The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problem receiving mail from specific domain

Discussion in 'E-mail Discussions' started by Sandro Luz, Aug 15, 2016.

Tags:
  1. Sandro Luz

    Sandro Luz Registered

    Joined:
    Nov 7, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brasil
    cPanel Access Level:
    Website Owner
    Hello community!

    First of all, thanks for this forum, already helped me many times. It's my first thread, so please forgive if I post it on wrong place.

    I don't have much knowledge about mail server, but my maintainer refused to help (yeah, I know). I'm on a CENTOS 6.8 x86_64 kvm – cloud with WHM 58.0 (build 19).

    I'm having problem to receive mails form a specific domain and I can't tell if the problem is from my server or him. When I send, they receive with no problems, but when they send, my server respond with the following message:

    [Removed - Please replace actual domain names and IP addresses with examples]

    I tried put this domain on a whitelist thinking that could be my spamassassin working, but don't had effect.

    I really have no clue on what to do. If someone can give me and idea...

    Thanks

    Having problem to edit my message, so here the edited message error

    Code:
    ---
    sample@mydomain.com.br
    Remote Server returned '< #5.0.0>'
    
    Cabeçalhos de mensagem originais:
    
    Return-Path: <sample@otherdomain.com>
    Received: from host.com.br
      by cloud.mydomain.com.br with esmtp (Exim 4.87)
      (envelope-from <sample@otherdomain.com>)
      id 1bXpwQ-0007Ck-VS
      for sample@mydomain.com.br; Thu, 11 Aug 2016 10:22:37 -0300
    X-AuditID: c0a8000e-65fff70000006184-07-57ac7bef8409
    Received: from host.com.br (Unknown_Domain)
      by  (Paic SMTP) with SMTP id 8C.5E.24964.FEB7CA75; Thu, 11 Aug 2016 10:21:54 -0300 (BRT)
    Received: from host.com.br by
    host.com.br with Microsoft SMTP Server (TLS)
    id 15.0.995.29; Thu, 11 Aug 2016 10:21:50 -0300
    Received: from host.com.br by
    host.com.br with mapi id
    15.00.0995.028; Thu, 11 Aug 2016 10:21:50 -0300
    From: Name Surname <sample@otherdomain.com>
    To: Name <sample@mydomain.com.br>
    Subject: Lida: SUBJECT
    Thread-Topic: SUBJECT
    Thread-Index: AQJegnjI+PO7pXcR5EX2JstrHB9+FQM9L4lNAgfHpggDcAAXn57j5JDggAEVQys=
    Date: Thu, 11 Aug 2016 13:21:50 +0000
    Message-ID: <host.com.br>
    In-Reply-To: <sample@mydomain.com.br>
    Accept-Language: pt-BR, en-US
    Content-Language: pt-BR
    X-MS-Has-Attach:
    X-MS-TNEF-Correlator:
    x-originating-ip: []
    Content-Type: multipart/report;
      boundary="_000_57796b9213ab4a94a14a2048be075322PPSRV09peninsulapartloc_";
      report-type=disposition-notification
    MIME-Version: 1.0
    X-Brightmail-Tracker: H4sIAAAAAAAAA3VUa1BUZRjm213gLPHhYReWl1Uc3bEfxbCZNIRNQzo0ZIjaZWy7ji5yYnfc25yzS4JTXAYTiEG8oAFDxUAKgsNqwOIIRqtNK1YWCOKolJeaJKO4DREgncvucqDp33ue570873ue+Qipoj5UTRgtdoq26E2aoBBZd0PAurixvc26tc46eWJ72ZngDWhT4b6OwJfQmyHPZlAmYxZFP5G0M8TQ6JpDNteyPaM/P5DloX5cguQEkE/BQO1pWQkKIRTk5wi6z/4TLHycR+AuuBEofFxCMPTlYBBXEkQ+Dz8UXAjm4ggyFm62T/C4koyC/PnLgQKugmPu5iAh3gpjtUWSEkQQMvJRuNCl4WBMboaW1l/4YXLyEIJfXeNSjkBkDNTMdvH9pWzPutZGiSCVhPrOK1IhjoT7dx8GCvFquHN6EHGNpFyj/N5pmTAhHC5V3pOVI2WVqFeVOK9KlCckWeFeR6dEiLUwWHEkSIhj4Xjt71IhjoOPH7pl/8W1cL6uQvYZkp9Eq2y2OL3NxtBZaxO1NspitDAOk96mp+3aXVazNp0+g4SfF9aB+pxJbkQSSBOKndlNOkWgPovJNrvRfkRINJFY+TaLhaVbM7INesawg3aYKEYTgYuym3UK7IfTHabdGjUezWFRpR+1UO8xJsrLSdkmihMkyd1CjJTb6d2U5SNon3sUfavawDncrLCaSqT2vOu0WT38WwhvwYpZvhNYnC1lV1bJSZEy6zGRYlsnVpML9knRthHtThlYSUJIXejAkSEsotd5ORhxqY3M8ZMrzQl7uakhfpQXlY0fsClKnygSFIM3vI0S6l81BI50YIcxQLtk9KDDiB1FO7hGpMcbXBY/BdSq7BuQ41OsUxEcErUKzCZzOKRInxBjHoV7tjIstEidrEetr6Ykxu5KMMnaRi5JKwflThwL3cC9r1ZuIsC3+Xu8ogX5M8CAhbuxURXWYFL+DFeZslRAMemVmz31y0IWOdC7ENwQgIzt/plMDo6GQbF9VMKGBssXAONI8dSYPaE5wVo+LE6DWavF26D+Sstr0JDo2cndB69bYDfZmrMMDzlsYPH+Ycd5rvvlyD4u/7TUgTTpW0H2Nes6M9yBLdu97EPwaGm3krusSurQeBpuNqEoCFvoANB59ThcwjaZgo8CL5trehFMF/X34dgsnTuBoK5j9qmEcxeK94ngcKm6XIJjH/RdVAyzHlKwnrKk8B7yq63iz31VwLvKS/q9dREAu8pL7jIU3y+ykf9n6f8tO9+6jx0cP2poaSclP5NyWmvveh8OW/lmjc2D6w3Z7UWP5f+SeXWsO+mDr8Vb41WpH3d85NrInnkm+axcyl3PriOK68Njwy979gYlup6PaTssfyM/e3Nzme6qseX1521l391NaLlHUqR/0p0pT1+08XJLZbjo9tPfW+L 750Z+jA5p11LbpPHXs5NTdLIGIP+ycelNKP/F30gCZK3BgAA
    X-Spam-Status: No, score=-100.9
    X-Spam-Score: -1008
    X-Spam-Bar: ---------------------------------------------------
    X-Ham-Report: Spam detection software, running on the system "cloud.mydomain.com.br",
    has NOT identified this incoming email as spam.  The original
    message has been attached to this so you can view it or label
    similar future email.  If you have any questions, see
    root\@localhost for details.
    Content preview:  A sua mensagem Para: NAME Assunto:
      SUBJECT Enviado: quarta-feira, 10 de agosto de 2016 17:51:40 (UTC-03:00)
      Brasília foi lida em quinta-feira, 11 de agosto de 2016 10:21:20 (UTC-03:00)
      Brasília. [...]
    Content analysis details:  (-100.9 points, 5.0 required)
    pts rule name  description
    ---- ---------------------- --------------------------------------------------
    -100 USER_IN_WHITELIST  From: address is in the user's white-list
    -1.9 BAYES_00  BODY: Bayes spam probability is 0 to 1%
      [score: 0.0000]
      0.0 HTML_MESSAGE  BODY: HTML included in message
      1.0 KAM_LAZY_DOMAIN_SECURITY Sending domain does not have any
      anti-forgery methods
    X-Spam-Flag: NO
    
    
     
    #1 Sandro Luz, Aug 15, 2016
    Last edited by a moderator: Aug 15, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you search for that message ID in /var/log/exim_mainlog and let us know the output? Here's an example of a command you can use:

    Code:
    exigrep 1bXpwQ-0007Ck-VS /var/log/exim_mainlog
    Thanks!
     
  3. Sandro Luz

    Sandro Luz Registered

    Joined:
    Nov 7, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brasil
    cPanel Access Level:
    Website Owner
    Hi Michael! Fist of all, really thanks for the reply!

    I tried run the exigrep on this ID but nothing happens. Them I looked on WHM for a similar sample (looks the same situation, with the same host) with another ID (1bZd6v-0003Mi-Qh) and run it.

    Here the output:
    Code:
    root@cloud [/var/log]# exigrep 1bZd6v-0003Mi-Qh exim_mainlog
    2016-08-16 09:05:00 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1bZd6v-0003Mi-Qh
    
    2016-08-16 09:05:00 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1bZd6v-0003Mi-Qh
    
    2016-08-16 09:05:00 1bZd6v-0003Mi-Qh H=host.com.br [IP]:22083 Warning: "SpamAssassin as myhost detected message as NOT spam (-98.1)"
    2016-08-16 09:05:00 1bZd6v-0003Mi-Qh <= sample@otherdomain.com H=host.com.br [IP]:22083 P=esmtp S=118969 id=23adbc9c4aa347afb6afc24c31f80475@host.com.br T="RES: SUBJECT" for name@mydomain.com.br
    2016-08-16 09:05:00 1bZd6v-0003Mi-Qh ** name@mydomain.com.br R=central_filter:
    2016-08-16 09:05:01 1bZd6v-0003Mi-Qh Completed
    
    2016-08-16 09:05:01 1bZd76-0003Mw-KM <= <> R=1bZd6v-0003Mi-Qh U=mailnull P=local S=7027 T="Mail delivery failed: returning message to sender" for sample@otherdomain.com
    2016-08-16 09:05:02 1bZd76-0003Mw-KM [IP] SSL verify error: depth=0 error=self signed certificate cert=/CN=host.com.br/OU=TI/O=PAIC Participacoes LTDA/L=Sao Paulo/ST=Sao Paulo/C=BR/emailAddress=name@host.com.br
    2016-08-16 09:05:02 1bZd76-0003Mw-KM [IP] SSL verify error: depth=0 error=certificate has expired cert=/CN=host.com.br/OU=TI/O=PAIC Participacoes LTDA/L=Sao Paulo/ST=Sao Paulo/C=BR/emailAddress=name@host.com.br
    2016-08-16 09:05:05 1bZd76-0003Mw-KM => sample@otherdomain.com R=dkim_lookuphost T=dkim_remote_smtp H=host.com.br [IP] X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 CV=no C="250 2.0.0 OK 8B/A9-24964-E6103B75"
    2016-08-16 09:05:05 1bZd76-0003Mw-KM Completed
    
    root@cloud [/var/log]# exigrep 1bXpwQ-0007Ck-VS exim_mainlog
    root@cloud [/var/log]# exigrep 1bXqQf-0007Yj-J6 exim_mainlog
    root@cloud [/var/log]# exigrep 1bZd6v-0003Mi-Qh exim_mainlog
    2016-08-16 09:05:00 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1bZd6v-0003Mi-Qh
    
    2016-08-16 09:05:00 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1bZd6v-0003Mi-Qh
    
    2016-08-16 09:05:00 1bZd6v-0003Mi-Qh H=host.com.br [IP]:22083 Warning: "SpamAssassin as myhost detected message as NOT spam (-98.1)"
    2016-08-16 09:05:00 1bZd6v-0003Mi-Qh <= sample@otherdomain.com H=host.com.br [IP]:22083 P=esmtp S=118969 id=23adbc9c4aa347afb6afc24c31f80475@host.com.br T="RES: SUBJECT" for name@mydomain.com.br
    2016-08-16 09:05:00 1bZd6v-0003Mi-Qh ** name@mydomain.com.br R=central_filter:
    2016-08-16 09:05:01 1bZd6v-0003Mi-Qh Completed
    
    2016-08-16 09:05:01 1bZd76-0003Mw-KM <= <> R=1bZd6v-0003Mi-Qh U=mailnull P=local S=7027 T="Mail delivery failed: returning message to sender" for sample@otherdomain.com
    2016-08-16 09:05:02 1bZd76-0003Mw-KM [IP] SSL verify error: depth=0 error=self signed certificate cert=/CN=host.com.br/OU=TI/O=PAIC Participacoes LTDA/L=Sao Paulo/ST=Sao Paulo/C=BR/emailAddress=name@host.com.br
    2016-08-16 09:05:02 1bZd76-0003Mw-KM [IP] SSL verify error: depth=0 error=certificate has expired cert=/CN=host.com.br/OU=TI/O=PAIC Participacoes LTDA/L=Sao Paulo/ST=Sao Paulo/C=BR/emailAddress=name@host.com.br
    2016-08-16 09:05:05 1bZd76-0003Mw-KM => sample@otherdomain.com R=dkim_lookuphost T=dkim_remote_smtp H=host.com.br [IP] X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 CV=no C="250 2.0.0 OK 8B/A9-24964-E6103B75"
    2016-08-16 09:05:05 1bZd76-0003Mw-KM Completed
    
    
    Hope it's right. Tks
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You can browse to the following options in cPanel for this account:

    "Global Filters"
    "Email Filters"

    Check to see if any filter rules exist that could be rejecting certain messages from that email account.

    Thank you.
     
    ruzbehraja likes this.
  5. Sandro Luz

    Sandro Luz Registered

    Joined:
    Nov 7, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brasil
    cPanel Access Level:
    Website Owner
    I looked over my rules to see if I can found any matching with the sender, on Global and on the Email filters, but none match.

    I even try to simulate the error on "Filter Test" at the Global Filters, but the result is that the delivery will occur. On this test part, O tested sending a message with bad words or from a blocked domain and the filter say that the message won't be delivered, so the filters are working.

    Here's the response of the test:

    "Testing Exim filter file "/etc/vfilters/mydomain.com.br"

    Filtering did not set up a significant delivery.
    Normal delivery will occur."
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page