The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Whitelisted email getting /dev/null treatment

Discussion in 'E-mail Discussions' started by hermit, Sep 23, 2009.

  1. hermit

    hermit Active Member

    Joined:
    Sep 22, 2004
    Messages:
    35
    Likes Received:
    1
    Trophy Points:
    8
    I have a customer that can't get email from a few clients. One in particular. Log entry. It gets tagged as not spam but still gets /dev/null? WTF? I tried white listing the 207 server. Still no go.

    root@cp [/home/oooc]# cat /var/log/exim_mainlog |grep 1MqQZQ-0008A1-Pl
    2009-09-23 08:03:41 1MqQZQ-0008A1-Pl H=eu1sys200aog114.obsmtp.com [207.126.144.137] Warning: "SpamAssassin as jarotran detected message as NOT spam (-100.0)"
    2009-09-23 08:03:42 1MqQZQ-0008A1-Pl <= xyz@corusgroup.com H=eu1sys200aog114.obsmtp.com [207.126.144.137] P=smtps X=TLSv1:AES256-SHA:256 S=7046 id=5A4A8C079BD2C64DB6DD33F5E26409D205AC9A32@tssexchmail00.ce.altis.corusgroup.com T="Sescilla: Test 9-23-09..."
    2009-09-23 08:03:42 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1MqQZQ-0008A1-Pl
    2009-09-23 08:03:42 1MqQZQ-0008A1-Pl => /dev/null <abc@jarotrans.com> R=central_filter T=**bypassed**
    2009-09-23 08:03:42 1MqQZQ-0008A1-Pl => /dev/null <def@jarotrans.com> R=central_filter T=**bypassed**
     
  2. MattCurry

    MattCurry Well-Known Member

    Joined:
    Aug 18, 2009
    Messages:
    275
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Houston, Tx
    Email getting /dev/null

    Hello,

    I am sorry to hear you are having issue, I would recommend checking to make sure that this is not an account level filter. That could cause these issues, if that is not that case you can also open a ticket via the link at the bottom of the post. Please let me know if you have any other questions.

    Thank you,
    Matthew Curry
     
  3. hermit

    hermit Active Member

    Joined:
    Sep 22, 2004
    Messages:
    35
    Likes Received:
    1
    Trophy Points:
    8
    I'll double check. Maybe change the order of some of their filters, but all the 'whites' first? The whitelist is at the local level as you see by the -100 score it gets.
     
  4. cPanelStephen

    cPanelStephen Active Member
    Staff Member

    Joined:
    Aug 7, 2007
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    This is occurring as a result of account level filtering. You can determine this from the following log lines by focusing on the router that handled the message (see the 'R=' component of the log entry):

    Code:
    2009-09-23 08:03:42 1MqQZQ-0008A1-Pl => /dev/null <abc@jarotrans.com> R=central_filter T=**bypassed**
    2009-09-23 08:03:42 1MqQZQ-0008A1-Pl => /dev/null <def@jarotrans.com> R=central_filter T=**bypassed** 
    
    In this case, the 'central_filter' router was responsible for handling the message. This router's role is to apply the account level filters in the delivery process:

    Code:
    # Account level filtering for everything but the main account
    #
    
    central_filter:
        driver = redirect
        allow_filter
        no_check_local_user
        file = /etc/vfilters/${domain}
    ...TRUNCATED...
    
    If you happen to have a copy of the message being sent (including headers), I would recommend running it through the filter debugger.

    Code:
    exim -v -bf /etc/vfilters/${domain} < message.file
    You could also step through debugging the filters during a live SMTP process by executing:

    Code:
    exim -d-all+filter -bs
    This will launch a local SMTP session with the built-in debugger enabled, but will require you to manually issue the SMTP commands required to deliver that message.
     
  5. hermit

    hermit Active Member

    Joined:
    Sep 22, 2004
    Messages:
    35
    Likes Received:
    1
    Trophy Points:
    8
    I removed all of his black lists and the sender is white listed. That only leaves SA but I see nothing in the logs to indicate SA is removing it. What other user level filter could there be?
     
  6. hermit

    hermit Active Member

    Joined:
    Sep 22, 2004
    Messages:
    35
    Likes Received:
    1
    Trophy Points:
    8
    got it

    Thank you. I was a little slow on the uptake because I've only done the SA filters. I found the ones you were talking about and deleted them from the customers account.

    Thanks again.
     
Loading...

Share This Page