Same Autoresponse Everyday
So everyday I get an email from one of my client's autoresponders without emailing them. I know that shouldn't be possible so I did some digging.
My site (mysite.com) and my clients (theirsite.com) are on the same VPS. The VPS uses my site's domain name (host.mysite.com). My server handles DNS and mail for both accounts.
I checked their autoresponders and it matches the one I got perfectly, no crazy setup there.
I looked in the Mail Delivery Reports section of WHM to see if anything had went from my email to theirs and I don't see anything for the days that I received messages.
I looked at the headers of the email and found the Message ID and tried looking up this and there were no results.
Here are the full headers:
Return-path:
Envelope-to: Mailer-Daemon@host.mysite.com
Delivery-date: Tue, 04 Aug 2015 15:53:37 -0500
Received: from mylongwayhome by host.mysite.com with local (Exim 4.85)
(envelope-from )
id 1ZMjDN-0001HA-LY
for Mailer-Daemon@host.mysite.com; Tue, 04 Aug 2015 15:53:37 -0500
To: Mail Delivery System
X-Autorespond: Mail delivery failed: returning message to sender
MIME-Version: 1.0
X-Loop: Mail Delivery System
Precedence: auto_reply
X-Precedence: auto_reply
Content-Transfer-Encoding: 8bit
From: "Their Name"
Content-type: text/plain; charset=utf-8
Subject: Thank you for contacting us!
Message-Id:
Date: Tue, 04 Aug 2015 15:53:37 -0500
How can I track this down and see whats causing this?
-
Hello :) Is it possible the email stems from a contact form installed on the website? Try searching for the message in /var/log/exim_mainlog for additional details. EX: exigrep user@domain /var/log/exim_mainlog
Thank you.0 -
Thanks Michael, Looking at the log the auto responder is triggered by a "Mail delivery failed" message from Mailer-Daemon@host.mysite.com. Is it possible to make the auto responder ignore these messages or have that email ignore replies? 0 -
In my experience what generally happens is... your client received an email, they auto-respond back to the email that sent to them, that email could not be delivered and bounces back from the Mailer Daemon, which then auto-responds again but this time it arrives to you as the Root Administrator / Postmaster. It likely only comes once a day because their auto-responder is set to only respond once every 24 hours. 0 -
That's definitely happening, hopefully there is some way to make mailer daemon drop all incoming replies or stop this kind of thing happening. 0 -
SpamAssassin is enabled but I'm not sure about RBL. Greylisting probably will not be an option with this. 0 -
SpamAssassin is enabled but I'm not sure about RBL. Greylisting probably will not be an option with this.
You can review which RBL options are enabled by browsing to the "RBLs" tab in "WHM Home " Service Configuration " Exim Configuration Manager". Thank you.0 -
These are the RBL settings on the server: Origin RBL name DNS list Info URL Action System spamcop bl.spamcop.net http://spamcop.net/bl.shtml System spamhaus zen.spamhaus.org http://www.spamhaus.org/zen/index.lasso System spamhaus_spamcop zen.spamhaus.org, bl.spamcop.net0 -
The output you provided does not indicate if those lists are enabled. Enabling one or more of these lists may help to prevent the amount of incoming SPAM you receive. Thank you. 0 -
Those are enabled, its not spam that we are receiving but an autoresponse from a user when they get the "message note delivered" message. 0 -
Typically mail sent from invalid email addresses are SPAM messages. One other option to consider is to enable "Reject SPF Failures" under the "ACL Options" tab in "WHM >> Exim Configuration Manager". This will reject mail at SMTP time if the sender fails SPF checks. Thank you. 0
Please sign in to leave a comment.
Comments
11 comments