Track Delivery White Paper

[d_j_wills]

Hi,

Does this exist? I have questions on just how Track Delivery works.

I do not have Spam Assassin enabled.

I have BoxTrapper enabled so any email not white listed is shown here.

Looking at failures only in Track Delivery, I see a white exclamation point in a black inverted triangle and a white exclamation point in a red circle. The black triangle emails are all rejected by the mail server. They are not delivered and not captured by BoxTrapper. Here is an example:

JunkMail rejected - (infotechke.com) [156.96.62.90]:50084 is in an RBL: Blocked - see SpamCop.net - Blocking List ( bl.spamcop.net )

I believe this means there is some high-level spam tool that I have no control of that is deleting emails. Correct?

Next, a red circle. Here is an example of spam that was never delivered:

Validated/OU=COMODO SSL Wildcard/CN=*.servconfig.com": SMTP error from remote mail server after end of data: 550 This message contains a known spam email address.

So this one indicates it *was* captured by a higher level spam utility that I do not control.

And here is one that made it to BoxTrapper (by the way, getting through a Global Email Filter that *does not work*):

Validated/OU=COMODO SSL Wildcard/CN=*.servconfig.com": SMTP error from remote mail server after end of data: 550 Message contained spam content (antispamcloud.spam.spmdmjnk07)

This one appears to not trigger any spam tools yet is still shown as "could not be delivered," yet it still did get through to BoxTrapper.

Something is really weird.

And is it at all possible that some mail is not being listed under All in Track Delivery? Something seems very weird about this list. I can't tell if there should be valid emails on this list but are not and I don't trust it since there are things I just don't understand.

Thanks,

Dave

 

[cPanelLauren]

The documentation goes over this in detail: Track Delivery | cPanel & WHM Documentation

As far as why the block is being imposed in your case, it's due to RBL blocking enabled for SpamCop in the exim configuration at WHM>>Service Configuration>>Exim Configuration Manager

 

[d_j_wills]

The documentation goes over this in detail: Track Delivery | cPanel & WHM Documentation

As far as why the block is being imposed in your case, it's due to RBL blocking enabled for SpamCop in the exim configuration at WHM>>Service Configuration>>Exim Configuration Manager

Hi cPanelLauren,

THANKS! That explains a lot. I believe what you said confirms my suspicions that there is higher level software that removed spam. I'm all for this when hosting companies clearly identify known spammers. (I think it should go one step further where hosting companies black list other hosting companies who repeatedly allow their systems to be used to distribute spam.)

I could not find that article with searches, so thanks for giving me the link. It does not explain a couple of things. First, my red circle with a white exclamation point is not described in the document. Next, the explanation of the Result field doesn't give me enough information to parse what it means. I'd like to know if an email was blocked due to a filter I have, or if it doesn't trigger a filter, why it differs from spam that does get filtered.

Thanks again.

Dave

 

[cPanelLauren]

I'm glad it helped, for the red circle with the white exclamation point, does it look like this?


If so I believe you're correct and it isn't noted in the documentation. If you mouse over any of the icons they do include alt-text which explains their purpose. Also if you click the blue circle with the white i inside in "Actions" it will bring up the full Delivery Event Details with the description as "Failure"

Can you explain to me what you mean by it's not giving you enough information? It should include anything that was included within the logs. More than likely I can translate it for you.

 

[d_j_wills]

I'm glad it helped, for the red circle with the white exclamation point, does it look like this?
View attachment 67557

If so I believe you're correct and it isn't noted in the documentation. If you mouse over any of the icons they do include alt-text which explains their purpose. Also if you click the blue circle with the white i inside in "Actions" it will bring up the full Delivery Event Details with the description as "Failure"

Can you explain to me what you mean by it's not giving you enough information? It should include anything that was included within the logs. More than likely I can translate it for you.

When I mouse over, it just says "This message could not be delivered."

There were several spams from one email address. This is the Result of one that got through. (IP address removed since I don't know who that points to.)

587 I=[xxx.xxx.xxx.xxx]:60558 X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no DN="/OU=Domain Control Validated/OU=COMODO SSL Wildcard/CN=*.servconfig.com": SMTP error from remote mail server after end of data: 550 This message contains a known spam email address.

My last sentence in my original post indicates confusion. I get some "could not be delivered" that get through to BoxTrapper, and others that don't.

Thanks,

Dave

 

[cPanelLauren]

So I've opened a case for our documentation team to add the icon for the exclamation point. But I am not understanding fully the rest of the issue. Can you please provide me with the log excerpt of one of the messages that can example the filter not working and the message that should not have made it through BoxTrapper?

 

[d_j_wills]

Just look at my last post. I'm trying to learn what Track Delivery means with what's in the "results" column.

BTW, I never said it didn't get through BoxTrapper. Getting through BoxTrapper would only happen if there was a real person who white listed or I did it myself. The problem here is if there is a bogus domain, such as *.buzz, and that domain is used to hammer my inbox with spam, it makes it much harder to find legitimate email.

Thanks.

 

[cPanelLauren]

I did look at your last post and that's where I got the following:

My last sentence in my original post indicates confusion. I get some "could not be delivered" that get through to BoxTrapper, and others that don't.

Then in your earlier post:

And here is one that made it to BoxTrapper (by the way, getting through a Global Email Filter that *does not work*):

I was just trying to help resolve these issues as well.

None the less the case is being worked on now for the information that was missing from the documentation and thanks for shining a light on that.

 

[d_j_wills]

Thanks Lauren. I appreciate your efforts.

I do still believe Global Email FIlters do not work in some instances. I keep getting spam through the filters and keep adjusting them to try to block, especially repeat offencders. I don't have anything I can post here because I just re-tuned my filters. Besides, that isn't a topic for this thread.

Thanks again.

Dave

 

[cPanelLauren]

Once you've given them time to see if they work, and you run into issues please don't hesitate to post here for help with them!

 

[d_j_wills]

Here's a new thread with the first problem to pop up:

Spam Evades BoxTrapper & Global Email Filters

I'm stumped. I got the spam shown below (with personal info deleted). I have a Global Email Filter "From" "ends with" "server\.com" (As I understand, the '.' is a regex character that matches any single character. So the '\' turns the match to the actual dot character. I've also tried this...

forums.cpanel.net

 

[d_j_wills]

Still weird stuff in Track Delivery. Here's an entry:

Yet a test on that address returns:

Filtering did not set up a significant delivery.
Normal delivery will occur.

That doesn't make any sense. The email was filtered even though there is no filter for it, and it never made it to BoxTrapper even though the test indicates it would.

Here's another confusing thing:

These are 4 consecutive emails. The first and last are to different users than the middle two and are included for time stamp only.

The rejected one is not on a blacklist or filter and since it is rejected I have to assume that this was done at a higher level than my domain. (I believe I confirmed this before.)

The confusing item is the From Address being "<>". The documentation says this is the address that sent the message. I have no idea what "<>" means. It doesn't appear to be related to the rejected email below or the valid email above because of the large separation in time. I see this from address frequently.

Ideas?

Thanks,

Dave

 

[cPanelLauren]

Filtering did not set up a significant delivery.
Normal delivery will occur.

That doesn't make any sense. The email was filtered even though there is no filter for it, and it never made it to BoxTrapper even though the test indicates it would.

What's in the delivery details for that one?

The rejected one is not on a blacklist or filter and since it is rejected I have to assume that this was done at a higher level than my domain. (I believe I confirmed this before.)

Their IP is on the SpamCop RBL which your provider appears to be using to filter mail. This indeed does happen at an administrative level and you wouldn't have control over this.

The confusing item is the From Address being "<>". The documentation says this is the address that sent the message. I have no idea what "<>" means. It doesn't appear to be related to the rejected email below or the valid email above because of the large separation in time. I see this from address frequently.

This is literally just <> in the from: field - what's in the delivery details for this one?

 

[d_j_wills]

Thanks Lauren.

Here are the delivery details for the first one:

The reason I tested the filter for this address was because I was pretty sure I didn't have a filter that would block it. If I did, then there might be a possibility that my filter was blocking good mail.

Here is the delivery details for the <>:



The Sender IP is my hosting company. The Recipient, Delivery User, Delivery Domain and Delivered To are all email addresses at my domain or my domain itself. So this appears to be coming from my hosting company. But there is no email associated with it, and the time stamp doesn't relate to any emails near it. Confusing.

Thanks for confirming about the higher level RBL.

And thanks for taking a look.

Dave