Mystery Missing Messages

[ramorse]

I am on a mailing list generated by a local noaa.gov weather service. The notices are sent out automatically when there is a weather alert. I know they are being sent, because I am also on the list using a gmail.com address. I always get those. But the ones going to my domain address on a server I run do not show up.

I do a grep of exim_mainlog, maillog, exim_rejectlog, exim_paniclog and can find no record of the sending address.

I have whitelisted the sending's mail server and address in CpHulk, Exim RBLs, and still nothing. I do have MailScanner but I have whitelisted the address in MailScanne front end as well.

I am at a loss as to how to track this down. When I get an email directly from someone on at the noaa.gov domain it comes through fine.

Any ideas?

 

[Infopro]

Assuming the mails came at the same time to both of your email accounts, you should be able to find something about them here going by timestamp:
WHM »Email »Mail Delivery Reports

Mailscanner as well. You should be able to see something there, going by timestamp of the email you did get at the other address.

 

[ramorse]

Hmm. I haven't used WHM »Email »Mail Delivery Reports before. But when I do, no matter what I try, I get nothing. No results at all. When I use this tool on another server it works fine. But of course, my domain isn't on that server.

Using MailWatch I can find no messages at that timeframe 1:41 AM from that noaa.gov address.

 

[Infopro]

Something is amiss somewhere else then I would think. If it got blocked or received on your server you'd have a log entry here somewhere.

Let's us know how it turns out.

 

[ramorse]

Well, yes, that's what I was saying more or less. Just wondering where else to look.

But now I am also concerned that on this server, I can generate no results for any search parameters using WHM »Email »Mail Delivery Reports. Why would that be? Perhaps I need to submit a support ticket.

 

[Infopro]

Please feel free to do so.

On the generate report page there are other options you might try enabling to see if that makes any difference.

 

[ramorse]

I will. I have tried lots of options including "No Filter" and expanding the date range. Nothing.

 

[sparek-3]

This will probably have to be investigated at the noaa.gov mail server side of things, which I'm assuming you don't have access to?

Is the noaa.gov mail server sending out the notice to both of your email addresses at the same time?

Is the noaa.gov mail server getting any connection errors when trying to send to your cPanel based mail server?

 

[ramorse]

I will try and get answers, but it is the Federal government . I get the sense that these particular messages are generated and sent automatically by a script. It's a weather alert notice that is probably triggered by some thresholds. I only really tried to troubleshoot this because one of our clients on the server is not receiving the alert messages. So, I asked to be added and also added my gmail account so I could see when the alerts are sent.

 

[sparek-3]

The issue may not necessarily be with the message generation, just with the sending part of the email.

For example, if the noaa.gov mail server is prioritizing and sending out messages to gmail.com addresses first and then later sending out to other domain names, then that right there would be your answer.

If the noaa.gov mail server is sending the same message out to your gmail.com address and your cpanel based email address at the exact same time, then what is causing issues? Can the noaa.gov mail server not connect to your cpanel server at that time? Is it timing out? Is it getting an error? How long is between when the noaa.gov mail server to connect to your cpanel based server and your cpanel server responds back with the message ID of the accepted message? Is your cpanel based server rejecting the message or connection for some reason?

That all has to be discovered from the sending side of things.

 

[ramorse]

Yeah. I will do my best. Another oddity is that while my gmail.com address is listed only once in the list of addresses that the alert is sent to, I receive 2 copies of the exact same alert.

 

[ramorse]

I think I found the issue! Using the Mail Delivery reports I see multiple messages from a sender that is not really the address in the from field. It looks like it's a forwarder from another noaa.gov address and it's being rejected due to "Sender verify failed". I assume that's because it has no spf record. I guess I can find a way to whitelist that address. Edit: I added the IP address to WHM -> Exim Configuration -> Access Lists -> Sender verification bypass IP addresses. I am hoping that will fix it.