Skip to main content

Mail Delivery Reports>Sender>[System]

TCC
I sometimes see in Mail Delivery Reports the sender as [System]. They're always a nonexistent randomuser@adomainIhost.whatever. What are they and where does the bounced "no such user here" go? Is it technically bounced but there's nowhere to bounce it to as the sender is [System]? Searching here returns nada with the term"[System]"in the reply that actually contains [System], yet I've been seeing and searching for this for nearly two years now. They come from Yahoo, outbound.protection.outlook.com, static.optonline.net and various domain names. Exim mainlog shows them as normal connections from whatever ip they're coming from. Is anyone else wondering about these entries?

Comments

3 comments

Date Votes
  • Infopro
    More details needed I think. Can you post a screenshot (after editing personal details out) of the Delivery Event Details slide you see one of these on in Mail Delivery Reports? Assuming the below is the case. There's a setting in WHM here: Home "Server Configuration "Tweak Settings, Mail tab:
    Initial default/catch-all forwarder destination Forwarding destination for a new account"s catch-all/default address. (Users may modify this value via the Default Address interface in cPanel.) "Fail" rejects the message and notifies the remote SMTP server. This is usually the best choice if you are getting mail attacks. "Blackhole" accepts and processes the message but then silently discards it. This avoids notifying the remote SMTP server but violates SMTP RFC 5321 and generally should not be used.
    There's a setting in cPanel here where you can add that message you mention: cPanel "EMAIL "Default Address
    Discard the email while your server processes it by SMTP time with an error message. Failure Message (seen by sender)
    The No Such User Here message has been added there I bet. This post by chirpy on ConfigServer's website might be of use: Why you should use :fail:
    0
  • TCC
    Both locations are set to :fail, so I guess there is no bounce. Seems pointless to send this sort of email. They don't come in often or fast enough to be an attack. I received two today an hour and a half apart. In cPanel, the message is there by default, if you try to remove it, you get> Failure message cannot be empty. Here's an example of the Mail Delivery Report. 32371
    0
  • cPanelMichael
    Hello :) You can search for the message in /var/log/exim_mainlog with a command such as:
    exigrep user@yahoo /var/log/exim_mainlog
    This should help narrow down the cause of the bounce. Thank you.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post