Can't figure out why mail is getting deleted. Bug?

Something on my system is triggering the incoming emails of one of my hestia accounts to be deleted.

When I set up this mail domain, I enabled:

v-add-mail-account-forward hestiauser myuserdomain.tld mymailuser [email protected]
v-add-mail-account-fwd-only hestiauser myuserdomain.tld mymailuser

When the incoming mail was missing, I removed both of the above with the hestia GUI.

But the incoming mail was still missing.

I looked in the exim log:

2024-02-07 01:04:49 1rXcvH-000Eg3-7I <= [email protected] H=mail-ej1-f53.google.com [209.85.218.53] P=esmtps X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_128_GCM:128 CV=no SNI=my-server.serverdomain.tld K S=5837 DKIM=gmail.com id=CAM=Sptw-tYGY+ruwT=QL0JBb+g9izwQxtQy1t=PXC+4_uegGCA@mail.gmail.com
2024-02-07 01:04:49 1rXcvH-000Eg3-7I => noreply <[email protected]> R=localuser_fwd_only T=devnull
2024-02-07 01:04:49 1rXcvH-000Eg3-7I Completed

This in /etc/exim4/exim4.conf.template seems to be what is causing it.

localuser_fwd_only:
  driver = accept
  transport = devnull
  condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}}

But

/home/myhestiauser/conf/mail/myuserdomain.tld/fwd_only is empty.

I did restart exim and hestia, but I think something is stuck somewhere in the system that is causing this continued deletion. Not sure if this is a bug or just something I don’t understand or perhaps I misused the cli commands above.

Any suggestions of where to look or what’s causing this?

Thanks!

It checks if the file exists if so it will route the incoming mail to /dev/null

How ever if fwd_only is deleted it should store it again

Thanks @eris

I deleted /home/myhestiauser/conf/mail/myuserdomain.tld/fwd_only but incoming mail is still getting deleted. Same log entry (with different email id of course)

Additional thoughts?

Also, v-rebuild-mail-domain reinserts this file. fwd_only

Maybe I don’t understand what you are suggesting I do…

Hmm I was wrong:

condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}}

So if file exists and local part is in /etc/exim4/domains/domain/fwd_only it should re return true of not false…

I ran v-delete-mail-account-fwd-only but incoming mail is still getting deleted. And /etc/exim4/domains/domain is a symlink to $HOMEDIR/$user/conf/mail/$domain/ so I’m not sure what you are asking.

Can you suggest a fix?

Thanks!

I have no idea …

Can you try restating exim?

Already did. Per above in original post. Never heard of this before?

Also deleted/recreated the mail account.

No and just tested on my local machine and also no issue that is the strange part.

ok @eris

I have a hunch. This particular email address is used in a few places on the server as the default send to & account email.

I just migrated a server to production tonight and I never got this error before because that email address was hosted on another server but now it’s hosted on this server.

I think something else in the system is telling exim to discard this email address specifically.

grep in /etc
passwd:hestiamail:x:1000:1000:[email protected]:/home/hestiamail:/bin/sh
passwd:00xdef:x:1004:1004:[email protected]:/home/00xdef:/bin/bash
passwd:00ezzz:x:1005:1005:[email protected]:/home/00ezzz:/bin/bash
passwd-:hestiamail:x:1000:1000:[email protected]:/home/hestiamail:/bin/sh
passwd-:admin:x:1001:1001:[email protected]:/home/admin:/usr/sbin/nologin
passwd-:00avps:x:1003:1003:[email protected]:/home/00avps:/bin/bash
passwd-:00xdef:x:1004:1004:[email protected]:/home/00xdef:/bin/bash
passwd-:00ezzz:x:1005:1005:[email protected]:/home/00ezzz:/bin/bash
cron.d/evonet-crond:[email protected]
exim4/domains/mymaildomain.tld/aliases:[email protected]:[email protected]
crontab:[email protected]
php/8.2/fpm/pool.d/mymaildomain.tld.conf:php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f [email protected]
monit/conf.d/evonet-monit-cfg-confd:set alert [email protected]
logwatch/conf/logwatch.conf:MailTo = [email protected]

grep in /usr/local/hestia
hestia/data/users/admin/user.conf:CONTACT='[email protected]'
hestia/data/users/admin/ssl/le.conf:EMAIL='[email protected]'
hestia/data/users/00ezzz/user.conf:CONTACT='[email protected]'
hestia/data/users/00avps/ssl/le.conf:EMAIL='[email protected]'
hestia/data/users/00xdef/user.conf:CONTACT='[email protected]'

I also delete that hestia myemailuser and added it as an alias to [email protected] and it still got deleted. exim4/domains/mymaildomain.tld/aliases:[email protected]:[email protected]

Which thing above do you think is causing this? hestiamail user? I will look through the github repo a bit now also…

I figured it out. Bug I introduced in my system via /etc/aliases due to my naivete. Probably won’t happen again to anyone in the history of the universe. Thanks for being someone to bounce ideas off of. I wouldn’t have figured it out otherwise…

1 Like