cPanel autoresponders and mailer-daemon

Autoresponders can cause unneccessary strain on WHM/cPanel admins and have them spend time on deleting unwanted emails.

A higher than usual rate of undeliverable email can be a sign of spam activity and there is already a mechanism in WHM/cPanel that locks mailing from accounts with more than average (admin defined) bounce rate. You may also have your own scripts parsing mail server logs and informing you about per account mail undeliverabilty statistics or regularily review WHM mailing statistics (takes more time).

With default setup, when an autoresponder is set and an email comes from a fake sender address you (sysadmin) are getting email in every single case of delivery problem and this may be problematic.

Let’s see the scenario for the article:

  1. Mail with fake sender is sent to a mailbox (‘YOURMBOX’) with autoresponder active.
  2. Mail server tries to send autoresponse but fails.
  3. Mailer daemon reports failure to YOURMBOX
  4. YOURMBOX sends autoresponder message to mailer daemon and it finally ends up into a live person mailbox (usuallay system administrator).

Now suppose you are the system administrator and do not want to receive the annoying autoreponder messages. One of possible solutions is to filter out (discard) these emails with Exim filter of the destination user (root in this case).

Here goes example .forward file (/root/.forward) that will be picked up by Exim and processed as Exim filter code.

# Exim filter
logfile $home/.forward.log
#logwrite "$tod_log $message_id $header_subject: $header_from: => $header_to:"
if error_message then finish endif

if $header_from: contains "user@ignored.domain" and $header_to: contains "mailer-daemon" then
#if $header_from: contains "user@ignored.domain" and not personal then
logwrite "$tod_log $message_id $header_subject: $header_from: => $header_to:"
    seen finish
endif
# deliver any non-filtered message to sysadmin
deliver support@yourcompany

For testing you may save an unwanted email source (that you prepared recipe for in the above filter) to a temporary folder say /tmp/meessage and run:

[~]# /usr/sbin/exim -v -bf .forward < /tmp/message
Sender taken from "From " line
Return-path taken from "Return-path:" header line
Return-path = user@ignored.domain
Sender      = -@local.server
Recipient   = root@local.server
Testing Exim filter file ".forward"

Logfile /root/.forward.log
Logwrite "2014-06-23 03:45:37 1Wyxsf-0004OV-Dz Subject "unwanted sender" <user@ignored.domain> => Mail Delivery System <Mailer-Daemon@local.server>\n"
Condition is false: error_message
Sub-condition is true: $header_from: contains user@ignored.domain
Sub-condition is true: not personal
Condition is true: $header_from: contains user@ignored.domain and not personal
Seen finish
Filtering set up at least one significant delivery or other action.
No other deliveries will occur.

to see if the message is correctly processed and recognized as the one that should be discarded. Logfile will not be wriiten to when testing. Instead the Logwrite line is printed to terminal. As you can see the filter matched with ‘Seen finish‘ that discarded the message.

On Centos/cPanel system default /etc/aliases defines

mailer-daemon: postmaster
postmater: root
# root: someone@real.domain <- DELETE OR COMMENT OUT THIS

so your undelivery notifications will go to root. Make sure you do not have root mapped to an other user or email in /etc/aliases. Remove the mapping if found. If root is mapped to an account or email in /etc/aliases then /root/.forward will not be processed at all.

With this simple filter we can get rid of messages generated by autoresponders and save time.

This entry was posted in Control Panels, Dedicated Server, Non-Java, Server Mangement, VPS. Bookmark the permalink.

One Response to cPanel autoresponders and mailer-daemon

  1. Sam says:

    Thanks for this tip, this works great!

    As a pointer to others: on our WHM / Cloudlinux setup, there is an /etc/localaliases in addition to /etc/aliases. Commenting out root in there made exim observe the /root/.forward file.

Leave a Reply

Your email address will not be published. Required fields are marked *


four × nine =

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>