Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

WHM/cPanel root sending email that doesn't exist.

Discussion in 'E-mail Discussion' started by Bill Allman, Sep 30, 2015.

  1. Bill Allman

    Bill Allman Registered

    Joined:
    Sep 30, 2015
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Alaska
    cPanel Access Level:
    Root Administrator
    Hi, after viewing the mail delivery reports for exim I noticed this:
    Sent: root@server.mydomainname.com
    Recipient: validemailaddress@server.mydomainname.com.

    Then it says the email is an Un-routable address and it's correct because the email address doesn't exist on my system. The root@server.mydomainname.com is normal with all the logs I get but the validemailaddress@server.mydomainname.com is not. I have never entered or created such an email address on my server ever!!!! I have checked under cPanel Default Address Maintenance and ServerReports@mydomainname.com is in the field. Looked in WHM Edit System Mail and ServerReports@mydomainname.com is set for Root, Nobody and cPanel. I'm probably over looking something simple but any ideas on this matter would be great.

    Note: mydomainname is not the actual domain name being used.

    Thank you.
     
  2. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    720
    Likes Received:
    123
    Trophy Points:
    168
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    Bill,

    It sounds like you are looking at bounce backs that were originally sent from a PHP Script. Any emails sent out from the server using a PHP script with no SMTP authentication will be sent from cpuser@yourhostname and if for some reason that email bounces, it will get sent back to that address that doesn't exist and sit in your mail queue.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Bill Allman

    Bill Allman Registered

    Joined:
    Sep 30, 2015
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Alaska
    cPanel Access Level:
    Root Administrator
    Jcats, thank you for responding. I'll take a look at interspire and see what my wife has setup for feedback loops. We sent another email blast and it showed up again so it's connected some how. I don't know if this can help but take a look at this. I'm thinking about setting up the email so I can find out what's generating a local email.

    Code:
    [SIZE=3][B]Event[/B]: failure 
    [B]Sender User[/B]: root 
    [B]Sender Domain[/B]: 
    [B]Sender[/B]: root@server.example-mail.com 
    [B]Sent Time[/B]: Oct 1, 2015 3:09:03 AM 
    [B]Sender Host[/B]: localhost 
    [B]Sender IP[/B]: 127.0.0.1 
    [B]Authentication[/B]: localuser 
    [B]Spam Score[/B]: 0 
    [B]Recipient[/B]: validemailaddress@server.example-mail.com 
    [B]Delivered To[/B]: 
    [B]deliveryuser[/B]: 
    [B]deliverydomain[/B]: 
    [B]Router[/B]: 
    [B]Transport[/B]: remote_smtp 
    [B]Out Time[/B]: Oct 1, 2015 3:09:03 AM 
    [B]ID[/B]: 1ZhbkG-0003Iu-88 
    [B]Delivery Host[/B]: 
    [B]Delivery IP[/B]: 
    [B]Size[/B]: 20.1 KB [/SIZE]
    [SIZE=4][SIZE=2][SIZE=3][B]Result[/B]: Unrouteable address[/SIZE][/SIZE][/SIZE]
    
    
     
    #3 Bill Allman, Oct 1, 2015
    Last edited by a moderator: Oct 1, 2015
  4. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    720
    Likes Received:
    123
    Trophy Points:
    168
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    Yeah that's not the actual email causing the problem, it would be the one just prior to that. Couple things you can do, you can:
    Code:
    grep -B20 1ZhbkG-0003Iu-88 /var/log/exim_mainlog |grep -Ev 1ZhbkG-0003Iu-88
    This should should you the email sent just prior to mail delivery failed email from root was sent. Look for a line that contains 'cwd=' it should show the path to the PHP script.

    You can also use:
    Code:
    # head -1 /var/log/exim_mainlog | awk '{print $1}' ; awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr | head --lines 15 | egrep -v ' cwd=(/$|/etc/csf|/var/spool/exim)' ; tail -1 /var/log/exim_mainlog | awk '{print From $1}'
    This will show you all the folders on the server that are sending out mail, it won't show the script specifically but it will show you the amount of times that folder appears in the mail logs.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,429
    Likes Received:
    1,960
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Yes, try searching for the message ID in /var/log/exim_mainlog to see if you can find out additional details, as mentioned in the previous post. I look forward to seeing the results.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice