Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Whitelisted email getting /dev/null treatment

Discussion in 'E-mail Discussion' started by hermit, Sep 23, 2009.

  1. hermit

    hermit Active Member

    Joined:
    Sep 22, 2004
    Messages:
    35
    Likes Received:
    1
    Trophy Points:
    158
    I have a customer that can't get email from a few clients. One in particular. Log entry. It gets tagged as not spam but still gets /dev/null? WTF? I tried white listing the 207 server. Still no go.

    root@cp [/home/oooc]# cat /var/log/exim_mainlog |grep 1MqQZQ-0008A1-Pl
    2009-09-23 08:03:41 1MqQZQ-0008A1-Pl H=eu1sys200aog114.obsmtp.com [207.126.144.137] Warning: "SpamAssassin as jarotran detected message as NOT spam (-100.0)"
    2009-09-23 08:03:42 1MqQZQ-0008A1-Pl <= xyz@corusgroup.com H=eu1sys200aog114.obsmtp.com [207.126.144.137] P=smtps X=TLSv1:AES256-SHA:256 S=7046 id=5A4A8C079BD2C64DB6DD33F5E26409D205AC9A32@tssexchmail00.ce.altis.corusgroup.com T="Sescilla: Test 9-23-09..."
    2009-09-23 08:03:42 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1MqQZQ-0008A1-Pl
    2009-09-23 08:03:42 1MqQZQ-0008A1-Pl => /dev/null <abc@jarotrans.com> R=central_filter T=**bypassed**
    2009-09-23 08:03:42 1MqQZQ-0008A1-Pl => /dev/null <def@jarotrans.com> R=central_filter T=**bypassed**
     
    #1 hermit, Sep 23, 2009
  2. MattCurry

    MattCurry Well-Known Member

    Joined:
    Aug 18, 2009
    Messages:
    275
    Likes Received:
    0
    Trophy Points:
    66
    Location:
    Houston, Tx
    Email getting /dev/null

    Hello,

    I am sorry to hear you are having issue, I would recommend checking to make sure that this is not an account level filter. That could cause these issues, if that is not that case you can also open a ticket via the link at the bottom of the post. Please let me know if you have any other questions.

    Thank you,
    Matthew Curry
     
    #2 MattCurry, Sep 24, 2009
  3. hermit

    hermit Active Member

    Joined:
    Sep 22, 2004
    Messages:
    35
    Likes Received:
    1
    Trophy Points:
    158
    I'll double check. Maybe change the order of some of their filters, but all the 'whites' first? The whitelist is at the local level as you see by the -100 score it gets.
     
    #3 hermit, Sep 24, 2009
  4. cPanelStephen

    cPanelStephen Active Member
    Staff Member

    Joined:
    Aug 7, 2007
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    51
    This is occurring as a result of account level filtering. You can determine this from the following log lines by focusing on the router that handled the message (see the 'R=' component of the log entry):

    Code:
    2009-09-23 08:03:42 1MqQZQ-0008A1-Pl => /dev/null <abc@jarotrans.com> R=central_filter T=**bypassed**
2009-09-23 08:03:42 1MqQZQ-0008A1-Pl => /dev/null <def@jarotrans.com> R=central_filter T=**bypassed**
    In this case, the 'central_filter' router was responsible for handling the message. This router's role is to apply the account level filters in the delivery process:

    Code:
    # Account level filtering for everything but the main account
#

central_filter:
    driver = redirect
    allow_filter
    no_check_local_user
    file = /etc/vfilters/${domain}
...TRUNCATED...
    If you happen to have a copy of the message being sent (including headers), I would recommend running it through the filter debugger.

    Code:
    exim -v -bf /etc/vfilters/${domain} < message.file
    You could also step through debugging the filters during a live SMTP process by executing:

    Code:
    exim -d-all+filter -bs
    This will launch a local SMTP session with the built-in debugger enabled, but will require you to manually issue the SMTP commands required to deliver that message.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelStephen, Oct 2, 2009
  5. hermit

    hermit Active Member

    Joined:
    Sep 22, 2004
    Messages:
    35
    Likes Received:
    1
    Trophy Points:
    158
    I removed all of his black lists and the sender is white listed. That only leaves SA but I see nothing in the logs to indicate SA is removing it. What other user level filter could there be?
     
    #5 hermit, Oct 4, 2009
  6. hermit

    hermit Active Member

    Joined:
    Sep 22, 2004
    Messages:
    35
    Likes Received:
    1
    Trophy Points:
    158
    got it

    Thank you. I was a little slow on the uptake because I've only done the SA filters. I found the ones you were talking about and deleted them from the customers account.

    Thanks again.
     
    #6 hermit, Oct 4, 2009
(You must log in or sign up to post here.)
Loading...
Similar Threads - Whitelisted email getting
  1. ampapa

    Spamassassin - blacklist all TLD allow whitelisted TLD?

    ampapa, Mar 14, 2018, in forum: E-mail Discussion
    Replies:
    3
    Views:
    152
    cPanelMichael
    Mar 15, 2018
  2. Wabun

    SOLVED Googles IP are whitelisted, why and where?

    Wabun, Jan 31, 2017, in forum: Security
    Replies:
    7
    Views:
    723
    cPanelMichael
    Feb 6, 2017
  3. danutzu117

    New Thread Can't receive emails from gmail

    danutzu117, Jun 20, 2018 at 8:18 AM, in forum: E-mail Discussion
    Replies:
    0
    Views:
    9
    danutzu117
    Jun 20, 2018 at 8:18 AM
  4. JAB Creations

    New Thread Email Password length and Unicode

    JAB Creations, Jun 19, 2018 at 8:40 PM, in forum: Security
    Replies:
    0
    Views:
    23
    JAB Creations
    Jun 19, 2018 at 8:40 PM
  5. reko91

    How to automatically CC an email address for sent email

    reko91, Jun 19, 2018 at 3:54 PM, in forum: E-mail Discussion
    Replies:
    3
    Views:
    25
    cPanelLauren
    Jun 20, 2018 at 10:36 AM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice