The messages from the affected email address were Greylisted because the domain name associated with the email address lacks DNS entries because it's authoritative nameservers do not contain information on it:
# dig +short txt domain.tld
# dig +short default._domainkey.domain.tld
# dig +short domain.tld
In addition, the server's Exim configuration contains a number of custom modifications, one of which is the "host_find_failed" directive, which is set to defer:
# grep host_find_failed /etc/exim.conf
host_find_failed = defer
Apparently as a result of this customization, the messages are being deferred:
# grep domain.tld /usr/local/cpanel/logs/cpgreylistd.log | grep -v get_deferred_list | tail -5
[2019-04-15 06:32:10 -0500] info [cpgreylistd] Request:- OP: ['should_defer'], Sender IP: ['1.2.3.4'], From Address: ['
[email protected]'], To Address: ['
[email protected]']. Reply:- ['yes']
And it appears that they are then removed from the cpgreylistd database 24 hours after the first message attempt is sent. This is the first entry in the cpgreylist log file for the message:
[2019-04-14 10:34:40 -0500] info [cpgreylistd] Request:- OP: ['should_defer'], Sender IP: ['1.2.3.4'], From Address: ['
[email protected]'], To Address: ['
[email protected]']. Reply:- ['yes']
And this is the last entry for it, a little over 24 hours later:
[2019-04-15 11:12:12 -0500] info [cpgreylistd] Request:- OP: ['should_defer'], Sender IP: ['1.2.3.4'], From Address: ['
[email protected]], To Address: ['
[email protected]']. Reply:- ['yes']
It thus appears that the message is essentially disappearing without being either delivered or rejected.
You may therefore wish to remove the "host_find_failed = defer" line from the Exim customizations, then restart Exim for the change to take effect to see if doing that resolves this issue. However, ultimately, the issue lies with the lack of DNS resolution for the domain.tld domain, which will need to be addressed by the administrators of that domain.
