Problem receiving mail from specific domain

Sandro Luz

Registered
Nov 7, 2015
3
0
1
Brasil
cPanel Access Level
Website Owner
Hello community!

First of all, thanks for this forum, already helped me many times. It's my first thread, so please forgive if I post it on wrong place.

I don't have much knowledge about mail server, but my maintainer refused to help (yeah, I know). I'm on a CENTOS 6.8 x86_64 kvm – cloud with WHM 58.0 (build 19).

I'm having problem to receive mails form a specific domain and I can't tell if the problem is from my server or him. When I send, they receive with no problems, but when they send, my server respond with the following message:

[Removed - Please replace actual domain names and IP addresses with examples]

I tried put this domain on a whitelist thinking that could be my spamassassin working, but don't had effect.

I really have no clue on what to do. If someone can give me and idea...

Thanks

Having problem to edit my message, so here the edited message error

Code:
---
[email protected]
Remote Server returned '< #5.0.0>'

Cabeçalhos de mensagem originais:

Return-Path: <[email protected]>
Received: from host.com.br
  by cloud.mydomain.com.br with esmtp (Exim 4.87)
  (envelope-from <[email protected]>)
  id 1bXpwQ-0007Ck-VS
  for [email protected]; Thu, 11 Aug 2016 10:22:37 -0300
X-AuditID: c0a8000e-65fff70000006184-07-57ac7bef8409
Received: from host.com.br (Unknown_Domain)
  by  (Paic SMTP) with SMTP id 8C.5E.24964.FEB7CA75; Thu, 11 Aug 2016 10:21:54 -0300 (BRT)
Received: from host.com.br by
host.com.br with Microsoft SMTP Server (TLS)
id 15.0.995.29; Thu, 11 Aug 2016 10:21:50 -0300
Received: from host.com.br by
host.com.br with mapi id
15.00.0995.028; Thu, 11 Aug 2016 10:21:50 -0300
From: Name Surname <[email protected]>
To: Name <[email protected]>
Subject: Lida: SUBJECT
Thread-Topic: SUBJECT
Thread-Index: AQJegnjI+PO7pXcR5EX2JstrHB9+FQM9L4lNAgfHpggDcAAXn57j5JDggAEVQys=
Date: Thu, 11 Aug 2016 13:21:50 +0000
Message-ID: <host.com.br>
In-Reply-To: <[email protected]>
Accept-Language: pt-BR, en-US
Content-Language: pt-BR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: []
Content-Type: multipart/report;
  boundary="_000_57796b9213ab4a94a14a2048be075322PPSRV09peninsulapartloc_";
  report-type=disposition-notification
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA3VUa1BUZRjm213gLPHhYReWl1Uc3bEfxbCZNIRNQzo0ZIjaZWy7ji5yYnfc25yzS4JTXAYTiEG8oAFDxUAKgsNqwOIIRqtNK1YWCOKolJeaJKO4DREgncvucqDp33ue570873ue+Qipoj5UTRgtdoq26E2aoBBZd0PAurixvc26tc46eWJ72ZngDWhT4b6OwJfQmyHPZlAmYxZFP5G0M8TQ6JpDNteyPaM/P5DloX5cguQEkE/BQO1pWQkKIRTk5wi6z/4TLHycR+AuuBEofFxCMPTlYBBXEkQ+Dz8UXAjm4ggyFm62T/C4koyC/PnLgQKugmPu5iAh3gpjtUWSEkQQMvJRuNCl4WBMboaW1l/4YXLyEIJfXeNSjkBkDNTMdvH9pWzPutZGiSCVhPrOK1IhjoT7dx8GCvFquHN6EHGNpFyj/N5pmTAhHC5V3pOVI2WVqFeVOK9KlCckWeFeR6dEiLUwWHEkSIhj4Xjt71IhjoOPH7pl/8W1cL6uQvYZkp9Eq2y2OL3NxtBZaxO1NspitDAOk96mp+3aXVazNp0+g4SfF9aB+pxJbkQSSBOKndlNOkWgPovJNrvRfkRINJFY+TaLhaVbM7INesawg3aYKEYTgYuym3UK7IfTHabdGjUezWFRpR+1UO8xJsrLSdkmihMkyd1CjJTb6d2U5SNon3sUfavawDncrLCaSqT2vOu0WT38WwhvwYpZvhNYnC1lV1bJSZEy6zGRYlsnVpML9knRthHtThlYSUJIXejAkSEsotd5ORhxqY3M8ZMrzQl7uakhfpQXlY0fsClKnygSFIM3vI0S6l81BI50YIcxQLtk9KDDiB1FO7hGpMcbXBY/BdSq7BuQ41OsUxEcErUKzCZzOKRInxBjHoV7tjIstEidrEetr6Ykxu5KMMnaRi5JKwflThwL3cC9r1ZuIsC3+Xu8ogX5M8CAhbuxURXWYFL+DFeZslRAMemVmz31y0IWOdC7ENwQgIzt/plMDo6GQbF9VMKGBssXAONI8dSYPaE5wVo+LE6DWavF26D+Sstr0JDo2cndB69bYDfZmrMMDzlsYPH+Ycd5rvvlyD4u/7TUgTTpW0H2Nes6M9yBLdu97EPwaGm3krusSurQeBpuNqEoCFvoANB59ThcwjaZgo8CL5trehFMF/X34dgsnTuBoK5j9qmEcxeK94ngcKm6XIJjH/RdVAyzHlKwnrKk8B7yq63iz31VwLvKS/q9dREAu8pL7jIU3y+ykf9n6f8tO9+6jx0cP2poaSclP5NyWmvveh8OW/lmjc2D6w3Z7UWP5f+SeXWsO+mDr8Vb41WpH3d85NrInnkm+axcyl3PriOK68Njwy979gYlup6PaTssfyM/e3Nzme6qseX1521l391NaLlHUqR/0p0pT1+08XJLZbjo9tPfW+L 750Z+jA5p11LbpPHXs5NTdLIGIP+ycelNKP/F30gCZK3BgAA
X-Spam-Status: No, score=-100.9
X-Spam-Score: -1008
X-Spam-Bar: ---------------------------------------------------
X-Ham-Report: Spam detection software, running on the system "cloud.mydomain.com.br",
has NOT identified this incoming email as spam.  The original
message has been attached to this so you can view it or label
similar future email.  If you have any questions, see
root\@localhost for details.
Content preview:  A sua mensagem Para: NAME Assunto:
  SUBJECT Enviado: quarta-feira, 10 de agosto de 2016 17:51:40 (UTC-03:00)
  Brasília foi lida em quinta-feira, 11 de agosto de 2016 10:21:20 (UTC-03:00)
  Brasília. [...]
Content analysis details:  (-100.9 points, 5.0 required)
pts rule name  description
---- ---------------------- --------------------------------------------------
-100 USER_IN_WHITELIST  From: address is in the user's white-list
-1.9 BAYES_00  BODY: Bayes spam probability is 0 to 1%
  [score: 0.0000]
  0.0 HTML_MESSAGE  BODY: HTML included in message
  1.0 KAM_LAZY_DOMAIN_SECURITY Sending domain does not have any
  anti-forgery methods
X-Spam-Flag: NO
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
Hello,

Could you search for that message ID in /var/log/exim_mainlog and let us know the output? Here's an example of a command you can use:

Code:
exigrep 1bXpwQ-0007Ck-VS /var/log/exim_mainlog
Thanks!
 

Sandro Luz

Registered
Nov 7, 2015
3
0
1
Brasil
cPanel Access Level
Website Owner
Hello,

Could you search for that message ID in /var/log/exim_mainlog and let us know the output? Here's an example of a command you can use:

Code:
exigrep 1bXpwQ-0007Ck-VS /var/log/exim_mainlog
Thanks!
Hi Michael! Fist of all, really thanks for the reply!

I tried run the exigrep on this ID but nothing happens. Them I looked on WHM for a similar sample (looks the same situation, with the same host) with another ID (1bZd6v-0003Mi-Qh) and run it.

Here the output:
Code:
[email protected] [/var/log]# exigrep 1bZd6v-0003Mi-Qh exim_mainlog
2016-08-16 09:05:00 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1bZd6v-0003Mi-Qh

2016-08-16 09:05:00 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1bZd6v-0003Mi-Qh

2016-08-16 09:05:00 1bZd6v-0003Mi-Qh H=host.com.br [IP]:22083 Warning: "SpamAssassin as myhost detected message as NOT spam (-98.1)"
2016-08-16 09:05:00 1bZd6v-0003Mi-Qh <= [email protected] H=host.com.br [IP]:22083 P=esmtp S=118969 [email protected] T="RES: SUBJECT" for [email protected]
2016-08-16 09:05:00 1bZd6v-0003Mi-Qh ** [email protected] R=central_filter:
2016-08-16 09:05:01 1bZd6v-0003Mi-Qh Completed

2016-08-16 09:05:01 1bZd76-0003Mw-KM <= <> R=1bZd6v-0003Mi-Qh U=mailnull P=local S=7027 T="Mail delivery failed: returning message to sender" for [email protected]
2016-08-16 09:05:02 1bZd76-0003Mw-KM [IP] SSL verify error: depth=0 error=self signed certificate cert=/CN=host.com.br/OU=TI/O=PAIC Participacoes LTDA/L=Sao Paulo/ST=Sao Paulo/C=BR/[email protected]
2016-08-16 09:05:02 1bZd76-0003Mw-KM [IP] SSL verify error: depth=0 error=certificate has expired cert=/CN=host.com.br/OU=TI/O=PAIC Participacoes LTDA/L=Sao Paulo/ST=Sao Paulo/C=BR/[email protected]
2016-08-16 09:05:05 1bZd76-0003Mw-KM => [email protected] R=dkim_lookuphost T=dkim_remote_smtp H=host.com.br [IP] X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 CV=no C="250 2.0.0 OK 8B/A9-24964-E6103B75"
2016-08-16 09:05:05 1bZd76-0003Mw-KM Completed

[email protected] [/var/log]# exigrep 1bXpwQ-0007Ck-VS exim_mainlog
[email protected] [/var/log]# exigrep 1bXqQf-0007Yj-J6 exim_mainlog
[email protected] [/var/log]# exigrep 1bZd6v-0003Mi-Qh exim_mainlog
2016-08-16 09:05:00 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1bZd6v-0003Mi-Qh

2016-08-16 09:05:00 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1bZd6v-0003Mi-Qh

2016-08-16 09:05:00 1bZd6v-0003Mi-Qh H=host.com.br [IP]:22083 Warning: "SpamAssassin as myhost detected message as NOT spam (-98.1)"
2016-08-16 09:05:00 1bZd6v-0003Mi-Qh <= [email protected] H=host.com.br [IP]:22083 P=esmtp S=118969 [email protected] T="RES: SUBJECT" for [email protected]
2016-08-16 09:05:00 1bZd6v-0003Mi-Qh ** [email protected] R=central_filter:
2016-08-16 09:05:01 1bZd6v-0003Mi-Qh Completed

2016-08-16 09:05:01 1bZd76-0003Mw-KM <= <> R=1bZd6v-0003Mi-Qh U=mailnull P=local S=7027 T="Mail delivery failed: returning message to sender" for [email protected]
2016-08-16 09:05:02 1bZd76-0003Mw-KM [IP] SSL verify error: depth=0 error=self signed certificate cert=/CN=host.com.br/OU=TI/O=PAIC Participacoes LTDA/L=Sao Paulo/ST=Sao Paulo/C=BR/[email protected]
2016-08-16 09:05:02 1bZd76-0003Mw-KM [IP] SSL verify error: depth=0 error=certificate has expired cert=/CN=host.com.br/OU=TI/O=PAIC Participacoes LTDA/L=Sao Paulo/ST=Sao Paulo/C=BR/[email protected]
2016-08-16 09:05:05 1bZd76-0003Mw-KM => [email protected] R=dkim_lookuphost T=dkim_remote_smtp H=host.com.br [IP] X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 CV=no C="250 2.0.0 OK 8B/A9-24964-E6103B75"
2016-08-16 09:05:05 1bZd76-0003Mw-KM Completed
Hope it's right. Tks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
2016-08-16 09:05:00 1bZd6v-0003Mi-Qh ** [email protected] R=central_filter: 2016-08-16 09:05:01 1bZd6v-0003Mi-Qh Completed
You can browse to the following options in cPanel for this account:

"Global Filters"
"Email Filters"

Check to see if any filter rules exist that could be rejecting certain messages from that email account.

Thank you.
 
  • Like
Reactions: ruzbehraja

Sandro Luz

Registered
Nov 7, 2015
3
0
1
Brasil
cPanel Access Level
Website Owner
You can browse to the following options in cPanel for this account:

"Global Filters"
"Email Filters"

Check to see if any filter rules exist that could be rejecting certain messages from that email account.

Thank you.
I looked over my rules to see if I can found any matching with the sender, on Global and on the Email filters, but none match.

I even try to simulate the error on "Filter Test" at the Global Filters, but the result is that the delivery will occur. On this test part, O tested sending a message with bad words or from a blocked domain and the filter say that the message won't be delivered, so the filters are working.

Here's the response of the test:

"Testing Exim filter file "/etc/vfilters/mydomain.com.br"

Filtering did not set up a significant delivery.
Normal delivery will occur."
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.
 
Thread starter Similar threads Forum Replies Date
A Email 2
E Email 2
D Email 1
A Email 1
A Email 1