Same Autoresponse Everyday

[spyke01]

So everyday I get an email from one of my client's autoresponders without emailing them. I know that shouldn't be possible so I did some digging.

My site (mysite.com) and my clients (theirsite.com) are on the same VPS. The VPS uses my site's domain name (host.mysite.com). My server handles DNS and mail for both accounts.

I checked their autoresponders and it matches the one I got perfectly, no crazy setup there.

I looked in the Mail Delivery Reports section of WHM to see if anything had went from my email to theirs and I don't see anything for the days that I received messages.

I looked at the headers of the email and found the Message ID and tried looking up this and there were no results.

Here are the full headers:

Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Tue, 04 Aug 2015 15:53:37 -0500
Received: from mylongwayhome by host.mysite.com with local (Exim 4.85)
(envelope-from <[email protected]>)
id 1ZMjDN-0001HA-LY
for [email protected]; Tue, 04 Aug 2015 15:53:37 -0500
To: Mail Delivery System <[email protected]>
X-Autorespond: Mail delivery failed: returning message to sender
MIME-Version: 1.0
X-Loop: Mail Delivery System <[email protected]>
Precedence: auto_reply
X-Precedence: auto_reply
Content-Transfer-Encoding: 8bit
From: "Their Name" <[email protected]>
Content-type: text/plain; charset=utf-8
Subject: Thank you for contacting us!
Message-Id: <[email protected]>
Date: Tue, 04 Aug 2015 15:53:37 -0500

How can I track this down and see whats causing this?

 

[cPanelMichael]

Hello

Is it possible the email stems from a contact form installed on the website? Try searching for the message in /var/log/exim_mainlog for additional details. EX:

exigrep [email protected] /var/log/exim_mainlog

Thank you.

 

[spyke01]

Thanks Michael,
Looking at the log the auto responder is triggered by a "Mail delivery failed" message from [email protected]. Is it possible to make the auto responder ignore these messages or have that email ignore replies?

 

[kdean]

In my experience what generally happens is... your client received an email, they auto-respond back to the email that sent to them, that email could not be delivered and bounces back from the Mailer Daemon, which then auto-responds again but this time it arrives to you as the Root Administrator / Postmaster. It likely only comes once a day because their auto-responder is set to only respond once every 24 hours.

 

[spyke01]

That's definitely happening, hopefully there is some way to make mailer daemon drop all incoming replies or stop this kind of thing happening.

 

[cPanelMichael]

Hello

One step you can take to help prevent messages from non-existent senders is to block those messages before they reach the inbox. Do you have SpamAssassin or RBL options enabled? Also, you may want to to consider implementing Greylisting:

Greylisting

Thank you.

 

[spyke01]

SpamAssassin is enabled but I'm not sure about RBL. Greylisting probably will not be an option with this.

 

[cPanelMichael]

SpamAssassin is enabled but I'm not sure about RBL. Greylisting probably will not be an option with this.

You can review which RBL options are enabled by browsing to the "RBLs" tab in "WHM Home » Service Configuration » Exim Configuration Manager".

Thank you.

 

[spyke01]

These are the RBL settings on the server:

Origin RBL name DNS list Info URL Action
System spamcop bl.spamcop.net http://spamcop.net/bl.shtml
System spamhaus zen.spamhaus.org http://www.spamhaus.org/zen/index.lasso
System spamhaus_spamcop zen.spamhaus.org, bl.spamcop.net

 

[cPanelMichael]

The output you provided does not indicate if those lists are enabled. Enabling one or more of these lists may help to prevent the amount of incoming SPAM you receive.

Thank you.

 

[spyke01]

Those are enabled, its not spam that we are receiving but an autoresponse from a user when they get the "message note delivered" message.

 

[cPanelMichael]

Typically mail sent from invalid email addresses are SPAM messages. One other option to consider is to enable "Reject SPF Failures" under the "ACL Options" tab in "WHM >> Exim Configuration Manager". This will reject mail at SMTP time if the sender fails SPF checks.

Thank you.