Mail Suspended on just one email address

[OwenC]

I have about 15 domains on one server.
One domain with 5 email addresses has just ONE email address that can not send email externally.
Mail will send to other domains on the SAME server.

Specifically the error returned to Outlook is "Server error 550 : Outgoing mail from domain.com has been suspended."
I have checked the Allow/Suspend/Hold which is set for Allow.
I also checked Outgoing mail summary and only minimal emails have been sent.

Ideas Please

 

[keat63]

maybe just take a peek inside /etc/outgoing_mail_suspended_users whilst we wait for an expert to come along.

 

[OwenC]

maybe just take a peek inside /etc/outgoing_mail_suspended_users whilst we wait for an expert to come along.

Maybe you sir should be in the "expert" category
I had actually checked that file previously, just very quickly, and the offending email address was not in there... HOWEVER...
There were 3 entries related to the domain, 2 for non-existing email addresses.. ie [email protected], plus one which was just the cpanel account name.
I deleted those 3 and problem has been solved!
So theres something a bit funny there that cpanel admins might like to follow up on.

Thank you for your input!

 

[cPanelLauren]

That's quite odd, 3 entries being present there, none of which are associated with the account in question shouldn't have any effect on the account. Is there anything in regard to that specific account in the cPanel access log when you search for it?

grep "[email protected]" /usr/local/cpanel/logs/access_log

 

[OwenC]

That's quite odd, 3 entries being present there, none of which are associated with the account in question shouldn't have any effect on the account. Is there anything in regard to that specific account in the cPanel access log when you search for it?

grep "[email protected]" /usr/local/cpanel/logs/access_log

Yes.. There were 3 entries returned.. this one and 2 similar but with dates from 2019 ...

xxx.xxx.202.19 - sales%40domain.com [10/31/2019:04:52:20 -0000] "GET /cpsess2609333740/login/?session=[email protected]:X9F9HKtj1ARZ5QA7,267c65c2b6a9c0f3f5f2b7bbff875f61 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763" "-" "-" 2096

What does this mean?

 

[cPanelLauren]

I'd wager this entry from 2019 as well is too old to be relevant to this issue. If someone manually added the accounts/user to that file via SSH it wouldn't show up in the access log, that's really the only instance I can see this occurring.

 

[OwenC]

Sorry, have led you astray a little by posting the wrong entry... The above Grep should have shown a date from this month, plus two like the above.
BIG thing is, I recall having email problem in 2019 as well... AND is seemed to be spam / hacker related. Certainly I have never manually edited the /outgoing_mail_suspended_users file.
Also not sure how/why, but running the grep now does not show anything??

 

[cPanelLauren]

Hi @OwenC

I'd say if you'd like to have it investigated further you should open a ticket, if you do open a ticket please update this thread with the ticket ID so that we can follow up here