Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Mailnull sending spam...

Discussion in 'E-mail Discussion' started by doulos61, Aug 3, 2011.

  1. doulos61

    doulos61 Well-Known Member

    Joined:
    Dec 13, 2006
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    156
    ... unless I am reading this incorrectly.

    I am having a large number of emails that are staying in the queue. Here is what I see at the initial investigation. There are two message id's involved; 1QoTYs-0007Q0-2U and 1QoTYm-0006mz-8R. In these example I have substituted "myserver.com" for my domain. Here are some sample headers -

    Code:
    [B]1QoTYs-0007Q0-2U[/B]-H
    mailnull 47 12
    <>
    1312347606 0
    -ident mailnull
    -received_protocol local
    -body_linecount 86
    -max_received_linelength 296
    -allow_unqualified_recipient
    -allow_unqualified_sender
    -frozen 1312347606
    -localerror
    XX
    1
    jennettekristy@jlbk.com
    
    154P Received: from mailnull by myserver.com with local (Exim 4.69)
    	id 1QoTYs-0007Q0-2U
    	for jennettekristy@jlbk.com; Tue, 02 Aug 2011 23:59:42 -0500
    097  X-Failed-Recipients: stagesandbag@shema.com,
      lamestcatholicity@shema.com,
      ifacgoek@shema.com
    029  Auto-Submitted: auto-replied
    064F From: Mail Delivery System <Mailer-Daemon@myserver.com>
    028T To: jennettekristy@jlbk.com
    059  Subject: Mail delivery failed: returning message to sender
    053I Message-Id: <E1QoTYs-0007Q0-2U@myserver.com>
    038  Date: Tue, 02 Aug 2011 23:59:42 -0500
     
    1QoTYs-0007Q0-2U-D
    This message was created automatically by mail delivery software.
    
    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:
    
      stagesandbag@shema.com
        The mail server detected your message as spam and has prevented delivery (50).
      lamestcatholicity@shema.com
        The mail server detected your message as spam and has prevented delivery (50).
      ifacgoek@shema.com
        The mail server detected your message as spam and has prevented delivery (50).
    
    ------ This is a copy of the message, including all the headers. ------
    
    Return-path: <jennettekristy@jlbk.com>
    Received: from [101.0.53.149] (port=1364 helo=gen47luvm.96uzd9b.1mhpkm2tsnr.gj)
    	by myserver.com with smtp (Exim 4.69)
    	(envelope-from <jennettekristy@jlbk.com>)
    	id 1QoTYm-0006mz-8R; Tue, 02 Aug 2011 23:59:42 -0500
    To: <ifacgoek@shema.com>
    Message-ID: <49g83f81y82-89150643-346a1i15@ojopnslaj>
    From: "ISABELLE NEREIDA" <jennettekristy@jlbk.com>
    And the exim_mainlog entry -

    Message 1QoTYs-0007Q0-2U
    Code:
    2011-08-02 23:59:42 [28520] 1QoTYs-0007Q0-2U <= <> R=1QoTYm-0006mz-8R U=mailnull P=local S=4939 T="Mail delivery failed: returning message to sender" f$
    2011-08-02 23:59:42 [28522] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1QoTYs-0007Q0-2U
    2011-08-02 23:59:42 [28522] 1QoTYs-0007Q0-2U ** jennettekristy@jlbk.com F=<> P=<> R=lookuphost T=remote_smtp: SMTP error from remote mail server after $
    2011-08-02 23:59:42 [28522] 1QoTYs-0007Q0-2U Frozen (delivery error message)
    and the originating message 1QoTYm-0006mz-8R
    Code:
    2011-08-02 23:59:42 [26101] 1QoTYm-0006mz-8R H=(gen47luvm.96uzd9b.1mhpkm2tsnr.gj) [101.0.53.149]:1364 I=[66.249.19.251]:25 Warning: "SpamAssassin $
    2011-08-02 23:59:42 [26101] 1QoTYm-0006mz-8R <= jennettekristy@jlbk.com H=(gen47luvm.96uzd9b.1mhpkm2tsnr.gj) [101.0.53.149]:1364 I=[66.249.19.251]$
    2011-08-02 23:59:42 [28518] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1QoTYm-0006mz-8R
    2011-08-02 23:59:42 [28518] 1QoTYm-0006mz-8R cancelled by system filter: The mail server detected your message as spam and has prevented delivery $
    2011-08-02 23:59:42 [28520] cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1QoTYm-0006mz-8R
    So the question is -
    For message (1QoTYs-0007Q0-2U) is the mailnull trying to send out spam message or notification of spam

    or,

    Is this mail message (1QoTYm-0006mz-8R) the real spam?

    I appreciate the input
    Thnx
    D
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    mailnull (exim) is trying to send a notification to the original sender that the message failed due to being spam.

    Code:
    Subject: Mail delivery failed: returning message to sender
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. doulos61

    doulos61 Well-Known Member

    Joined:
    Dec 13, 2006
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    156
    Thanks for the response, Tristan -
    Where I am confused for sure is who is the "original sender" of the email? I am doing what I can to root out any potential spam sending on my end. Just a side note; there are 4 email accounts on "@shema.com", and none of the ones listed here are vaild.

    Thnx
    D
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Could you provide the full exigrep output without truncating the lines for the messages? They terminate in $ so it's more difficult to see the full details. The sender is definitely jennettekristy@jlbk.com but, without seeing the full exigrep output for the messages, I cannot say which IP is definitely their IP and which is your IP.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. doulos61

    doulos61 Well-Known Member

    Joined:
    Dec 13, 2006
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    156
    Tristian,
    Would the command line be -

    Code:
    exigrep 1QoTYs-0007Q0-2U
    or something like that?

    Thnx
    D
     
  6. acenetgeorge

    acenetgeorge Well-Known Member
    PartnerNOC

    Joined:
    Mar 6, 2008
    Messages:
    66
    Likes Received:
    2
    Trophy Points:
    58
    Location:
    Southfield, MI
    cPanel Access Level:
    DataCenter Provider
    The command to use would be:

    Code:
     exigrep 1QoTYs-0007Q0-2U /var/log/exim_mainlog 
     
  7. doulos61

    doulos61 Well-Known Member

    Joined:
    Dec 13, 2006
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    156
    I was unable to locate it using the command. I know that I am still having this issue so I wll provied another example. I just didn't want you to think I wasn't responding. I will update before the weekend is out. Thanks everyone for the help.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice