Mail queue is full of mails for non existing accounts
There are a lot of spam mails in my VPS's Mail Queue, all the Recipient(s) are non existing accounts, there is no account like this or there is no alias for them.
It suddenly started a few days ago, I didn't have such a problem before.
What I did;
In "Tweak Settings / Mail" settings, I changed "Initial default/catch-all forwarder destination" to
"System account", "Fail" and "Blackhole" in order, and I restarted Exim after each change. None of the 3 methods worked, there are still a lot of spam mails waiting in the queue, everyday I delete the queue manually 4 - 5 times.
What may be the problem?
-
In "Tweak Settings / Mail" settings, I changed "Initial default/catch-all forwarder destination" to "System account", "Fail" and "Blackhole" in order
That's for new accounts created after you change it I believe. Initial default/catch-all forwarder destination Forwarding destination for a new account"s catch-all/default address.
You might check the cPanel account's setting under the Default Address section to make sure this is configured for the account itself assuming it's an existing account. Preferred setting: Discard the email while your server processes it by SMTP time with an error message. Failure Message (seen by sender) No Such User Here (Or whatever you want.)0 -
OK, thank you for your message, here are what I did; 1) In WHM / Tweak Settings / Mail; I selected "System account" in "Initial default/catch-all forwarder destination", restarted Exim. 2) I have 48 accounts in VPS, I entered all of them cPanel's one by one, I entered "Default Address" as you said, selected "Forward to your system account "$user"" and click on "Change". I did this for all the accounts. I restarted VPS. But there are still messages in the queue for non-existing accounts. Some of them are frozen, some of them are still queued. Unfortunately it seems like "Forward to your system account" setting is not working. What can I do more? 0 -
Hello, Could you let us know the output from WHM when attempting to deliver one of the messages in the queue? Thank you. 0 -
Here it is; LOG: MAIN cwd=/usr/local/cpanel/whostmgr/docroot 4 args: /usr/sbin/exim -v -M 1eLtd3-0002b4-8h delivering 1eLtd3-0002b4-8h LMTP<< 220 server.example.com Dovecot ready. LMTP>> LHLO server.example.com LMTP<< 250-server.example.com LMTP<< 250-STARTTLS LMTP<< 250-8BITMIME LMTP<< 250-ENHANCEDSTATUSCODES LMTP<< 250 PIPELINING LMTP>> MAIL FROM:<> LMTP<< 250 2.1.0 OK LMTP>> RCPT TO: LMTP<< 250 2.1.5 OK LMTP>> DATA LMTP<< 354 OK LMTP>> writing message and terminating "." LMTP<< 451 4.2.0 Internal error occurred. Refer to server log for more information. [2017-12-04 22:15:51] LMTP>> QUIT LMTP<< 221 2.0.0 OK LOG: MAIN == cafeturc@server.example.com R=localuser T=dovecot_delivery defer (-46): LMTP error after end of data: 451 4.2.0 Internal error occurred. Refer to server log for more information. [2017-12-04 22:15:51]
Another one;LOG: MAIN cwd=/usr/local/cpanel/whostmgr/docroot 4 args: /usr/sbin/exim -v -M 1eLtJo-00028L-5V delivering 1eLtJo-00028L-5V LMTP<< 220 server.example.com Dovecot ready. LMTP>> LHLO server.example.com LMTP<< 250-server.example.com LMTP<< 250-STARTTLS LMTP<< 250-8BITMIME LMTP<< 250-ENHANCEDSTATUSCODES LMTP<< 250 PIPELINING LMTP>> MAIL FROM:<> LMTP<< 250 2.1.0 OK LMTP>> RCPT TO: LMTP<< 250 2.1.5 OK LMTP>> DATA LMTP<< 354 OK LMTP>> writing message and terminating "." LMTP<< 451 4.2.0 Internal error occurred. Refer to server log for more information. [2017-12-04 22:16:26] LMTP>> QUIT LMTP<< 221 2.0.0 OK LOG: MAIN == econmtr1@server.example.com R=localuser T=dovecot_delivery defer (-46): LMTP error after end of data: 451 4.2.0 Internal error occurred. Refer to server log for more information. [2017-12-04 22:16:26]0 -
R=localuser T=dovecot_delivery defer (-46): LMTP error after end of data: 451 4.2.0 <> Internal error occurred. Refer to server log for more information. [2017-12-04 22:16:26]
Hello, This can suggest a missing email directory or an email directory with invalid ownership/permissions. First, check that the following directories exist: /home/username/mail/cur/ /home/username/mail/new If so, try running the following command for the cPanel user that's facing the issue to see if you notice any specific errors:/scripts/mailperm $username --verbose
Thank you.0 -
Yes, "cur" and "new" directories exit in all users (total 48 user). But when I try to run your following command, for example /scripts/mailperm removed --verbose for the first user, the result is; [removed due to inclusion of real domain names] Failed to chown "/home/removed/mail/cur" to group "removed": Operation not permitted at /usr/local/cpanel/Cpanel/Email/Perms/User.pm line 312. [removed due to inclusion of real domain names] So, please tell me the next step. 0 -
Hello, You can check the ownership/permissions/attributes of each of those directories with commands such as: stat /home/user/mail/cur lsattr /home/user/mail/new
Check the parent directory as well (e.g. /home/user/mail). Permissions on the directories should be 0751, with both user and group ownership set to the account username. The file attribute output should look like this:---------------- /home/user/mail
Thank you.0 -
Here are the results; [root@server /]# stat /home/removed/mail/cur File: "/home/removed/mail/cur" Size: 4096 Blocks: 8 IO Block: 4096 directory Device: 802h/2050d Inode: 6292309 Links: 2 Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2017-11-28 03:19:38.623009222 +0300 Modify: 2017-11-28 03:19:38.623009222 +0300 Change: 2017-11-28 03:19:38.623009222 +0300 Birth: - [root@server /]# stat /home/removed/mail/new File: "/home/removed/mail/new" Size: 4096 Blocks: 8 IO Block: 4096 directory Device: 802h/2050d Inode: 6292307 Links: 2 Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2017-11-28 03:19:39.183010775 +0300 Modify: 2017-11-28 03:19:39.183010775 +0300 Change: 2017-11-28 03:19:39.183010775 +0300 Birth: - [root@server /]# stat /home/removed/mail File: "/home/removed/mail" Size: 4096 Blocks: 8 IO Block: 4096 directory Device: 802h/2050d Inode: 6293594 Links: 14 Access: (0751/drwxr-x--x) Access: 2017-08-05 14:36:07.496608037 +0300 Modify: 2017-12-05 22:23:45.439788551 +0300 Change: 2017-12-05 22:23:45.439788551 +0300 Birth: - Yes, parent directory has 0751, but cur and new directories have 0755 permissions. If "Repair Mailbox Permissions" in WHM and "/scripts/mailperm $username --verbose" both don't work, how can I fix these permissions? 0 -
Hello, Uid: ( 0/ root) Gid: ( 0/ root)
The "cur" and "new" directories are owned by root. You need to update ownership to match the account username and then run the mailbox permission repair script again. EX:chown user.user /home/user/mail/cur chown user.user /home/user/mail/new
Note that you should refrain from using real domain names and usernames in your responses as this is a publicly visible forum. Thank you.0 -
Yes, here is the solution, thank you so much Michael. What I did; I made "chown user.user /home/user/mail/cur" and "chown user.user /home/user/mail/new" to all users, then "/scripts/mailperm $username --verbose" to all users again. So, all the cur and new directories had 0751 permissions, and mail queue is back to normal, no more queing non existing accounts. Problem is solved, thank you so much again. 0 -
Hello, I'm glad to see that helped! Thank you for updating us with the outcome. Note that ownership is typically set to root when a directory is created/restored directory via SSH while logged in as the "root" user. To prevent this from happening in the future, remember to access SSH as the account username when performing such actions. Thanks! 0
Please sign in to leave a comment.
Comments
11 comments