Email delivered to an unknown email address

smeko

• April 27, 2021 09:40

Hello everyone, I am adminstrating a cpanel shared hosting server and one of my client is facing an issue with email deliverability for one email account within its domain. I checked mail delivery report and as i see email is not delivered to local email address as below:

Event:	success alt="success">https://cpanel2.abcom.al:2087/cPanel_magic_revision_0/cjt/images/icons/success.png
Sender User:	user
Sender Domain:	mydomain
From Address:	from@otherdomain.com
Sender:	example@mydomain
Sent Time:	Apr 27, 2021, 4:32:16 PM
Sender Host:	authsmtp28.register.it
Sender IP:	81.88.54.69
Authentication:	forwarder
Spam Score:
Recipient:	example@mydomain
Delivered To:	user@gmail.com
Delivery User:	-remote-
Delivery Domain:
Router:	dkim_lookuphost
Transport:	dkim_remote_smtp
Out Time:	Apr 27, 2021, 4:32:16 PM
ID:	1lbOkx-00Grzp-UQ
Delivery Host:	gmail-smtp-in.l.google.com
Delivery IP:	172.217.218.26
Size:	501.53 KB
Result:	Accepted

Why authentication type is forwarder ? i dont know user@gmail.com. Please can you help me troubleshoot this? I think this account is hacked but dont know how to resolve this. Silvi

• 

  cPRex Jurassic Moderator

  • April 27, 2021 15:42

  Hey there! It seems like there is a forwarder setup in cPanel for the email address. If you check cPanel >> Forwarders do you see any created there?

  0
• 

  smeko

  • April 27, 2021 21:27

  Yes i checked and there is no forward rule that forward example@mydomain.com to that gmail address. That is weird. Silvi

  0
• 

  cPRex Jurassic Moderator

  • April 28, 2021 12:24

  Do you see anything set up in /etc/valiases/domain.com that could explain this?

  0
• 

  smeko

  • April 28, 2021 12:38

  Hi, The forward rules did not exist on forwarders but in a email account specific filter. I deleted that filter and everything is ok now. Thank you Silvi

  0
• 

  cPRex Jurassic Moderator

  • April 28, 2021 12:39

  I'm glad you were able to track that down :D

  0
• 

  Pak Ardiansyah

  • April 21, 2022 03:53

  hi iam facing this problem to, i has checked etc/valiases/domain.com and there is some gmail addresses. just want to know how this problem can be happen. I mean, our user not create any filter or forwarder in cpanel. is this from malware or virus through outlook?

  0
• 

  cPRex Jurassic Moderator

  • April 21, 2022 15:24

  @Pak Ardiansyah - if you don't recognize those addresses, I suppose it could be malicious content, but it is possible to just write values to those files directly over an SSH connection. Mailman also uses these files as well to setup list forwarding addresses, so that is another option.

  0

Please sign in to leave a comment.