Can't figure out why mail is getting deleted. Bug?

evonet · February 7, 2024, 8:27am

Something on my system is triggering the incoming emails of one of my hestia accounts to be deleted.

When I set up this mail domain, I enabled:

v-add-mail-account-forward hestiauser myuserdomain.tld mymailuser [email protected]
v-add-mail-account-fwd-only hestiauser myuserdomain.tld mymailuser

When the incoming mail was missing, I removed both of the above with the hestia GUI.

But the incoming mail was still missing.

I looked in the exim log:

2024-02-07 01:04:49 1rXcvH-000Eg3-7I <= [email protected] H=mail-ej1-f53.google.com [209.85.218.53] P=esmtps X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_128_GCM:128 CV=no SNI=my-server.serverdomain.tld K S=5837 DKIM=gmail.com id=CAM=Sptw-tYGY+ruwT=QL0JBb+g9izwQxtQy1t=PXC+4_uegGCA@mail.gmail.com
2024-02-07 01:04:49 1rXcvH-000Eg3-7I => noreply <[email protected]> R=localuser_fwd_only T=devnull
2024-02-07 01:04:49 1rXcvH-000Eg3-7I Completed

This in /etc/exim4/exim4.conf.template seems to be what is causing it.

localuser_fwd_only:
  driver = accept
  transport = devnull
  condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}}

But

/home/myhestiauser/conf/mail/myuserdomain.tld/fwd_only is empty.

I did restart exim and hestia, but I think something is stuck somewhere in the system that is causing this continued deletion. Not sure if this is a bug or just something I don’t understand or perhaps I misused the cli commands above.

Any suggestions of where to look or what’s causing this?

Thanks!

eris · February 7, 2024, 8:42am

It checks if the file exists if so it will route the incoming mail to /dev/null

How ever if fwd_only is deleted it should store it again

evonet · February 7, 2024, 9:05am

Thanks @eris

I deleted /home/myhestiauser/conf/mail/myuserdomain.tld/fwd_only but incoming mail is still getting deleted. Same log entry (with different email id of course)

Additional thoughts?

evonet · February 7, 2024, 9:11am

Also, v-rebuild-mail-domain reinserts this file. fwd_only

Maybe I don’t understand what you are suggesting I do…

eris · February 7, 2024, 9:18am

Hmm I was wrong:

github.com

hestiacp/hestiacp/blob/922cca3bdcf856c9cae1678ff1c151b3998c5d70/bin/v-delete-mail-account-fwd-only#L52-L55


      
          # Deleting account from fwd_only
          if [[ "$MAIL_SYSTEM" =~ exim ]]; then
          	sed -i "/^$account$/d" $HOMEDIR/$user/conf/mail/$domain/fwd_only
          fi

condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}}

So if file exists and local part is in /etc/exim4/domains/domain/fwd_only it should re return true of not false…

evonet · February 7, 2024, 9:32am

I ran v-delete-mail-account-fwd-only but incoming mail is still getting deleted. And /etc/exim4/domains/domain is a symlink to $HOMEDIR/$user/conf/mail/$domain/ so I’m not sure what you are asking.

Can you suggest a fix?

Thanks!

eris · February 7, 2024, 9:36am

I have no idea …

Can you try restating exim?

evonet · February 7, 2024, 9:39am

Already did. Per above in original post. Never heard of this before?

Also deleted/recreated the mail account.

eris · February 7, 2024, 9:58am

No and just tested on my local machine and also no issue that is the strange part.

evonet · February 7, 2024, 10:24am

ok @eris

I have a hunch. This particular email address is used in a few places on the server as the default send to & account email.

I just migrated a server to production tonight and I never got this error before because that email address was hosted on another server but now it’s hosted on this server.

I think something else in the system is telling exim to discard this email address specifically.

grep in /etc
passwd:hestiamail:x:1000:1000:[email protected]:/home/hestiamail:/bin/sh
passwd:00xdef:x:1004:1004:[email protected]:/home/00xdef:/bin/bash
passwd:00ezzz:x:1005:1005:[email protected]:/home/00ezzz:/bin/bash
passwd-:hestiamail:x:1000:1000:[email protected]:/home/hestiamail:/bin/sh
passwd-:admin:x:1001:1001:[email protected]:/home/admin:/usr/sbin/nologin
passwd-:00avps:x:1003:1003:[email protected]:/home/00avps:/bin/bash
passwd-:00xdef:x:1004:1004:[email protected]:/home/00xdef:/bin/bash
passwd-:00ezzz:x:1005:1005:[email protected]:/home/00ezzz:/bin/bash
cron.d/evonet-crond:[email protected]
exim4/domains/mymaildomain.tld/aliases:[email protected]:[email protected]
crontab:[email protected]
php/8.2/fpm/pool.d/mymaildomain.tld.conf:php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f [email protected]
monit/conf.d/evonet-monit-cfg-confd:set alert [email protected]
logwatch/conf/logwatch.conf:MailTo = [email protected]

grep in /usr/local/hestia
hestia/data/users/admin/user.conf:CONTACT='[email protected]'
hestia/data/users/admin/ssl/le.conf:EMAIL='[email protected]'
hestia/data/users/00ezzz/user.conf:CONTACT='[email protected]'
hestia/data/users/00avps/ssl/le.conf:EMAIL='[email protected]'
hestia/data/users/00xdef/user.conf:CONTACT='[email protected]'

I also delete that hestia myemailuser and added it as an alias to [email protected] and it still got deleted. exim4/domains/mymaildomain.tld/aliases:[email protected]:[email protected]

Which thing above do you think is causing this? hestiamail user? I will look through the github repo a bit now also…

evonet · February 7, 2024, 10:59am

I figured it out. Bug I introduced in my system via /etc/aliases due to my naivete. Probably won’t happen again to anyone in the history of the universe. Thanks for being someone to bounce ideas off of. I wouldn’t have figured it out otherwise…