What does Courier do with undeliverable messages?

Question

On Wednesday we had an unrelated email issue with our host, and they made some changes which included removing our domain, foo.com, from /etc/local_domains.

This had some far-reaching (and difficult to diagnose) implications, and we didn't actually notice that mails weren't being delivered at all until Thursday. I spent Thursday mistakenly trying to figure out what was wrong with our email cronjobs, but on Friday I finally found the real problem and fixed it.

The issue now is that there's a lot of email missing from the last two days. I need to find those missing messages if at all possible, but unfortunately googling for "courier where do failed emails go" results in a bunch of news stories about meatspace shipments. I've checked inside /var/mail but the files within are empty - I guess cPanel or Courier does things I don't expect with email.

My question is: Where would the undeliverable mails from that period go? Is there any possibility they still exist somewhere and I can recover them?

Are you referring to emails sent `FROM` your domain or emails sent `TO` your domain? — joeqwerty, Mar 15 '14 at 17:18
@PaulHaldane I'm seeing a lot of connections from imapd/pop3d but nothing that looks like connections from outside. Still looking. — Sudowned, Mar 15 '14 at 17:38

Olivier S · Accepted Answer · 2014-03-15T18:19:14.580

The cpanel /etc/local_domains is probably used to configure exim, not courier. Incoming emails are delivered via smtp, not pop nor imap.

So here is what happened:

Remote mail servers looked for a MX server for your domain
Your dns configuration is probably set up so that your cpanel server is the MX server with the best priority for your domain
The remote mail servers connected to exim on your server. Since your domain was not configured on exim, exim interpreted the connexion as a RELAY request, and very likely told the remote mail servers to get stuffed.

So the emails are not on your server, sorry.

Then there is a very little hope: If Exim rejected the incoming emails with 5xx error message, there are few chances the remote servers kept the message. But if Exim rejected the incoming emails with a 4xx error message, then 2 things could happen:

You have configured several MX servers for your domain. Go have a look on the other mail servers if by any chance they received the emails and stored them for future delivery.
The 4xx error message is supposed to be "temporary", so this means that the remote mail servers will keep the message in queue and try it again for a certain amount of time, depending on their configuration. Maybe you are currently receiving "old" emails which were rejected when you had the wrong configuration in place.

So, in order to find if other MX servers are configured for your domain:

dig foo.com mx

Then in order to check the answer of your SMTP server to relay requests:

on a remote client ( the important point is to have an external ip address ):

telnet your-server-ip-address 25

HELO helo.com

MAIL FROM: <anything@anything.com>

RCPT TO: <someone@gmail.com>

After each line ( HELO, MAIL FROM, RCPT TO ) you will have an answer from your server. The answer to the RCPT TO: should be 5xx .. or 4xx .. . If it is 4xx you have a little hope.

Thank you for the detailed and concise answer - I'll investigate. I don't have any report of mail rejection notices, so I'm going to hope they're still floating in a queue somewhere. — Sudowned, Mar 15 '14 at 18:06

What does Courier do with undeliverable messages?

1 Answers1