Case of missing mails

A

anay

Verified User
Joined
Dec 7, 2005
Messages
119
Hi,
One of my user is saying that he has been missing some CC and BCC mails sent to him. I am not able to figure out what is happening.
As per exim/mainlog mail was received and deliverd to user inbox, but user says he never received it. He reports few other mails never reaching him.

One such example log :

Code: 
2024-06-28 21:15:48 1sNDnI-0000000DYwf-252z <= [email protected] H=mail-wr1-f44.google.com [209.85.221.44] P=esmtps X=TLS1.3:TLS_AES_256_GCM_SHA384:256 CV=no S=11630009 DKIM=gmail.com id=CAF-qeHeFgMOyGC5g1xs9ok-q79su9t4GxJrt1OYJF87ctSd5pQ@mail.gmail.com T="M6 Combined report (PDF)" from <[email protected]> for [email protected]
2024-06-28 21:15:50 1sNDnI-0000000DYwf-252z => myuser <[email protected]> F=<[email protected]> R=virtual_user T=dovecot_lmtp_udp S=11781224 C="250 2.0.0 <[email protected]> MLRbOKzafmZg4DAA6furAw Saved"
2024-06-28 21:15:50 1sNDnI-0000000DYwf-252z Completed

So mail was recieved by server and then sent to user mailbox.
- But I can't find anything else anywhere.
- Here user is using gmail as POP client, so once mails are in Gmail, they get removed from server.
- I am not able to replicated issue yet user keeps on complaining.
- Spamassassin is set no to delete spam mails, rather simply mark them spam.

Here, where should I start ?

I wish, DA had cPanel like mailqueue GUI, would have been lot easier to troubleshoot such issues.
 
anay said:
- But I can't find anything else anywhere.
Click to expand...
Hard to find if user is using pop. Just to be sure check users filter settings, if needed via roundcube to see if there are no filters set by the user which could explain this.

If I'm not mistaken then cPanel is using the configserver mail queue, which you also can install in DA:

ConfigServer Mail Queues (cmq) – ConfigServer Services

configserver.com configserver.com

However, it won't help you troubleshoot this with pop3, mails will be gone anyway.

You could ask the user if you were allowed to temporarily create an automatic forward to your mail too, for investigation purposes. The you can see if the mail arrives. If it does, then it must be caused by user's Gmail settings most likely.

Probably it's possible to have Gmail also to leave mails (even for pop3) a certain amount of days on the server. If the customer is willing to use this setting, it can also make investigation more easy.

Probably others also have some good idea's about tracing this.
 
cmq won't help as its for mail-queue and I don't have any queue. Also I am interested more in incoming, there you hardly see queue. I need something which keeps track of delivery, failures etc. as we see in cpanel. This is not first time, few things should be in GUI as this is what a Web hosting panel is supposed to do. Else we can already do everything via CLI ourselves.

Also, if you see my example log above, this is message ID 1sNDnI-0000000DYwf-252z.
If I run command to find header for that messages, I get following :

Code: 
~# exim -Mvh 1sNDnI-0000000DYwf-252z
Failed to open input file for 1sNDnI-0000000DYwf-252z-H: No such file or directory


Is it normal, or I am doing something wrong ?

 
anay said:
This is not first time, few things should be in GUI as this is what a Web hosting panel is supposed to do
Click to expand...
Well, not really. If cPanel does it, doesn't mean it's a panel's job. But it does make life easier. I believe the modern version of DA has something like this, but I'm not sure as I'm using legacy licenses.

anay said:
Is it normal, or I am doing something wrong ?
Click to expand...
I don't know, I never use that command.

Maybe @Ohm J or @Stije have some good idea how to trace it.
 
anay said:
Also, if you see my example log above, this is message ID 1sNDnI-0000000DYwf-252z.
If I run command to find header for that messages, I get following :

Code: 
~# exim -Mvh 1sNDnI-0000000DYwf-252z
Failed to open input file for 1sNDnI-0000000DYwf-252z-H: No such file or directory


Is it normal, or I am doing something wrong ?
Click to expand...
Yes, this is normal.

This command is for viewing the headers of a message that is in the Exim mail queue. As 1sNDnI-0000000DYwf-252z was already delivered, it no longer exists in the mail queue.

If the user is popping the mail in their Gmail account, I would check the Gmail account's spam folder as Gmail may have routed the message there

The line in the log:

2024-06-28 21:15:50 1sNDnI-0000000DYwf-252z => myuser <[email protected]> F=<[email protected]> R=virtual_user T=dovecot_lmtp_udp S=11781224 C="250 2.0.0 <[email protected]> MLRbOKzafmZg4DAA6furAw Saved"

Will tell you that Exim is done with the message. It delivered the message so it's management of the message is over with.

What happened after that... hard to say.
 
/var/log/exim/rejectlog
/var/log/exim/paniclog

Don't have any relate logs issied ?
 
Last edited:
sparek said:
Yes, this is normal.

This command is for viewing the headers of a message that is in the Exim mail queue. As 1sNDnI-0000000DYwf-252z was already delivered, it no longer exists in the mail queue.

If the user is popping the mail in their Gmail account, I would check the Gmail account's spam folder as Gmail may have routed the message there

The line in the log:

2024-06-28 21:15:50 1sNDnI-0000000DYwf-252z => myuser <[email protected]> F=<[email protected]> R=virtual_user T=dovecot_lmtp_udp S=11781224 C="250 2.0.0 <[email protected]> MLRbOKzafmZg4DAA6furAw Saved"

Will tell you that Exim is done with the message. It delivered the message so it's management of the message is over with.

What happened after that... hard to say.
Click to expand...
Thanks for clarification, appreciated.
Further you are right because per se log, it is delivered properly.


Ohm J said:
/var/log/exim/rejectlog
/var/log/exim/paniclog

Don't have any relate logs issied ?
Click to expand...
Nothing in there.

I checked, there are no filters applied in webmail or anywhere which I know. Further I am not sure about the order, however how spam mails are handled, if anthing which is rejected by spamassassin, it should be loged server (reject.log) or there are some other logs too?
 
Code: 
/var/log/maillog
/var/log/exim/*
Relate all exim and dovecot logs should only in these path. it might get rotating., are you checking other relate filename yet?
 
Yes, I am checking all related files, example, if I am using exigrep, then I am doing this :
Code: 
exigrep user@email /var/log/exim/maillog*
That way older logs are also being scanned. I see I have about 2 weeks worth of logs.
 
This is getting weird, user complained missing mail which was sent to him and cc to someone on gmail. Gmail received the mail but this user didn't. I can't find mail in server logs either. My understanding is it that it never reached server however, user is saying that this is server issue.
 
anay said:
My understanding is it that it never reached server however, user is saying that this is server issue.
Click to expand...
If you have the exact date/time of gmail delivery of that mail, then you should be able to find the connection (not per se the mail) in either Exim's mainlog or rejectlog.

If really nothing can be found, I presume your server is not on any RBL, because if no connection attempt is made, then often it's blocked for some reason. However then the sending server's admin should be able to find the cause or maybe the sender got a bounce message with some reason.
Provided what the customer is telling is true.

However, if he is telling the truth, then it is almost unlikely that he is the only one having these kind of mail issues on your server.
So I agree with @sparek here more. If server says "saved" then exim did it's job, end of story.
Which means that if user does not get it, then mail must be in his inbox, if not then it's most likely some user configuration somewhere, deletes the mail.

Couple of years ago I've read on the forums somewhere that somebody wanted an option to make copy's of all incoming mail of an account to some other location too.

Maybe you can try one of these solutions for a short while to see if it's user error or mail is "disappearing" indeed.
kristian

Thread 'Backup all incoming mail using shadow_transport in Exim'

Sometimes a user deletes a mail from their mailbox before it has been backed up over night, leaving no way to recover it. In order to be able to recover those mails, the use of shadow_transport in Exim can be used. This will essentially deliver a copy of an incoming mail to a separate backup Maildir directory. This directory can/should be purged of old files/mails in a cronjob to ensure it doesn't fill up. So how can we set this up?

The begin transports section in /etc/exim.conf file contains a line that includes /etc/exim.transports.pre.conf if it exists. This is where...

serverfault.com

Saving a copy of incoming mail for specific recipient in Exim

I need to archive important mail incoming for specific address in case it gets accidentally deleted from email server, etc. Either saving or using a pipe to archive it on backup machine is fine (I...
serverfault.com serverfault.com
 
I have a similar Problem with a few emailadresses, the inbox stays empty yet the emailtracing says it's delivered but it is nowhere to be found. Anyone a suggestie about this i have rebuild it all and still no new intoming mails in Roundcube inbox.
I have Almalinux and the latest Roundcube and directadmin
 
Check your exim logs. Does it say completed to? If yes, have you checked via SSH on the users imap and Maildir sections in his account?
 
Try the "cur" dir. And check your /var/log/maillog to see if customer didn't already picked up the mail with pop3 for example.
 
So you did check the maillog? Because imap is just a way of transfer, maybe anoter device picked up via pop3, one can better be sure by checkking the maillog file.

If nothing can be found I suggest sending in a ticket because seems something spooky is going on then.
 
Well, it turned out that all the mails are dumped in the Main accounts spam folder, and now i have to figure out on how to get spamassassin for not doing it. Strange since all the other email accounts are all exactly the same but only 2 mailaccounts are effected with this behaviour.
 
grandm1961 said:
Well, it turned out that all the mails are dumped in the Main accounts spam folder, and now i have to figure out on how to get spamassassin for not doing it. Strange since all the other email accounts are all exactly the same but only 2 mailaccounts are effected with this behaviour.
Click to expand...
There is a switch in the SA settings to use own spamfolder or main user spam folder.
 
You must log in or register to reply here.
Back
Top