The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WHM/cPanel root sending email that doesn't exist.

Discussion in 'E-mail Discussions' started by Bill Allman, Sep 30, 2015.

  1. Bill Allman

    Bill Allman Registered

    Joined:
    Sep 30, 2015
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Alaska
    cPanel Access Level:
    Root Administrator
    Hi, after viewing the mail delivery reports for exim I noticed this:
    Sent: root@server.mydomainname.com
    Recipient: validemailaddress@server.mydomainname.com.

    Then it says the email is an Un-routable address and it's correct because the email address doesn't exist on my system. The root@server.mydomainname.com is normal with all the logs I get but the validemailaddress@server.mydomainname.com is not. I have never entered or created such an email address on my server ever!!!! I have checked under cPanel Default Address Maintenance and ServerReports@mydomainname.com is in the field. Looked in WHM Edit System Mail and ServerReports@mydomainname.com is set for Root, Nobody and cPanel. I'm probably over looking something simple but any ideas on this matter would be great.

    Note: mydomainname is not the actual domain name being used.

    Thank you.
     
  2. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    275
    Likes Received:
    31
    Trophy Points:
    28
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    Bill,

    It sounds like you are looking at bounce backs that were originally sent from a PHP Script. Any emails sent out from the server using a PHP script with no SMTP authentication will be sent from cpuser@yourhostname and if for some reason that email bounces, it will get sent back to that address that doesn't exist and sit in your mail queue.
     
  3. Bill Allman

    Bill Allman Registered

    Joined:
    Sep 30, 2015
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Alaska
    cPanel Access Level:
    Root Administrator
    Jcats, thank you for responding. I'll take a look at interspire and see what my wife has setup for feedback loops. We sent another email blast and it showed up again so it's connected some how. I don't know if this can help but take a look at this. I'm thinking about setting up the email so I can find out what's generating a local email.

    Code:
    [SIZE=3][B]Event[/B]: failure 
    [B]Sender User[/B]: root 
    [B]Sender Domain[/B]: 
    [B]Sender[/B]: root@server.example-mail.com 
    [B]Sent Time[/B]: Oct 1, 2015 3:09:03 AM 
    [B]Sender Host[/B]: localhost 
    [B]Sender IP[/B]: 127.0.0.1 
    [B]Authentication[/B]: localuser 
    [B]Spam Score[/B]: 0 
    [B]Recipient[/B]: validemailaddress@server.example-mail.com 
    [B]Delivered To[/B]: 
    [B]deliveryuser[/B]: 
    [B]deliverydomain[/B]: 
    [B]Router[/B]: 
    [B]Transport[/B]: remote_smtp 
    [B]Out Time[/B]: Oct 1, 2015 3:09:03 AM 
    [B]ID[/B]: 1ZhbkG-0003Iu-88 
    [B]Delivery Host[/B]: 
    [B]Delivery IP[/B]: 
    [B]Size[/B]: 20.1 KB [/SIZE]
    [SIZE=4][SIZE=2][SIZE=3][B]Result[/B]: Unrouteable address[/SIZE][/SIZE][/SIZE]
    
    
     
    #3 Bill Allman, Oct 1, 2015
    Last edited by a moderator: Oct 1, 2015
  4. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    275
    Likes Received:
    31
    Trophy Points:
    28
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    Yeah that's not the actual email causing the problem, it would be the one just prior to that. Couple things you can do, you can:
    Code:
    grep -B20 1ZhbkG-0003Iu-88 /var/log/exim_mainlog |grep -Ev 1ZhbkG-0003Iu-88
    This should should you the email sent just prior to mail delivery failed email from root was sent. Look for a line that contains 'cwd=' it should show the path to the PHP script.

    You can also use:
    Code:
    # head -1 /var/log/exim_mainlog | awk '{print $1}' ; awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr | head --lines 15 | egrep -v ' cwd=(/$|/etc/csf|/var/spool/exim)' ; tail -1 /var/log/exim_mainlog | awk '{print From $1}'
    This will show you all the folders on the server that are sending out mail, it won't show the script specifically but it will show you the amount of times that folder appears in the mail logs.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Yes, try searching for the message ID in /var/log/exim_mainlog to see if you can find out additional details, as mentioned in the previous post. I look forward to seeing the results.

    Thank you.
     
Loading...

Share This Page