Incoming Email Deferred
Hello,
I have incoming email from one domain being deferred even though there is no filter I can find.
I have no global email filters, no email filter for this email address and the incoming domain is not whitelisted or blacklisted in the Spam Filters.
The Delivery Event Details are as follows:
What are the next steps to take to resolve this issue?
Thank you,
Jaber222
| Event: | defer |
| User: | -remote- |
| Domain: | |
| From Address: | xxxxxxxxxx@xxxxxxxxxx.com |
| Sender: | |
| Sent Time: | Nov 2, 2023, 9:49:21 PM |
| Sender Host: | xxxxxxxxxxxx.com |
| Sender IP: | xxx.xxx.xxx.xxx |
| Authentication: | localdelivery |
| Spam Score: | -1.9 |
| Recipient: | xxxxxxx@xxxxxxxxx.com |
| Delivery User: | xxxxxxxxx |
| Delivery Domain: | xxxxxxxxxxxx.com |
| Delivered To: | |
| Router: | virtual_user |
| Transport: | dovecot_virtual_delivery |
| Out Time: | Nov 2, 2023, 9:49:21 PM |
| ID: | 1qykF4-00039v-2p |
| Delivery Host: | |
| Delivery IP: | |
| Size: | 16.22 KB |
| Result: | R=virtual_user T=dovecot_virtual_delivery defer (-1) |
-
Please share the output of the below command: # cat /var/log/maillog | grep "user@your-local-domain.com"0 -
The directory /var/log contains no file called maillog. When I try to find the file using the following command it does not find the file and gets a lot of "permission denied" for directories. I am on a shared host. find . -name "maillog"
Any other ideas where I might be able to find the file?0 -
Sorry, it is /var/log/exim_mainlog
typo error in my last response.0 -
@kodeslogic I know you didn't just have someone grep their cat!!!!!!!! An even better solution may be to pull everything related to that mail ID with this command: grep 1qykF4-00039v-2p /var/log/exim_mainlog
as that would show the entire transaction. Just be sure to anonymize any personal info.0 -
@cPRex isn't it exigrep 1qykF4-00039v-2p /var/log/exim_mainlog 0 -
I suppose you could, but I've always just used normal grep and it's got me this far :D 0 -
The only directories in my /var/log/ directory are php related and have names like "alt-php82-newrelic". I tried to find a file called exim_mainlog. The find command did not return a find but returned a bunch of directories with "Permission denied". 0 -
Are you logged in to SSH as the root user, or just a cPanel user? 0 -
He is as normal user in CloudLinux CageFS 0 -
A normal user isn't going to have access to those files - @Jaber222 - it sounds like you're checking /home/username/var instead of /var, which you wouldn't be able to see without root access. You'll need to speak to your hosting provider to have them do additional troubleshooting. 0 -
cPanel user is able to see contents of directory /var/log/, but can't read them (except a few), user in CloudLinux CageFS can't see what is in directory /var/log 0 -
@cPRex I was logging in to cPanel and then opening Terminal. So as @quietFinn and you have stated I am not looking at the correct directory and I do not have access to it. I will contact my hosting company to request information from exim_mainlog for the transaction in question. 0 -
I requested that the hosting company run the following command: grep 1qykF4-00039v-2p /var/log/exim_mainlog
This is the output they sent to me: 2023-11-06 16:54:01 1qykF4-00039v-2p Message is frozen 2023-11-06 17:50:46 1qykF4-00039v-2p Message is frozen 2023-11-06 18:58:04 1qykF4-00039v-2p Message is frozen 2023-11-06 19:52:23 1qykF4-00039v-2p Message is frozen 2023-11-06 20:49:59 1qykF4-00039v-2p Message is frozen 2023-11-06 21:57:17 1qykF4-00039v-2p Message is frozen 2023-11-06 22:57:47 1qykF4-00039v-2p Message is frozen Edit: After posting this message I noticed that the log is showing information for yesterday even though the email was sent on November 2. Is it possible that the email is just sitting in the host's email system and not being delivered?0 -
That's exactly what is happening - I'm not sure why they didn't offer to fix the issue instead of just sending you the output, but there is an issue with the mail queue on the server that needs to be resolved. 0 -
I had the hosting company send the log for the date when the problem email was received. Here it is: [QUOTE] /var/log/exim_mainlog-20231105.gz:2023-11-02 21:49:06 1qykF4-00039v-2p H=senderdomain.com [xxx.xxx.xxx.xxx]:19962 Warning: "SpamAssassin as cpaneluser detected message as NOT spam (-1.9)" /var/log/exim_mainlog-20231105.gz:2023-11-02 21:49:06 1qykF4-00039v-2p <= donotreply@support.senderdomain.com H=senderdomain.com [xxx.xxx.xxx.xxx]:19962 P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=16605 T="Alerts" for recipient@recipientdomain.com /var/log/exim_mainlog-20231105.gz:2023-11-02 21:49:06 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1qykF4-00039v-2p /var/log/exim_mainlog-20231105.gz:2023-11-02 21:49:06 1qykF4-00039v-2p rewrite: missing or malformed local part /var/log/exim_mainlog-20231105.gz:2023-11-02 21:49:06 1qykF4-00039v-2p failed to read delivery status for recipient@recipientdomain.com from delivery subprocess /var/log/exim_mainlog-20231105.gz:2023-11-02 21:49:06 1qykF4-00039v-2p lmtp transport process returned non-zero status 0x0100: exit code 1 /var/log/exim_mainlog-20231105.gz:2023-11-02 21:49:06 1qykF4-00039v-2p == recipient@recipientdomain.com R=virtual_user T=dovecot_virtual_delivery defer (-1) 0
Please sign in to leave a comment.
Comments
16 comments