Same Autoresponse Everyday

spyke01

Member
Sep 24, 2013
15
0
1
cPanel Access Level
Root Administrator
So everyday I get an email from one of my client's autoresponders without emailing them. I know that shouldn't be possible so I did some digging.

My site (mysite.com) and my clients (theirsite.com) are on the same VPS. The VPS uses my site's domain name (host.mysite.com). My server handles DNS and mail for both accounts.

I checked their autoresponders and it matches the one I got perfectly, no crazy setup there.

I looked in the Mail Delivery Reports section of WHM to see if anything had went from my email to theirs and I don't see anything for the days that I received messages.

I looked at the headers of the email and found the Message ID and tried looking up this and there were no results.

Here are the full headers:

Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Tue, 04 Aug 2015 15:53:37 -0500
Received: from mylongwayhome by host.mysite.com with local (Exim 4.85)
(envelope-from <[email protected]>)
id 1ZMjDN-0001HA-LY
for [email protected]; Tue, 04 Aug 2015 15:53:37 -0500
To: Mail Delivery System <[email protected]>
X-Autorespond: Mail delivery failed: returning message to sender
MIME-Version: 1.0
X-Loop: Mail Delivery System <[email protected]>
Precedence: auto_reply
X-Precedence: auto_reply
Content-Transfer-Encoding: 8bit
From: "Their Name" <[email protected]>
Content-type: text/plain; charset=utf-8
Subject: Thank you for contacting us!
Message-Id: <[email protected]>
Date: Tue, 04 Aug 2015 15:53:37 -0500

How can I track this down and see whats causing this?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
Hello :)

Is it possible the email stems from a contact form installed on the website? Try searching for the message in /var/log/exim_mainlog for additional details. EX:

Code:
exigrep [email protected] /var/log/exim_mainlog
Thank you.
 

spyke01

Member
Sep 24, 2013
15
0
1
cPanel Access Level
Root Administrator
Thanks Michael,
Looking at the log the auto responder is triggered by a "Mail delivery failed" message from [email protected]. Is it possible to make the auto responder ignore these messages or have that email ignore replies?
 

kdean

Well-Known Member
Oct 19, 2012
369
61
78
Orlando, FL
cPanel Access Level
Root Administrator
In my experience what generally happens is... your client received an email, they auto-respond back to the email that sent to them, that email could not be delivered and bounces back from the Mailer Daemon, which then auto-responds again but this time it arrives to you as the Root Administrator / Postmaster. It likely only comes once a day because their auto-responder is set to only respond once every 24 hours.
 

spyke01

Member
Sep 24, 2013
15
0
1
cPanel Access Level
Root Administrator
That's definitely happening, hopefully there is some way to make mailer daemon drop all incoming replies or stop this kind of thing happening.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
Hello :)

One step you can take to help prevent messages from non-existent senders is to block those messages before they reach the inbox. Do you have SpamAssassin or RBL options enabled? Also, you may want to to consider implementing Greylisting:

Greylisting

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
SpamAssassin is enabled but I'm not sure about RBL. Greylisting probably will not be an option with this.
You can review which RBL options are enabled by browsing to the "RBLs" tab in "WHM Home » Service Configuration » Exim Configuration Manager".

Thank you.
 

spyke01

Member
Sep 24, 2013
15
0
1
cPanel Access Level
Root Administrator
These are the RBL settings on the server:

Code:
Origin RBL name DNS list Info URL Action
System spamcop bl.spamcop.net http://spamcop.net/bl.shtml
System spamhaus zen.spamhaus.org http://www.spamhaus.org/zen/index.lasso
System spamhaus_spamcop zen.spamhaus.org, bl.spamcop.net
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
The output you provided does not indicate if those lists are enabled. Enabling one or more of these lists may help to prevent the amount of incoming SPAM you receive.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
Typically mail sent from invalid email addresses are SPAM messages. One other option to consider is to enable "Reject SPF Failures" under the "ACL Options" tab in "WHM >> Exim Configuration Manager". This will reject mail at SMTP time if the sender fails SPF checks.

Thank you.