Wrong recipient receiving email

Febndy Kwik

• July 23, 2025 06:48

I got a weird report from a client lately, it happened twice already, but I'm not sure what's the cause. I've googled, checked exim log and everything, so here I am.

I ran a hosting service, and a client use our server for emails. so most of the time everything is working fine, but these last few days, a report came in that one employee sent email to list of recipient lets say: A, B, C. and its sent with thunderbird. The recipient A, B and C receive the email just fine. but suddenly, recipient X, Y, and Z said they receive the email as well and they thought that its a mistakenly sent email. but when we check the mail delivery report on WHM, there are logs of the sender/employee sending the email to A, B, C, X, Y, Z. But the employee show us the header of the thunderbird, it only contains A, B, C and no X, Y, Z even in BCC. and then today it happen again to a different employee, but this time the recipient X, Y is in the WHM mail delivery report, but Z is not. but Z receive the email as well. I don't know what to check anymore, cause the sender show us the header, and there's no X, Y, Z. but the fact that recipient Z receive it cannot be denied. I've run immunify scan, and maldet scan on the account, nothing came up. any help please? or should I contact cpanel to take a look at this?

• 

  rbairwell

  • July 23, 2025 07:57

  Have they tried just sending to "A" and then to "B" and then to "C" to see if it is a singular address causing the issue?

  Have you tried the "Mail troubleshooter/Email trace" functionality to check the routing on those email addresses (they may have a forwarder/distribution/mailing list setup).

  Is your client using your server for outbound emails and are all the recipients local to that server or remote?

  0
• 

  Febndy Kwik

  • July 23, 2025 08:22

  the issue is when they are sending outbound email to a local recipient (A, B, C) but somehow the remore recipient received the email as well (X, Y, Z)
  
  I've done a trace to one of the remote recipient that receive the email, and it shows this: 
  
  

   

  I'm gonna try to do troubleshooter to all of the recipient and let you know if something is weird.

  0
• 

  Febndy Kwik

  • July 23, 2025 08:31

  hm.. one of the local recipient got this,
  
  

   

  I think because there's some autoresponder set for this account. is it possible that it affects that?

  0
• 

  mtindor

  • July 23, 2025 11:40

  Are recipients A,B,C,X,Y,Z all under the same domain?   Are the email domains for A,B,C,X,Y,Z all handled on the same server?

  I'd check /etc/valiases/domain.ext (where domain.ext is any of the affected domains)

  Could be that there are some "Forwarders" set in cPanel for one of the domains that ultimately end up causing an email to A, B or C (or A, B and C), to X, Y and Z also

  0
• 

  cPRex Jurassic Moderator

  • July 23, 2025 18:13

  This does sound like a forwarder issue of some sort - are there any configured in the account?  Can you check /etc/valiases/domain.com to see what is in that file?

  0

Please sign in to leave a comment.