How to set limit to remove the Frozen emails automatically?

To set auto-delete for the frozen emails, you need to edit the exim configuration file on your server.

# vi /etc/exim.conf

timeout_frozen_after = 5d ( 5 Days )

# /etc/init.d/exim restart

That’s it!

domain.com exceeded the max records and failures per > hour (5/5 (%)) allowed. Message discarded.

In cPanel 11.32, a new feature is added to limit the ability of exploited or hacked sites to send out spam emails. A few customers who send out mass mailings have been triggering this feature, due to the number of bad/undeliverable email addresses on their lists.

Due to this feature you may get the following bounce back.

“Domain has exceeded the max defers and failures per hour (5/5 (26%)) allowed. Message discarded.”

cPanel will regularly monitor the emails sent through all email accounts on your domain, and if, over the past hour, more than 25% of the attempted deliveries have failed, outbound email will temporarily be limited.

To solve the issue,remove following file.

/var/cpanel/email_send_limits/max_deferfail_domain.com

and restart the exim service or you may need to disable the option “Ratelimit incoming connections with only failed recipients” in tweak Settings in WHM. If you still have an issue with this, in Tweak settings, change the value for “Maximum percentage of failed or deferred messages a domain may send per hour”. The option is used for the maximum percentage of a domain’s outgoing mail that can consist of failed or deferred messages. Once the domain exceeds this percentage, it is temporarily blocked from sending mail.

If you’re not sure exactly what is causing this, you can probably figure it out by using the Email Trace icon in your hosting control panel. When you click the Email Trace icon, you’ll see a field where you can enter a recipient’s email address and then click a “Run Report” button to get information about email sent to that recipient. If you enter nothing for the recipient email address, you’ll get back data for all email traffic, and as you look through it you should see groups of bounced messages which can help you determine what sender caused the problem, and why.

Exim error after migrating to new server

Some times following errors may be seen after migrating to new server.

failed to expand condition “${if exists {$home/etc/$domain/quota}{${if > {${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{0}{${if eq {${if exists {$home/mail/$domain/$local_part/maildirsize}{1}{0}}}{0}{${if > {${run {/usr/local/cpanel/bin/eximwrap GETDISKUSED $local_part $domain}}}{${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{true}{false}}}{${perl{checkuserquota}{$domain}{$local_part}{$message_size}{${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}}}{$home/mail/$domain/$local_part/maildirsize}}}}}{false}}}{false}}” for virtual_user_maildir_overquota router:

You may face such issue due to array or one (or more) of the accounts had a quota usage that exceeded Exim’s hard coded limit,which can be resolved by executing

# /scripts/reset_mail_quotas_to_sane_values

on your server.

Log files in a cPanel server

To better troubleshoot an issue in a cPanel server its good go know the various log files, following are some log files which will help in resolution.

General Logs :

cPanel/WHM Initial Installation Errors:
Location : /var/log/cpanel*install*
Description : These log files contain cPanel installation logs & should be referenced first for any issues resulting from new cPanel installations..

Cpanel/WHM Service Status Logs:
Location : /var/log/chkservd.log
Description :The service monitoring demon (chkservd) logs all service checks here. Failed service are represented with a [-] and active services are represented by [+].

Cpanel/WHM Accounting Logs:
Location : /var/cpanel/accounting.log
Description : Contains a list of accounting functions performed through WHM, including account removal and creation..

cPanel/WHM Specific Requests and Errors:

cPanel error logs:
Location : /usr/local/cpanel/logs/error_log
Description : cPanel logs any error it incurs here. This should be checked when you encounter errors or strange behavior in cPanel/WHM…

cPanel License Error Logs:
Location : /usr/local/cpanel/logs/license_log
Description : All license update attempts are logged here. If you run into any errors related to license when logging in, check here.

Stats Daemon Logs:
Location : /usr/local/cpanel/logs/stats_log
Description : The stats daemon (cpanellogd) logs the output from all stats generators (Awstats, Webalizer, Analog) here.

Client Information, Requested URL Logs:
Location : /usr/local/cpanel/logs/access_log
Description : General information related to access cPanel requests is logged here.

cPanel/WHM Update Logs:
Location : /var/cpanel/updatelogs/update-[TIMESTAMP].log
Description : Contains all output from each cPanel update [upcp]. It’s named with the timestamp at which the upcp process was initiated..

Bandwidth Logs:
Location : /var/cpanel/bandwidth
Description : Files contain a list of the bandwidth history for each account. Each named after their respective user.

Tailwatchd [New]:
Location : /usr/local/cpanel/logs/tailwatchd_log
Description : Logs for daemon configuired under tailwatchd ie. cPBandwd, Eximstats, Antirelayd.

Apache Logs:

General Error and Auditing Logs:
Location : /usr/local/apache/logs/error_log
Description : All exceptions caught by httpd along with standard error output from CGI applications are logged here..
The first place you should look when httpd crashes or you incur errors when accessing website.

Apache SuExec Logs:
Location : /usr/local/apache/logs/suexec_log
Description : Auditing information reported by suexec each time a CGI application is executed. Useful for debugging internal server errors, with no relevant information being reported to the Apache error_log, check here for potential suexec policy violations…

Domain Access Logs:
Location : /usr/local/apache/domlogs/domain.com
Description : General access log file for each domain configured with cPanel.

Apache Access Logs:
Location : /usr/local/apache/logs/access_log
Description : Complete web server access log records all requests processed by the server.

Exim :

Message Reception and Delivery:
Location : /var/log/exim_mainlog or /var/log/exim/mainlog
Description : Receives an entry every time a message is received or delivered.

Exim ACLs/Policies based RejectLog :
Location : /var/log/exim_rejectlog
Description : An entry is written to this log every time a message is rejected based on either ACLs or other policies eg: aliases configured to :fail

Unexpected or Fatal Errors:
Location : /var/log/exim_paniclog
Description : Logs any entries exim doesn’t know how to handle. It’s generally a really bad thing when log entries are being written here, and they should be properly investigated..

IMAP/POP/SpamAssassin General Logging and Errors:
Location : /var/log/maillog & /var/log/messages
Description : The IMAP, POP, and SpamAssassin services all log here. This includes all general logging information (login attempts, transactions, spam scoring), along with fatal errors.

FTP:

FTP Logins and General Errors:
Location : /var/log/messages
Description : General information and login attempts are logged here..

FTP Transactions logging:
Location : /var/log/xferlog or /var/log/messages
Description : Is a symbolic link in most cases to /usr/local/apache/domlogs/ftpxferlog, which contains a history of the transactions made by FTP users…

MySQL:

MySQL General Information and Errors :
Location : /var/lib/mysql/$(hostname).err
Description : This path could vary, but is generally located in /var/lib/mysql. Could also be located at /var/log/mysqld.log

Security:

Authentication attempts:
Location : /var/log/secure
Description : Logs all daemons which requires PAM Authentication.

Tracking all Bad Logins and Logouts:
Location : /var/log/btmp
Description : Log of all attempted bad logins to the system. Accessed via the lastb command..

Tracking all Logins and Logouts:
Location : /var/log/wtmp
Description : The wtmp file records all logins and logouts.

Last Logins:
Location : /var/log/lastlog
Description : Database times of previous user logins. The lastlog file is a database which contains info on the last login of each user.

WebDav or WebDisk Log :
Location : /usr/local/cpanel/logs/cpdavd_error_log
Description : The cpdavd daemon is “WebDav” (better known as “WebDisk”) which was introduced in cPanel 11 to allow users to mount their home directory on their personal computer, always having access to the files and content…

Cphulkd Logs:
Location : /usr/local/cpanel/logs/cphulkd_errors.log
Description : cPHulk Brute Force Protection prevents malicious forces from trying to access your server’s services by guessing the login password for that service….
It blacklists IPs that it thinks are trying to run a brute force attack.

Failure Logging:
Location : /var/log/faillog
Description : Faillog formats the contents of the failure log from /var/log/faillog database. It also can be used for maintains failure counters and limits. Run faillog without arguments display only list of user faillog records who have ever had a login failure.

Startup/Boot, Kernel & Hardware error messages :
Location : /var/log/dmesg
Description : dmesg is a “window” into the kernels ring-buffer. It’s a message buffer of the kernel. The content of this file is referred to by the dmesg command. It shows bootlog and the hardware errors..

Tomcat:

General Startup, Shutdown & Error Logs:
Location : /usr/local/jakarta/tomcat/logs/catalina.err and /usr/local/jakarta/tomcat/logs/catalina.out
Description : Logs for Tomcat and all tomcat based applications…

How to manage the mail queue in exim

REMOVE MAILS BY ID
/usr/sbin/exim -v -Mrm (MAIL ID HERE)

LIST QUEUED MAILS
/usr/sbin/exim -bp

OUTPUT NUMBER OF QUEUED MAILS
/usr/sbin/exim -bpc

DELETE FROZEN MAILS
/usr/sbin/exim -bpr | grep ‘*** frozen ***’ | awk ‘{print $3}’ | xargs exim -Mrm

DELIVER FORCEFULLY EMAILS
/usr/sbin/exim -qff -v -C /etc/exim.conf &

FREEZE MAILS FROM SENDER
/usr/sbin/exiqgrep -i -f (MAIL ADDRESS HERE) | xargs exim -Mf

REMOVE MAILS FROM SENDER
/usr/sbin/exiqgrep -i -f (MAIL ADDRESS HERE) | xargs exim -Mrm

FORCE DELIVERY OF ONE MESSAGE
exim -M email-id

FORCE ANOTHER QUEUE RUN
exim -qf

FORCE ANOTHER QUEUE RUN & ATTEMPT TO FLUSH THE FROZEN MAILS
exim -qff

VIEW LOG OF MESSAGE
exim -Mvl messageID

VIEW BODY OF MESSAGE
exim -Mvb messageID

VIEW HEADER OF MESSAGE
exim -Mvh messageID

REMOVE MESSAGE WITHOUT ANY ERROR
exim -Mrm messageID

GIVEUP & FAIL MESSAGE TO BOUNE THE MESSAGE TO THE SENDER
exim -Mg messageID

NO OF EMAILS IN QUEUE
exim -bpr | grep “<” | wc -l

NO OF FROZEN EMAILS IN A QUEUE
exim -bpr | grep frozen | wc -l

REMOVE MAILS BY ID
/usr/sbin/exim -v -Mrm (MAIL ID HERE)

LIST QUEUED MAILS
/usr/sbin/exim -bp

OUTPUT NUMBER OF QUEUED MAILS
/usr/sbin/exim -bpc

DELETE FROZEN MAILS
/usr/sbin/exim -bpr | grep ‘*** frozen ***’ | awk ‘{print $3}’ | xargs exim -Mrm

DELIVER FORCEFULLY EMAILS
/usr/sbin/exim -qff -v -C /etc/exim.conf &

FREEZE MAILS FROM SENDER
/usr/sbin/exiqgrep -i -f (MAIL ADDRESS HERE) | xargs exim -Mf

REMOVE MAILS FROM SENDER
/usr/sbin/exiqgrep -i -f (MAIL ADDRESS HERE) | xargs exim -Mrm

TO FORCE EXIM TO DELIVER A EMAIL
exim -qff -v

HOW TO CHECK MAIL QUEUE FOR A PARTICULAR ACCOUNT
exim –bp | exiqsumm > spamm.txt

After executing this a command you will get the result in spamm.txt file. This command takes time for execussion. Execute this command when the load of the server is below min.