Problem delivering emails to domain owner/system accounts

Fatty

Verified User
Joined
Aug 3, 2011
Messages
9
This problem apparently began occurring after I setup DKIM/SPF/DMARC for all of my domains in July 2018, but it has gone unnoticed until today. When I send an email from a remote server to a virtual email address on my server, there are no issues. However, if I send an email to a domain owner's DirectAdmin-assigned email account, for example '[email protected]' where the email/DirectAdmin login would simply be 'domainowner', the email fails to find its way to where it needs to be. The corresponding entries from the mainlog are as follows:

Code:
2019-01-18 05:44:24 1gkMx6-0004Rr-EI DKIM: d=gmail.com s=20161025 c=relaxed/relaxed a=rsa-sha256 b=2048 [verification succeeded]
2019-01-18 05:44:24 1gkMx6-0004Rr-EI <= [email protected] H=mail-wr1-f51.google.com [209.85.221.51] P=esmtps X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no S=2757 id=CAD_03fyEYgHBQEfrrTwcWA11gDkStqVyGHUe06YtLfrGNcrpnw@mail.gmail.com T="Are you getting emails?" from <[email protected]> for [email protected]
2019-01-18 05:44:24 1gkMx6-0004Rr-EI Failed to find user "" from expanded string "${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}" for the domain_filter router
2019-01-18 05:44:24 1gkMx6-0004Rr-EI == [email protected] <[email protected]> R=domain_filter defer (-1): Failed to find user "" from expanded string "${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}" for the domain_filter router
2019-01-18 05:44:24 1gkMx6-0004Rr-EI Failed to find user "" from expanded string "${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}" for the domain_filter router
2019-01-18 05:44:24 1gkMx6-0004Rr-EI == [email protected] <[email protected]> R=domain_filter defer (-1): Failed to find user "" from expanded string "${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}" for the domain_filter router
2019-01-18 05:44:24 1gkMx6-0004Rr-EI ** [email protected] <[email protected]>: retry timeout exceeded
2019-01-18 05:44:24 1gkMx6-0004Rr-EI ** [email protected] <[email protected]>: retry timeout exceeded
2019-01-18 05:44:24 1gkMx6-0004Rv-JV <= <> R=1gkMx6-0004Rr-EI U=mail P=local S=4339 T="Mail delivery failed: returning message to sender" from <> for [email protected]
2019-01-18 05:44:24 1gkMx6-0004Rr-EI Completed
2019-01-18 05:44:25 1gkMx6-0004Rv-JV H=gmail-smtp-in.l.google.com [2a00:1450:4010:c0a::1b] No route to host
2019-01-18 05:44:26 1gkMx6-0004Rv-JV => [email protected] F=<> R=lookuphost T=remote_smtp S=4444 H=gmail-smtp-in.l.google.com [173.194.221.26] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=yes C="250 2.0.0 OK 1547791018 t6-v6si3529492lje.173 - gsmtp"
2019-01-18 05:44:26 1gkMx6-0004Rv-JV Completed

In this instance, an email would've been sent to '[email protected]', where 'domainowner' is the user who owns 'example.com', and it's correctly reflected as such in /etc/virtual/domainowners. I've checked /etc/virtual/domainowners to be sure that it contains all of the domains present on the server, and it looks just as it should, and also has the correct permissions (0644 mail:mail). I also checked /etc/virtual/domains, and it looks fine as well. Looking at the aforementioned entries of the mainlog, this part is what bothers me:
Code:
Failed to find user "" from expanded string "${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}" for the domain_filter router

I'm wondering if there's something wrong with the domain_filter router in my exim.conf, some other part of the exim.conf, or maybe even something else completely. The only parts of the exim.conf file (according to a diff from the current one and a backup from June 2017) that were changed at some point are the following (I'm not sure which of these were changed when I setup DKIM/SPF/DMARC):

Code:
#.include_if_exists /etc/exim.spamassassin.conf

CHANGED TO:

.include_if_exists /etc/exim.spamassassin.conf

Code:
domain_filter:
  driver = redirect
  allow_filter
  no_check_local_user
  condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}"
  user = "mail"
  file = /etc/virtual/${domain}/filter
  file_transport = address_file
  pipe_transport = virtual_address_pipe
  retry_use_local_part
  no_verify


CHANGED TO:


domain_filter:
  driver = redirect
  allow_filter
  no_check_local_user
  condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}"
  user = "${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}"
  group = "mail"
  file = /etc/virtual/${domain}/filter
  directory_transport = address_file
  pipe_transport = virtual_address_pipe
  retry_use_local_part
  no_verify

Code:
local_delivery:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  file = /var/mail/$local_part
  group = mail
  mode = 0660
  return_path_add
  user = ${local_part}


CHANGED TO:


local_delivery:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  directory = /home/$local_part/Maildir/
  directory_mode = 770
  create_directory = true
  maildir_format
  group = mail
  mode = 0660
  return_path_add
  user = ${local_part}

Code:
virtual_localdelivery:
  driver = appendfile
  create_directory
  delivery_date_add
  directory_mode = 700
  envelope_to_add
  file = /var/spool/virtual/${domain}/${local_part}
  group = mail
  mode = 660
  return_path_add
  user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}"
  quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}}


CHANGED TO:


virtual_localdelivery:
  driver = appendfile
  create_directory
  delivery_date_add
  directory_mode = 770
  envelope_to_add
  directory = /home/${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}/imap/${domain}/${local_part}/Maildir
  maildir_format
  group = mail
  mode = 660
  return_path_add
  user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}"
  quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}}

Code:
remote_smtp:
  driver = smtp


CHANGED TO:


remote_smtp:
  driver = smtp
.include_if_exists /etc/exim.dkim.conf

Any help figuring this out would be greatly appreciated.
 
One thing I also forgot to mention is that I changed the hostname through the DA UI just before I setup DKIM, and I also setup DKIM for the new hostname. When checking /etc/virtual/[hostname] I noticed that I see a file structure similar to other domains, including the DKIM key files. Should the hostname directory contain only three two DKIM files? I'm not sure how the other files got there, but could that be what is causing this problem? If so, should I remove the other files?

For reference, the bounced email looks like this:

Code:
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  [email protected]
    (ultimately generated from [email protected])
    retry timeout exceeded
  [email protected]
    (ultimately generated from [email protected])
    retry timeout exceeded

Where example.com is the domain, and server.example.com is the hostname. The domains are identical other than 'server.' being included at the beginning of the domain for the hostname. As it stands, all virtual email accounts can receive mail normally, but all user/server accounts (those generated by DA automatically when creating a new user) fail almost identically to this.
 
Last edited:
Hello,

It seems you have /etc/exim.conf of the 2.x version. You might try exim.conf 4.5 and see whether or not it helps.
 
I updated to exim.conf 4.5, but the problem remained.

However, it seems that my previous suspicion was correct. I deleted all files in /etc/virtual/[hostname] other than the DKIM public and private key files. As it turns out, there's a reason that aliases and passwd files shouldn't exist in the hostname's virtual directory. I'm not sure how they got there, but removing them has fixed this issue.
 
Actually they should exist, I have them in all of my /etc/virtual/[domainname] directories and I am able to receive emails to the main account. My guess is that those files may not have been configured correctly which is why your emails weren't delivered.

The /etc/virtual/[domainname]/aliases file is used for directing certain email addresses, for example lets assume the following:
domain name: greatweb.com
domain owner: dude

I would expect to see the following files contain the following lines at a minimum:
/etc/virtual/domains:
greatweb.com

/etc/virtual/domainowners:
greatweb.com: dude

/etc/virtual/greatweb.com/aliases:
dude:dude

The /etc/virtual/greatweb.com/passwd file is only used for virtual users and has nothing to do with the domain owner.

I am guessing that your aliases file didn't contain the:
domainowner:domainowner
line hence it couldn't find the correct destination for the email. That aliases is basically telling exim that [email protected] should be delivered to the local user named dude.

The aliases and passwd files are created and maintained by Directadmin and will probably re-appear at some time in the future when an action is requested that would require an update to one of those files
 
I understand that they're required in the domain directories, but I've noticed in the DA support section related to this is that there should be no files in the virtual directory for the hostname. I didn't touch those files in the other virtual directories - only the files in the one for the hostname (server.example.com in my situation).

For clarification, I'm referring to https://help.directadmin.com/item.php?id=16, where it states
5) The directory /etc/virtual/hostname must exist.. (eg: /etc/virtual/server.domain.com). It must not contain any files.

In my situation, it seems that the existence of aliases and passwd files in the directory belonging to the hostname screwed up the mail system. In fact, those files were setup as you suggested, with the passwd and aliases files in the correct format with usernames, but they were users for the domain related to the hostname (domain.com). They shouldn't have been, though, because those users don't exist for the hostname, nor do they have any control over that zone (server.domain.com).
 
Last edited:
That is one of the problems when you post and obfuscate your information. It isn't clear exactly what you were trying to say. You are correct in that the /etc/virtual/${hostname} directory should be empty while all the /etc/virtual/${domainname} directories should not be empty.
 
I didn't think I was being unclear, so I apologize for the confusion. However, I referred to that directory as /etc/virtual/[hostname], and also specifically mentioned the hostname where necessary throughout the entire thread. ;-)
 
Back
Top