The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

root emailing an account but can't figure out what or why.

Discussion in 'E-mail Discussions' started by keat63, Feb 25, 2015.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    844
    Likes Received:
    25
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I have all root emails from my server being sent to myemail@mydomain.com

    On the same server I have an email account which is used for sending automated customer invoices, lets call this invoicing@mydomain.com
    This email has an auto responder saying words along the lines "This is an unmanned mailbox, please cal us"

    About twice per day, i receive one of these auto responses in myemail@mydomain.com, but for the life of me can't figure out why.

    I can only assume that root is sending an email to invoicing@mydomain.com, which in turn is replying.
    The odd thing is, I've even created a newinvoicing@mydomain.com and it still does it.

    Code:
    Return-path: <auto.invoice@mydomain.com>
Envelope-to: Mailer-Daemon@host.servername.com
Delivery-date: Wed, 25 Feb 2015 18:44:06 +0000
Received: from user-account by host.servername.com with local (Exim 4.84)
(envelope-from <auto.invoice@mydomain.com>)
id 1YQgwI-0007Kb-Jj
for Mailer-Daemon@host.servername.com; Wed, 25 Feb 2015 18:44:06 +0000
To: Mail Delivery System <Mailer-Daemon@host.servername.com>
X-Autorespond: Warning: message 1YQGZZ-0007aZ-K6 delayed 24 hours
MIME-Version: 1.0
X-Loop: Mail Delivery System <Mailer-Daemon@host.servername.com>
Precedence: auto_reply
X-Precedence: auto_reply
From: "mail delivery system <mailer-daemon@host.servername.com>" <auto.invoice@mydomain.com>
Content-type: text/plain; charset=utf-8
Subject: re: Warning: message 1YQGZZ-0007aZ-K6 delayed 24 hours
Message-Id: <E1YQgwI-0007Kb-Jj@host.servername.com>
Date: Wed, 25 Feb 2015 18:44:06 +0000
    Your email has reached an automated, non monitored mailbox, and will go unread.
    If you need to contact us, or would like to change the way we communicate with you, please call us on XXX XXX XXXXX


    I searched the logs for 1YQGZZ-0007aZ-K6, and it's a deferred email (customer invoice) sent from auto.invoice@mydomain.com.

    And I can see that 1YQgwI-0007Kb-Jj is a message sent to root from auto.invoice@mydomain.com, but why ?
     
    #1 keat63, Feb 25, 2015
    Last edited: Feb 25, 2015
  2. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    646
    Likes Received:
    11
    Trophy Points:
    68
    Isnt your hosted php script set to send an email to non existing address? im just guessing, im noob.
     
    #2 postcd, Feb 25, 2015
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    844
    Likes Received:
    25
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    It's not a PHP script, its an application running on a PC in the office.
    Basically works just like an email client, which has a valid to and from address.
    Its seems the auto.invoice address is replying to root, but i can't see root sending anything, so i'm confused why it's replying.
     
    #3 keat63, Feb 25, 2015
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    35,630
    Likes Received:
    1,136
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    What's the output when you search for "auto.invoice" in /var/log/exim_mainlog? EX:

    Code:
    exigrep auto.invoice /var/log/exim_mainlog
    Thank you.
     
    #4 cPanelMichael, Feb 26, 2015
  5. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    844
    Likes Received:
    25
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    Unfortunately, auto.invoice is sending a very large number of legitimate emails, so the logs will be huge.
    However, i found this around the time.
    I believe this might be auto.invoice emailing root.

    Code:
    2015-02-25 18:44:06 cwd=/home/user-acc 3 args: /usr/sbin/sendmail [email]-fauto.invoice@mydomain.com[/email] -t

2015-02-25 18:44:06 1YQgwH-0007KR-VJ <= <> R=1YQGZZ-0007aZ-K6 U=mailnull P=local S=1133 T="Warning: message 1YQGZZ-0007aZ-K6 delayed 24 hours" for [email]auto.invoice@mydomain.com[/email]
2015-02-25 18:44:06 1YQgwH-0007KR-VJ => auto.invoice <auto.invoice@mydomain.com> R=virtual_user T=virtual_userdelivery
2015-02-25 18:44:06 1YQgwH-0007KR-VJ => |/usr/local/cpanel/bin/autorespond [email]auto.invoice@mydomain.com[/email] /home/user-acc/.autorespond (auto.invoice@mydomain.com) <auto.invoice@mydomain.com> R=virtual_aliases_nostar T=jailed_virtual_address_pipe
2015-02-25 18:44:06 1YQgwH-0007KR-VJ Completed

2015-02-25 18:44:06 1YQgwI-0007Kb-Jj <= [email]auto.invoice@mydomain.com[/email] U=user-acc P=local S=1016 T="re: Warning: message 1YQGZZ-0007aZ-K6 delayed 24 hours" for [email]Mailer-Daemon@host.myserver.co.uk[/email]
2015-02-25 18:44:07 1YQgwI-0007Kb-Jj => server (root@host.myserver.co.uk, [email]postmaster@host.myserver.co.uk[/email]) <Mailer-Daemon@host.myserver.co.uk> R=virtual_user T=virtual_userdelivery
2015-02-25 18:44:07 1YQgwI-0007Kb-Jj Completed


    And here is the K6 going out.



    Code:
    2015-02-24 14:34:54 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1YQGZZ-0007aZ-K6

2015-02-25 18:44:05 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1YQGZZ-0007aZ-K6

2015-02-25 18:44:06 1YQgwH-0007KR-VJ <= <> R=1YQGZZ-0007aZ-K6 U=mailnull P=local S=1133 T="Warning: message 1YQGZZ-0007aZ-K6 delayed 24 hours" for [email]auto.invoice@mydomain.co.uk[/email]
2015-02-25 18:44:06 1YQgwH-0007KR-VJ => auto.invoice <auto.invoice@mydomain.co.uk> R=virtual_user T=virtual_userdelivery
2015-02-25 18:44:06 1YQgwH-0007KR-VJ => |/usr/local/cpanel/bin/autorespond [email]auto.invoice@mydomain.co.uk[/email] /home/user-acc/.autorespond (auto.invoice@mydomain.co.uk) <auto.invoice@mydomain.co.uk> R=virtual_aliases_nostar T=jailed_virtual_address_pipe
2015-02-25 18:44:06 1YQgwH-0007KR-VJ Completed

2015-02-25 18:44:06 1YQgwI-0007Kb-Jj <= [email]auto.invoice@mydomain.co.uk[/email] U=user-acc P=local S=1016 T="re: Warning: message 1YQGZZ-0007aZ-K6 delayed 24 hours" for [email]Mailer-Daemon@host.servername.co.uk[/email]
2015-02-25 18:44:07 1YQgwI-0007Kb-Jj => server (root@host.servername.co.uk, [email]postmaster@host.servername.co.uk[/email]) <Mailer-Daemon@host.servername.co.uk> R=virtual_user T=virtual_userdelivery
2015-02-25 18:44:07 1YQgwI-0007Kb-Jj Completed

+++ 1YQGZZ-0007aZ-K6 has not completed +++
2015-02-24 14:34:54 1YQGZZ-0007aZ-K6 H=host81-134-17-175.in-addr.btopenworld.com (PRINTMACHINEPC) [xx.xxx.xx.xxx]:55231 Warning: Message has been scanned: no virus or other harmful content was found
2015-02-24 14:34:54 1YQGZZ-0007aZ-K6 <= [email]auto.invoice@mydomain.co.uk[/email] H=hostxx-xxx-xx-xxx.in-addr.btopenworld.com (PRINTMACHINEPC) [xx.xxx.xx.xxx]:55231 P=esmtpa A=dovecot_login:auto.invoice@mydomain.co.uk S=225290 id=BFA8A45A0A014D0AB0ADFDD202BC929C@user-acc.local for [email]caroline@customer.co.uk[/email]
2015-02-24 14:34:54 1YQGZZ-0007aZ-K6 SMTP connection outbound 1424788494 1YQGZZ-0007aZ-K6 mydomain.co.uk [email]caroline@customer.co.uk[/email]
2015-02-24 14:35:57 1YQGZZ-0007aZ-K6 customer.co.uk [69.172.201.208] Connection timed out
2015-02-24 14:35:57 1YQGZZ-0007aZ-K6 == [email]caroline@customer.co.uk[/email] R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out
2015-02-24 15:00:02 1YQGZZ-0007aZ-K6 customer.co.uk [69.172.201.208] Connection timed out
2015-02-24 15:00:02 1YQGZZ-0007aZ-K6 == [email]caroline@customer.co.uk[/email] R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out
2015-02-24 16:00:02 1YQGZZ-0007aZ-K6 customer.co.uk [69.172.201.208] Connection timed out
2015-02-24 16:00:02 1YQGZZ-0007aZ-K6 == [email]caroline@customer.co.uk[/email] R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out
2015-02-24 17:00:02 1YQGZZ-0007aZ-K6 customer.co.uk [69.172.201.208] Connection timed out
2015-02-24 17:00:02 1YQGZZ-0007aZ-K6 == [email]caroline@customer.co.uk[/email] R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out
2015-02-24 19:00:02 1YQGZZ-0007aZ-K6 customer.co.uk [69.172.201.208] Connection timed out
2015-02-24 19:00:02 1YQGZZ-0007aZ-K6 == [email]caroline@customer.co.uk[/email] R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out
2015-02-24 21:00:02 1YQGZZ-0007aZ-K6 customer.co.uk [69.172.201.208] Connection timed out
2015-02-24 21:00:02 1YQGZZ-0007aZ-K6 == [email]caroline@customer.co.uk[/email] R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out
2015-02-25 00:00:02 1YQGZZ-0007aZ-K6 customer.co.uk [69.172.201.208] Connection timed out
2015-02-25 00:00:02 1YQGZZ-0007aZ-K6 == [email]caroline@customer.co.uk[/email] R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out
2015-02-25 04:00:02 1YQGZZ-0007aZ-K6 customer.co.uk [69.172.201.208] Connection timed out
2015-02-25 04:00:02 1YQGZZ-0007aZ-K6 == [email]caroline@customer.co.uk[/email] R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out
2015-02-25 09:44:08 1YQGZZ-0007aZ-K6 customer.co.uk [69.172.201.208] Connection timed out
2015-02-25 09:44:08 1YQGZZ-0007aZ-K6 == [email]caroline@customer.co.uk[/email] R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out
2015-02-25 18:44:05 1YQGZZ-0007aZ-K6 customer.co.uk [69.172.201.208] Connection timed out
2015-02-25 18:44:05 1YQGZZ-0007aZ-K6 == [email]caroline@customer.co.uk[/email] R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out
2015-02-26 03:44:07 1YQGZZ-0007aZ-K6 customer.co.uk [69.172.201.208] Connection timed out
2015-02-26 03:44:07 1YQGZZ-0007aZ-K6 == [email]caroline@customer.co.uk[/email] R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out
2015-02-26 12:44:07 1YQGZZ-0007aZ-K6 customer.co.uk [69.172.201.208] Connection timed out
2015-02-26 12:44:07 1YQGZZ-0007aZ-K6 == [email]caroline@customer.co.uk[/email] R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out
     
    #5 keat63, Feb 26, 2015
    Last edited by a moderator: Feb 26, 2015
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    35,630
    Likes Received:
    1,136
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Should the "auto.invoice@mydomain" email address receive any email? If not, then you could setup an email filter that fails with a specific bounce message (e.g. not a valid address, call number) instead of using an autoresponder.

    Thank you.
     
    #6 cPanelMichael, Feb 26, 2015
  7. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    844
    Likes Received:
    25
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    Being a new application bolted to our antiquated invoicing system, there are a number of typo's and mis formed email addresses, so i sort of rely on the mailbox to capture any bounces.
    The bounces give me more information as to who the customer was, so really need the it to be honest.
     
    #7 keat63, Feb 26, 2015
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    35,630
    Likes Received:
    1,136
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    You may just want to setup a filter to move these specific messages to another email folder for your review.

    Thank you.
     
    #8 cPanelMichael, Mar 3, 2015
  9. kdean

    kdean Well-Known Member

    Joined:
    Oct 19, 2012
    Messages:
    267
    Likes Received:
    12
    Trophy Points:
    18
    Location:
    Orlando, FL
    cPanel Access Level:
    Root Administrator
    You originally asked why root was receiving an email and I don't think I've seen anyone explain. From the contents of your first post this what looks to be happening.

    auto.invoice@mydomain.com is sending an email to an address that your mail server is having problems delivering to, causing a delay.

    Your Mailer-Daemon@host.servername.com is sending a "delayed 24 hours" email notification to auto.invoice@mydomain.com which in turns triggers it's auto-reply to respond to Mailer-Daemon@host.servername.com which in turn delivers that response to root.

    This is why root is receiving an email as far as I could see.

    Seems that cPanel should add a feature so that mail accounts don't auto respond to local Mailer-Daemon emails.
     
    #9 kdean, Mar 3, 2015
    Last edited: Mar 4, 2015
  10. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    844
    Likes Received:
    25
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    KDean.

    That makes perfect sense.
     
    #10 keat63, Mar 4, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - root emailing account
  1. Jcats

    AutoSSL for proxy subdomains when root domain exists elsewhere

    Jcats, Jun 21, 2017 at 1:19 PM, in forum: Security
    Replies:
    3
    Views:
    51
    cPanelMichael
    Jun 22, 2017 at 10:55 AM
  2. iBotPeaches

    AutoSSL & different DocumentRoot

    iBotPeaches, Jun 21, 2017 at 6:14 AM, in forum: Security
    Replies:
    1
    Views:
    42
    cPanelMichael
    Jun 21, 2017 at 9:25 AM
  3. Morphus

    Updated Addon Domains Doc Root Issue

    Morphus, Jun 16, 2017, in forum: General Discussion
    Replies:
    17
    Views:
    120
    24x7server
    Jun 20, 2017 at 2:37 AM
  4. Jarod Thornton

    Apache config for sharing domain document root

    Jarod Thornton, Jun 15, 2017, in forum: Workarounds and Optimization
    Replies:
    5
    Views:
    85
    cPanelMichael
    Jun 20, 2017 at 2:24 PM
  5. Googolicous

    Access multiple user directories from 1 SSH user without root permissions

    Googolicous, Jun 2, 2017, in forum: CloudLinux
    Replies:
    1
    Views:
    78
    cPanelMichael
    Jun 2, 2017

Share This Page