The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Same Autoresponse Everyday

Discussion in 'E-mail Discussions' started by spyke01, Aug 5, 2015.

  1. spyke01

    spyke01 Member

    Joined:
    Sep 24, 2013
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    So everyday I get an email from one of my client's autoresponders without emailing them. I know that shouldn't be possible so I did some digging.

    My site (mysite.com) and my clients (theirsite.com) are on the same VPS. The VPS uses my site's domain name (host.mysite.com). My server handles DNS and mail for both accounts.

    I checked their autoresponders and it matches the one I got perfectly, no crazy setup there.

    I looked in the Mail Delivery Reports section of WHM to see if anything had went from my email to theirs and I don't see anything for the days that I received messages.

    I looked at the headers of the email and found the Message ID and tried looking up this and there were no results.

    Here are the full headers:

    Return-path: <them@theirsite.com>
    Envelope-to: Mailer-Daemon@host.mysite.com
    Delivery-date: Tue, 04 Aug 2015 15:53:37 -0500
    Received: from mylongwayhome by host.mysite.com with local (Exim 4.85)
    (envelope-from <them@theirsite.com>)
    id 1ZMjDN-0001HA-LY
    for Mailer-Daemon@host.mysite.com; Tue, 04 Aug 2015 15:53:37 -0500
    To: Mail Delivery System <Mailer-Daemon@host.mysite.com>
    X-Autorespond: Mail delivery failed: returning message to sender
    MIME-Version: 1.0
    X-Loop: Mail Delivery System <Mailer-Daemon@host.mysite.com>
    Precedence: auto_reply
    X-Precedence: auto_reply
    Content-Transfer-Encoding: 8bit
    From: "Their Name" <them@theirsite.com>
    Content-type: text/plain; charset=utf-8
    Subject: Thank you for contacting us!
    Message-Id: <E1ZMjDN-0001HA-LY@host.mysite.com>
    Date: Tue, 04 Aug 2015 15:53:37 -0500

    How can I track this down and see whats causing this?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,807
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Is it possible the email stems from a contact form installed on the website? Try searching for the message in /var/log/exim_mainlog for additional details. EX:

    Code:
    exigrep user@domain /var/log/exim_mainlog
    Thank you.
     
  3. spyke01

    spyke01 Member

    Joined:
    Sep 24, 2013
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks Michael,
    Looking at the log the auto responder is triggered by a "Mail delivery failed" message from Mailer-Daemon@host.mysite.com. Is it possible to make the auto responder ignore these messages or have that email ignore replies?
     
  4. kdean

    kdean Well-Known Member

    Joined:
    Oct 19, 2012
    Messages:
    262
    Likes Received:
    12
    Trophy Points:
    18
    Location:
    Orlando, FL
    cPanel Access Level:
    Root Administrator
    In my experience what generally happens is... your client received an email, they auto-respond back to the email that sent to them, that email could not be delivered and bounces back from the Mailer Daemon, which then auto-responds again but this time it arrives to you as the Root Administrator / Postmaster. It likely only comes once a day because their auto-responder is set to only respond once every 24 hours.
     
  5. spyke01

    spyke01 Member

    Joined:
    Sep 24, 2013
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    That's definitely happening, hopefully there is some way to make mailer daemon drop all incoming replies or stop this kind of thing happening.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,807
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    One step you can take to help prevent messages from non-existent senders is to block those messages before they reach the inbox. Do you have SpamAssassin or RBL options enabled? Also, you may want to to consider implementing Greylisting:

    Greylisting

    Thank you.
     
  7. spyke01

    spyke01 Member

    Joined:
    Sep 24, 2013
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    SpamAssassin is enabled but I'm not sure about RBL. Greylisting probably will not be an option with this.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,807
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You can review which RBL options are enabled by browsing to the "RBLs" tab in "WHM Home » Service Configuration » Exim Configuration Manager".

    Thank you.
     
  9. spyke01

    spyke01 Member

    Joined:
    Sep 24, 2013
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    These are the RBL settings on the server:

    Code:
    Origin RBL name DNS list Info URL Action
    System spamcop bl.spamcop.net http://spamcop.net/bl.shtml
    System spamhaus zen.spamhaus.org http://www.spamhaus.org/zen/index.lasso
    System spamhaus_spamcop zen.spamhaus.org, bl.spamcop.net
    
     
    #9 spyke01, Sep 1, 2015
    Last edited by a moderator: Sep 1, 2015
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,807
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    The output you provided does not indicate if those lists are enabled. Enabling one or more of these lists may help to prevent the amount of incoming SPAM you receive.

    Thank you.
     
  11. spyke01

    spyke01 Member

    Joined:
    Sep 24, 2013
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Those are enabled, its not spam that we are receiving but an autoresponse from a user when they get the "message note delivered" message.
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,807
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Typically mail sent from invalid email addresses are SPAM messages. One other option to consider is to enable "Reject SPF Failures" under the "ACL Options" tab in "WHM >> Exim Configuration Manager". This will reject mail at SMTP time if the sender fails SPF checks.

    Thank you.
     
Loading...

Share This Page