-8h
LMTP<< 220 server.example.com Dovecot ready.
LMTP>> LHLO server.example.com
LMTP<< 250-server.example.com
LMTP<< 250-STARTTLS
LMTP<< 250-8BITMIME
LMTP<< 250-ENHANCEDSTATUSCODES
LMTP<< 250 PIPELINING
LMTP>> MAIL FROM:<>
LMTP<< 250 2.1.0 OK
LMTP>> RCPT TO:<cafeturc@server.example.com>
LMTP<< 250 2.1.5 OK
LMTP>> DATA
LMTP<< 354 OK
LMTP>> writing message and terminating "."
LMTP<< 451 4.2.0 <cafeturc@server.example.com> Internal error occurred. Refer to server log for more information. [2017-12-04 22:15:51]
LMTP>> QUIT
LMTP<< 221 2.0.0 OK
LOG: MAIN
== cafeturc@server.example.com <Newham.158@domain.com> R=localuser T=dovecot_delivery defer (-46): LMTP error after end of data: 451 4.2.0 <cafeturc@server.example.com> Internal error occurred. Refer to server log for more information. [2017-12-04 22:15:51]

Another one;

Code:

LOG: MAIN
cwd=/usr/local/cpanel/whostmgr/docroot 4 args: /usr/sbin/exim -v -M 1eLtJo-00028L-5V
delivering 1eLtJo-00028L-5V
LMTP<< 220 server.example.com Dovecot ready.
LMTP>> LHLO server.example.com
LMTP<< 250-server.example.com
LMTP<< 250-STARTTLS
LMTP<< 250-8BITMIME
LMTP<< 250-ENHANCEDSTATUSCODES
LMTP<< 250 PIPELINING
LMTP>> MAIL FROM:<>
LMTP<< 250 2.1.0 OK
LMTP>> RCPT TO:<econmtr1@server.example.com>
LMTP<< 250 2.1.5 OK
LMTP>> DATA
LMTP<< 354 OK
LMTP>> writing message and terminating "."
LMTP<< 451 4.2.0 <econmtr1@server.example.com> Internal error occurred. Refer to server log for more information. [2017-12-04 22:16:26]
LMTP>> QUIT
LMTP<< 221 2.0.0 OK
LOG: MAIN
== econmtr1@server.example.com <Mcrobbie.91@domain.com.tr> R=localuser T=dovecot_delivery defer (-46): LMTP error after end of data: 451 4.2.0 <econmtr1@server.example.com> Internal error occurred. Refer to server log for more information. [2017-12-04 22:16:26] 

 

Yes, "cur" and "new" directories exit in all users (total 48 user).
But when I try to run your following command, for example
/scripts/mailperm removed --verbose
for the first user, the result is;

[removed due to inclusion of real domain names]

Failed to chown “/home/removed/mail/cur” to group “removed”: Operation not permitted at /usr/local/cpanel/Cpanel/Email/Perms/User.pm line 312.
[removed due to inclusion of real domain names]

So, please tell me the next step.

 

Here are the results;

[root@server /]# stat /home/removed/mail/cur
File: ‘/home/removed/mail/cur’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 802h/2050d Inode: 6292309 Links: 2
Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-11-28 03:19:38.623009222 +0300
Modify: 2017-11-28 03:19:38.623009222 +0300
Change: 2017-11-28 03:19:38.623009222 +0300
Birth: -
[root@server /]# stat /home/removed/mail/new
File: ‘/home/removed/mail/new’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 802h/2050d Inode: 6292307 Links: 2
Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-11-28 03:19:39.183010775 +0300
Modify: 2017-11-28 03:19:39.183010775 +0300
Change: 2017-11-28 03:19:39.183010775 +0300
Birth: -
[root@server /]# stat /home/removed/mail
File: ‘/home/removed/mail’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 802h/2050d Inode: 6293594 Links: 14
Access: (0751/drwxr-x--x)
Access: 2017-08-05 14:36:07.496608037 +0300
Modify: 2017-12-05 22:23:45.439788551 +0300
Change: 2017-12-05 22:23:45.439788551 +0300
Birth: -

Yes, parent directory has 0751, but cur and new directories have 0755 permissions. If "Repair Mailbox Permissions" in WHM and "/scripts/mailperm $username --verbose" both don't work, how can I fix these permissions?

 

Yes, here is the solution, thank you so much Michael. What I did;
I made "chown user.user /home/user/mail/cur" and "chown user.user /home/user/mail/new" to all users, then "/scripts/mailperm $username --verbose" to all users again. So, all the cur and new directories had 0751 permissions, and mail queue is back to normal, no more queing non existing accounts.
Problem is solved, thank you so much again.