Published on Jun 24 2014 in Control Panels Dedicated Server Non-Java Server Mangement VPS

Autoresponders can cause unneccessary strain on WHM/cPanel admins and have them spend time on deleting unwanted emails.

A higher than usual rate of undeliverable email can be a sign of spam activity and there is already a mechanism in WHM/cPanel that locks mailing from accounts with more than average (admin defined) bounce rate. You may also have your own scripts parsing mail server logs and informing you about per account mail undeliverabilty statistics or regularily review WHM mailing statistics (takes more time).

With default setup, when an autoresponder is set and an email comes from a fake sender address you (sysadmin) are getting email in every single case of delivery problem and this may be problematic.

Let's see the scenario for the article:

  1. Mail with fake sender is sent to a mailbox ('YOURMBOX') with autoresponder active.
  2. Mail server tries to send autoresponse but fails.
  3. Mailer daemon reports failure to YOURMBOX
  4. YOURMBOX sends autoresponder message to mailer daemon and it finally ends up into a live person mailbox (usuallay system administrator).

Now suppose you are the system administrator and do not want to receive the annoying autoresponder messages. One of possible solutions is to filter out (discard) these emails with Exim filter of the destination user (root in this case).

Here goes example .forward file (/root/.forward) that will be picked up by Exim and processed as Exim filter code.

# Exim filter
logfile $home/.forward.log
#logwrite "$tod_log $message_id $header_subject: $header_from: => $header_to:"
if error_message then finish endif

if $header_from: contains "[email protected]" and $header_to: contains "mailer-daemon" then
#if $header_from: contains "[email protected]" and not personal then
    logwrite "$tod_log $message_id $header_subject: $header_from: => $header_to:"
 seen finish
# deliver any non-filtered message to sysadmin
deliver support@yourcompany 

For testing you may save an unwanted email source (that you prepared recipe for in the above filter) to a temporary file say /tmp/message and run:

[~]# /usr/sbin/exim -v -bf .forward < /tmp/message
Sender taken from "From " line
Return-path taken from "Return-path:" header line
Return-path = [email protected]
Sender = [email protected]
Recipient = [email protected]
Testing Exim filter file ".forward"

Logfile /root/.forward.log
Logwrite "2014-06-23 03:45:37 1Wyxsf-0004OV-Dz Subject "unwanted sender" <[email protected]> => Mail Delivery System <[email protected]>\n"
Condition is false: error_message
Sub-condition is true: $header_from: contains [email protected]
Sub-condition is true: not personal
Condition is true: $header_from: contains [email protected] and not personal
Seen finish
Filtering set up at least one significant delivery or other action.
No other deliveries will occur.

to see if the message is correctly processed and recognized as the one that should be discarded. Logfile will not be written to when testing. Instead the Logwrite line is printed to terminal. As you can see the filter matched with 'Seen finish' that discarded the message.

On Centos/cPanel system default /etc/aliases defines

mailer-daemon: postmaster
postmater: root
# root: [email protected] <- DELETE OR COMMENT OUT THIS

so your undelivery notifications will go to root. Make sure you do not have root mapped to an other user or email in /etc/aliases. Remove the mapping if found. If root is mapped to an account or email in /etc/aliases then /root/.forward will not be processed at all.

With this simple filter we can get rid of messages generated by autoresponders and save time.


In newer versions of cpanel (Q3 2016) Exim has localuser_root rule that will ignore mail destined for root with root cannot accept local mail deliveries. In such case you need to map root to an other (auxiliary) user in /etc/aliases and move root's .forward to this user home directory. Do not forget to update .forward ownership.