Message Delivery Failure - Mail Delivery System

brand_land · Jun 13, 2019

One of the email accounts in my VPS has been receiving these emails with emails that he hasn't mailed, does that mean that the server have been exploited ? if so , how can figure it out ? and if not how do I find out what's causing it ?
Thank you

cPanelLauren · Jun 13, 2019

Hello @brand_land

It can mean that, but it can also mean legitimate mail you're sending is being rejected. You'd need to identify whether or not the mail was something legitimate or something you didn't send. You may want to work with your provider to get more information on the bouncebacks you're receiving as well.

brand_land · Jun 14, 2019

cPanelLauren said:
Hello @brand_land

It can mean that, but it can also mean legitimate mail you're sending is being rejected. You'd need to identify whether or not the mail was something legitimate or something you didn't send. You may want to work with your provider to get more information on the bouncebacks you're receiving as well.

No, no one sent them from the email address in question, what should I do to find out how are they being sent and if my VPS is exploited or not ?

Thank you

cPanelLauren · Jun 14, 2019

Since I'll assume you don't have root access to the server, and since you're indicating that the email address in question isn't sending those I'll assume that this is most likely a password compromise (if all the bouncebacks are originating from the same email account and the email account exists on your server)

In that case, you'd need to just change the password. If you're able to view the headers of the originally sent message it might be helpful as well. You may be able to find one by using the interface at WHM>>Email>>Mail Delivery Reports or if you don't have access to that the one within cPanel>>Email>>Track Delivery will work as well.

brand_land · Jun 17, 2019

cPanelLauren said:
Since I'll assume you don't have root access to the server, and since you're indicating that the email address in question isn't sending those I'll assume that this is most likely a password compromise (if all the bouncebacks are originating from the same email account and the email account exists on your server)

In that case, you'd need to just change the password. If you're able to view the headers of the originally sent message it might be helpful as well. You may be able to find one by using the interface at WHM>>Email>>Mail Delivery Reports or if you don't have access to that the one within cPanel>>Email>>Track Delivery will work as well.

I found some mails but the header is empty, it shows like this :
<>
is this normal ?

Thread starter	Similar threads	Forum	Replies	Date
H	Mail delivery failed: returning message to sender user has sent a high volume of mail detected as spam in last 24 hours	Email	2	Wednesday at 9:51 PM
I	Message Delivery Failure - Mail Delivery System	Email	7	May 3, 2019
	Message Delivery Failure - Mail Delivery System	Email	14	Jun 27, 2017
P	Email Delivery Failure Messages	Email	2	Sep 28, 2015
W	Requeuing failed (failure) messages for another delivery attempt	Email	2	Nov 7, 2012

Search

Search

Message Delivery Failure - Mail Delivery System

brand_land

Active Member

cPanelLauren

Product Owner

brand_land

Active Member

cPanelLauren

Product Owner

brand_land

Active Member