Mystery Missing Messages

ramorse

Well-Known Member
Sep 6, 2003
256
5
168
cPanel Access Level
Root Administrator
I am on a mailing list generated by a local noaa.gov weather service. The notices are sent out automatically when there is a weather alert. I know they are being sent, because I am also on the list using a gmail.com address. I always get those. But the ones going to my domain address on a server I run do not show up.

I do a grep of exim_mainlog, maillog, exim_rejectlog, exim_paniclog and can find no record of the sending address.

I have whitelisted the sending's mail server and address in CpHulk, Exim RBLs, and still nothing. I do have MailScanner but I have whitelisted the address in MailScanne front end as well.

I am at a loss as to how to track this down. When I get an email directly from someone on at the noaa.gov domain it comes through fine.

Any ideas?
 

Infopro

Well-Known Member
May 20, 2003
17,075
524
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
Assuming the mails came at the same time to both of your email accounts, you should be able to find something about them here going by timestamp:
WHM »Email »Mail Delivery Reports

Mailscanner as well. You should be able to see something there, going by timestamp of the email you did get at the other address.
 

ramorse

Well-Known Member
Sep 6, 2003
256
5
168
cPanel Access Level
Root Administrator
Hmm. I haven't used WHM »Email »Mail Delivery Reports before. But when I do, no matter what I try, I get nothing. No results at all. When I use this tool on another server it works fine. But of course, my domain isn't on that server.

Using MailWatch I can find no messages at that timeframe 1:41 AM from that noaa.gov address.
 

ramorse

Well-Known Member
Sep 6, 2003
256
5
168
cPanel Access Level
Root Administrator
Well, yes, that's what I was saying more or less. Just wondering where else to look.

But now I am also concerned that on this server, I can generate no results for any search parameters using WHM »Email »Mail Delivery Reports. Why would that be? Perhaps I need to submit a support ticket.
 

sparek-3

Well-Known Member
Aug 10, 2002
2,173
280
388
cPanel Access Level
Root Administrator
This will probably have to be investigated at the noaa.gov mail server side of things, which I'm assuming you don't have access to?

Is the noaa.gov mail server sending out the notice to both of your email addresses at the same time?

Is the noaa.gov mail server getting any connection errors when trying to send to your cPanel based mail server?
 

ramorse

Well-Known Member
Sep 6, 2003
256
5
168
cPanel Access Level
Root Administrator
I will try and get answers, but it is the Federal government :). I get the sense that these particular messages are generated and sent automatically by a script. It's a weather alert notice that is probably triggered by some thresholds. I only really tried to troubleshoot this because one of our clients on the server is not receiving the alert messages. So, I asked to be added and also added my gmail account so I could see when the alerts are sent.
 

sparek-3

Well-Known Member
Aug 10, 2002
2,173
280
388
cPanel Access Level
Root Administrator
The issue may not necessarily be with the message generation, just with the sending part of the email.

For example, if the noaa.gov mail server is prioritizing and sending out messages to gmail.com addresses first and then later sending out to other domain names, then that right there would be your answer.

If the noaa.gov mail server is sending the same message out to your gmail.com address and your cpanel based email address at the exact same time, then what is causing issues? Can the noaa.gov mail server not connect to your cpanel server at that time? Is it timing out? Is it getting an error? How long is between when the noaa.gov mail server to connect to your cpanel based server and your cpanel server responds back with the message ID of the accepted message? Is your cpanel based server rejecting the message or connection for some reason?

That all has to be discovered from the sending side of things.
 

ramorse

Well-Known Member
Sep 6, 2003
256
5
168
cPanel Access Level
Root Administrator
Yeah. I will do my best. Another oddity is that while my gmail.com address is listed only once in the list of addresses that the alert is sent to, I receive 2 copies of the exact same alert.
 

ramorse

Well-Known Member
Sep 6, 2003
256
5
168
cPanel Access Level
Root Administrator
I think I found the issue! Using the Mail Delivery reports I see multiple messages from a sender that is not really the address in the from field. It looks like it's a forwarder from another noaa.gov address and it's being rejected due to "Sender verify failed". I assume that's because it has no spf record. I guess I can find a way to whitelist that address. Edit: I added the IP address to WHM -> Exim Configuration -> Access Lists -> Sender verification bypass IP addresses. I am hoping that will fix it.
 
Last edited: