check_mail_permissions rampant in logs

[Serversphere]

Over the last few months on one of my servers I have been seeing this error (warning or whatever); "check_mail_permissions could not determine the sender domain" slowly increasing in number. It started with a couple of users on one domain when they sent mail remotely from their office out to their customers. Then a domain on the server that uses x-cart mailer (smtp) started showing the message. Looking around I saw that people who had mail forwarders were seeing that message, and on the cPanel forum a tech said it was going to be re-worded. Plus mail was flowing fine, no complaints, so I thought it was a non-issue.

But lately I see that message on every email from that one domain. They are sending to many domains all over the net, none of which would possibly forward back to the source (which is what people are saying causes that message). cPanel has looked over the issue and can only reproduce when using forwarders. They seem to think it's because of MailScanner. Here is an exigrep of the logs for one such email (identifying details purged):

Code: Select all

root@server [Wed Jun 26 09:18:40]:~ $ exigrep "1UrTHC-0008Oi-Cu" /var/log/exim_mainlog

2013-06-25 09:27:19 [32290] cwd=/var/spool/MailScanner/incoming/25914 5 args: /usr/sbin/exim -C /etc/exim_outgoing.conf -Mc 1UrTHC-0008Oi-Cu

2013-06-25 09:27:18 [32284] 1UrTHC-0008Oi-Cu <= sender@senddomain.com H=10.0.0.0-business.isp.com (CustomerService) [SENDER.IP]:53144 I=[SERVER.IP]:25 P=esmtp S=29767 id=0000$@domain.com T="Purchase Order - 122404" from <sender@senddomain.com> for recipient@rcptdomain.com

2013-06-25 09:27:19 [32290] 1UrTHC-0008Oi-Cu SMTP connection identification H=10.0.0.0-business.isp.com A=SENDER.IP P=53144 M=1UrTHC-0008Oi-Cu U= ID= S= B=relayhosts_domain

2013-06-25 09:27:19 [32290] 1UrTHC-0008Oi-Cu check_mail_permissions could not determine the sender domain [routed_domain=rcptdomain.com message_exim_id=1UrTHC-0008Oi-Cu sender_host_address=SENDER.IP recipients_count=1]

2013-06-25 09:27:20 [32290] 1UrTHC-0008Oi-Cu => recipient@rcptdomain.com F=<sender@senddomain.com> P=<sender@senddomain.com> R=lookuphost T=remote_smtp S=31008 H=mail.rcptdomain.com [RECIPIENT.IP]:25 C="250 Ok" QT=2s DT=1s

2013-06-25 09:27:20 [32290] 1UrTHC-0008Oi-Cu Completed QT=2s

[/size]

Anybody else experiencing or seen this?

[FredForrest]

I am seeing the same problem with one of my customers domains, they receive the forwarded email but do not receive the email in the account on the server.