{"id":80,"date":"2026-05-17T17:33:26","date_gmt":"2026-05-18T00:33:26","guid":{"rendered":"https:\/\/cpanelreview.com\/index.php\/2026\/05\/17\/troubleshoot-email-delivery-issues-cpanel\/"},"modified":"2026-05-17T17:33:26","modified_gmt":"2026-05-18T00:33:26","slug":"troubleshoot-email-delivery-issues-cpanel","status":"publish","type":"post","link":"https:\/\/cpanelreview.com\/index.php\/2026\/05\/17\/troubleshoot-email-delivery-issues-cpanel\/","title":{"rendered":"How to Troubleshoot Email Delivery Issues in cPanel: A Complete Diagnostic Guide"},"content":{"rendered":"\n

When email stops flowing the way it should, diagnosing the root cause can feel like hunting for a needle in a haystack. Whether your outgoing messages are bouncing, landing in spam folders, or simply disappearing into the void, cPanel provides a powerful set of diagnostic tools to trace exactly what’s going wrong. Understanding how to use these tools effectively can mean the difference between hours of frustration and a quick fix.<\/p>\n\n\n\n

This guide walks through the most common email delivery problems in cPanel and the diagnostic methods you can use to identify, isolate, and resolve them. From mail queue inspection and log analysis to DNS verification and SMTP debugging, you’ll learn the systematic approach that experienced sysadmins use to keep email flowing reliably.<\/p>\n\n\n\n

<\/p>\n\n\n\n

Understanding the cPanel Mail Delivery Pipeline<\/h2>\n\n\n\n

Before jumping into troubleshooting, it helps to understand how email moves through the cPanel stack. When you send a message from a cPanel-hosted account, it travels through several stages:<\/p>\n\n\n\n

  1. The mail client (webmail, Outlook, or mobile app) submits the message to the local mail server via SMTP or submission port 587.<\/li>
  2. Exim, cPanel’s default Mail Transfer Agent (MTA), receives the message and checks its routing rules.<\/li>
  3. If the recipient is local (same domain or another domain on the same server), Exim delivers it directly to the local mailbox.<\/li>
  4. If the recipient is remote, Exim performs a DNS lookup for the destination domain’s MX records, then attempts delivery to the remote mail server.<\/li>
  5. The remote server either accepts the message (250 OK), rejects it (permanent error), or defers it (temporary error).<\/li><\/ol>\n\n\n\n

    A failure at any stage produces different symptoms. Knowing which stage is failing narrows your diagnostic focus considerably.<\/p>\n\n\n\n

    Checking the Mail Queue and Delivery Logs<\/h2>\n\n\n\n

    Viewing the Mail Queue<\/h3>\n\n\n\n

    The mail queue holds messages that Exim couldn’t deliver immediately. A growing queue often points to a systemic delivery problem.<\/p>\n\n\n\n

    To view the mail queue in cPanel:<\/p>\n\n\n\n

    1. Log in to cPanel and navigate to Advanced<\/strong> \u2192 Mail Delivery Manager<\/strong>.<\/li>
    2. Under Mail Queue<\/strong>, you’ll see a list of undelivered messages with their status (frozen or active), sender, recipient, and last delivery attempt time.<\/li><\/ol>\n\n\n\n

      Alternatively, you can check the queue via SSH:<\/p>\n\n\n\n

      exim -bpc<\/code><\/pre>\n\n\n\n
      This returns the total number of messages in the queue. To see details of each queued message:<\/p>\n\n\n\n
      exim -bp | less<\/code><\/pre>\n\n\n\n
      A frozen message means Exim has stopped attempting delivery after repeated failures. You can thaw frozen messages manually from the Mail Delivery Manager interface or via the command line:<\/p>\n\n\n\n
      exim -Mth <message-id><\/code><\/pre>\n\n\n\n
      Analyzing Delivery Logs<\/h3>\n\n\n\n
      cPanel maintains detailed delivery logs at \/var\/log\/exim_mainlog<\/code>. This log records every SMTP transaction Exim processes, including connection attempts, authentication, routing decisions, and delivery outcomes.<\/p>\n\n\n\n
      The quickest way to search the logs is through cPanel’s Mail Delivery Manager<\/strong> \u2192 View Message Delivery<\/strong>. Enter the sender or recipient email address, and cPanel displays a timeline of delivery events for recent messages.<\/p>\n\n\n\n
      For deeper analysis via SSH, use grep to filter specific addresses:<\/p>\n\n\n\n
      grep \"user@example.com\" \/var\/log\/exim_mainlog | tail -50<\/code><\/pre>\n\n\n\n
      Look for key indicators in the log output:<\/p>\n\n\n\n
      • “=>”<\/strong> indicates successful delivery to a recipient<\/li>
      • “->”<\/strong> indicates delivery to an alias or forwarder<\/li>
      • “**”<\/strong> indicates a deferral (temporary failure)<\/li>
      • “==”<\/strong> indicates a frozen message (permanent failure pending)<\/li>
      • “R=dnslookup”<\/strong> means Exim is performing DNS-based routing<\/li>
      • “T=remote_smtp”<\/strong> confirms it’s attempting delivery via SMTP<\/li><\/ul>\n\n\n\n
        A typical deferral looks like this:<\/p>\n\n\n\n
        2026-05-17 14:32:10 1RqABC-0000xyz-12 ** user@remote.com\nR=dnslookup T=remote_smtp H=mx.remote.com [203.0.113.5]\nX=TLS1.3: deferred: 452 4.2.2 mailbox full<\/code><\/pre>\n\n\n\n
        The error message (after the colon following “deferred”) tells you exactly why the remote server rejected delivery.<\/p>\n\n\n\n
        Verifying DNS Records for Email Authentication<\/h2>\n\n\n\n
        Email authentication records \u2014 SPF, DKIM, and DMARC \u2014 are the primary reason legitimate emails end up in spam folders. This section focuses specifically on verification and troubleshooting these records.<\/p>\n\n\n\n
        Testing SPF Records<\/h3>\n\n\n\n
        An SPF record tells receiving servers which IP addresses are authorized to send mail for your domain. A misconfigured or missing SPF record is the single most common cause of email delivery problems.<\/p>\n\n\n\n
        Use the dig command to verify your SPF record:<\/p>\n\n\n\n
        dig TXT yourdomain.com +short<\/code><\/pre>\n\n\n\n
        Look for a line starting with v=spf1<\/code>. A valid cPanel SPF record typically looks like this:<\/p>\n\n\n\n
        \"v=spf1 +a +mx +ip4:192.0.2.10 ~all\"<\/code><\/pre>\n\n\n\n
        Common SPF issues include:<\/p>\n\n\n\n
        • Missing include statements<\/strong> when using third-party senders (e.g., include:_spf.google.com<\/code> for Google Workspace).<\/li>
        • Too many DNS lookups<\/strong> (SPF has a hard limit of 10 DNS lookups). Use v=spf1 redirect=_spf.yourdomain.com<\/code> to consolidate.<\/li>
        • Using -all (hard fail)<\/strong> before confirming all senders are listed. Start with ~all<\/code> (soft fail) during testing.<\/li><\/ul>\n\n\n\n
          Verifying DKIM Signatures<\/h3>\n\n\n\n
          DKIM adds a cryptographic signature to outgoing messages. Receiving servers verify the signature against a public key published in your DNS.<\/p>\n\n\n\n
          1. In cPanel, navigate to Email Deliverability<\/strong>.<\/li>
          2. Search for your domain in the list.<\/li>
          3. Click Manage<\/strong> next to your domain and verify that DKIM<\/strong> shows as “Enabled.”<\/li><\/ol>\n\n\n\n
            To verify the DNS record is published correctly:<\/p>\n\n\n\n
            dig TXT default._domainkey.yourdomain.com +short<\/code><\/pre>\n\n\n\n
            You should see a long string starting with v=DKIM1; k=rsa; p=<\/code>. If this record is missing:<\/p>\n\n\n\n
            1. Return to Email Deliverability<\/strong> in cPanel.<\/li>
            2. Click your domain and then Enable<\/strong> under DKIM.<\/li>
            3. Click Install\/Reinstall<\/strong> to publish the DNS record automatically (assuming cPanel can manage your DNS zone).<\/li><\/ol>\n\n\n\n
              Checking DMARC Policies<\/h3>\n\n\n\n
              DMARC tells receiving servers what to do when SPF or DKIM checks fail. A missing DMARC record won’t break delivery, but it means you have no insight into authentication failures.<\/p>\n\n\n\n
              To check your DMARC record:<\/p>\n\n\n\n
              dig TXT _dmarc.yourdomain.com +short<\/code><\/pre>\n\n\n\n
              A minimal DMARC record looks like:<\/p>\n\n\n\n
              \"v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com\"<\/code><\/pre>\n\n\n\n
              The p=none<\/code> policy is safe for monitoring. Only move to p=quarantine<\/code> or p=reject<\/code> after confirming SPF and DKIM are working correctly.<\/p>\n\n\n\n
              Using SMTP Debugging and Telnet for Manual Testing<\/h2>\n\n\n\n
              When automated diagnostics don’t reveal the problem, testing SMTP communication directly can provide answers that logs and DNS checks miss.<\/p>\n\n\n\n
              Testing SMTP Connection<\/h3>\n\n\n\n
              From the command line, you can simulate an SMTP session with a remote mail server:<\/p>\n\n\n\n
              telnet mx.remote.com 25<\/code><\/pre>\n\n\n\n
              After connecting, you should see the remote server’s banner. Then you can manually issue SMTP commands:<\/p>\n\n\n\n
              EHLO yourserver.com\nMAIL FROM: <sender@yourdomain.com>\nRCPT TO: <recipient@remote.com>\nDATA\nSubject: Test message\n\nThis is a test.\n.\nQUIT<\/code><\/pre>\n\n\n\n
              Each command returns a three-digit SMTP response code. Codes starting with 2 indicate success, 3 indicate more input needed, 4 indicate temporary failures, and 5 indicate permanent failures. A 554 5.7.1 Relay access denied<\/code> error, for example, means the remote server is explicitly refusing your connection.<\/p>\n\n\n\n
              Checking Port Availability<\/h3>\n\n\n\n
              Some ISPs and cloud hosting providers block port 25 outbound to fight spam. If you’re getting timeouts on port 25, test alternative submission ports:<\/p>\n\n\n\n
              telnet mx.remote.com 587<\/code><\/pre>\n\n\n\n
              or<\/p>\n\n\n\n
              telnet mx.remote.com 465<\/code><\/pre>\n\n\n\n
              If port 25 is blocked by your hosting provider, you may need to configure Exim to route outgoing mail through a smart host (SMTP relay).<\/p>\n\n\n\n
              Common Email Delivery Issues and Their Fixes<\/h2>\n\n\n\n
              Messages Deferred with “Helo Command Rejected”<\/h3>\n\n\n\n
              This error means the remote server rejected your server’s HELO\/EHLO greeting because it doesn’t match the server’s reverse DNS (PTR record).<\/p>\n\n\n\n
              Fix:<\/strong> Ensure your server’s hostname has a matching PTR record. Check your current PTR:<\/p>\n\n\n\n
              dig -x $(curl -s ifconfig.me)<\/code><\/pre>\n\n\n\n
              If the PTR doesn’t match your server’s hostname, contact your hosting provider or data center to update the reverse DNS record.<\/p>\n\n\n\n
              “535 Authentication Failed” in Logs<\/h3>\n\n\n\n
              This appears when a mail client or script tries to authenticate with incorrect credentials.<\/p>\n\n\n\n
              Fix:<\/strong> Reset the email account password in cPanel under Email Accounts<\/strong>. If using a script (e.g., PHP’s mail() or a contact form), verify that SMTP authentication credentials in the script are correct.<\/p>\n\n\n\n
              “550 5.1.1 Recipient Rejected”<\/h3>\n\n\n\n
              The remote mail server reports that the recipient address doesn’t exist. This is often correct for typos, but if you’re sure the address is valid, the remote server might have its own delivery restrictions.<\/p>\n\n\n\n
              Fix:<\/strong> Double-check the recipient address, and consider verifying the address directly with the recipient’s IT team or using a web-based email testing tool.<\/p>\n\n\n\n
              Email Going to Spam Despite Correct SPF and DKIM<\/h3>\n\n\n\n
              If SPF and DKIM both pass but messages still land in spam, the issue is typically content reputation, sending IP reputation, or DMARC policy.<\/p>\n\n\n\n
              Fix:<\/strong><\/p>\n\n\n\n
              • Check your sending IP against blacklists using dig -x YOUR_IP +short<\/code> or an online blacklist check tool.<\/li>
              • Ensure your DMARC policy is p=none<\/code> while you monitor reports.<\/li>
              • Warm up new sending IPs by gradually increasing email volume from a clean IP.<\/li>
              • Avoid spammy content characteristics: excessive links, all-caps subject lines, and misleading headers.<\/li><\/ul>\n\n\n\n
                Key Takeaways<\/h2>\n\n\n\n
                • The cPanel Mail Delivery Manager provides a graphical interface for viewing queued messages and delivery histories, making it the first stop for any email troubleshooting.<\/li>
                • Exim logs at \/var\/log\/exim_mainlog<\/code> contain granular delivery status indicators including deferrals (“**”), successful deliveries (“=>”), and permanent failures (“==”).<\/li>
                • DNS verification of SPF, DKIM, and DMARC records using dig commands can resolve most authentication-related delivery problems without needing to touch the mail server itself.<\/li>
                • Manual SMTP testing via telnet on ports 25, 587, and 465 helps isolate network-level issues like port blocking and reverse DNS mismatches.<\/li>
                • Reverse DNS (PTR records), sending IP reputation, and DMARC policy monitoring are critical factors that go beyond basic SPF and DKIM configuration.<\/li>
                • When all else fails, thawing frozen messages and checking for blacklist inclusion provides additional diagnostic data that can guide the final fix.<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"
                  Learn how to diagnose and fix email delivery problems in cPanel using Exim logs, mail queue tools, SPF\/DKIM\/DMARC verification, and SMTP debugging.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[39],"tags":[49,212,213,214,215],"class_list":["post-80","post","type-post","status-publish","format-standard","hentry","category-email-configuration","tag-cpanel-email-troubleshooting","tag-email-authentication-dns","tag-email-delivery-issues","tag-exim-logs-cpanel","tag-smtp-debugging-cpanel"],"_links":{"self":[{"href":"https:\/\/cpanelreview.com\/index.php\/wp-json\/wp\/v2\/posts\/80","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cpanelreview.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cpanelreview.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cpanelreview.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cpanelreview.com\/index.php\/wp-json\/wp\/v2\/comments?post=80"}],"version-history":[{"count":0,"href":"https:\/\/cpanelreview.com\/index.php\/wp-json\/wp\/v2\/posts\/80\/revisions"}],"wp:attachment":[{"href":"https:\/\/cpanelreview.com\/index.php\/wp-json\/wp\/v2\/media?parent=80"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cpanelreview.com\/index.php\/wp-json\/wp\/v2\/categories?post=80"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cpanelreview.com\/index.php\/wp-json\/wp\/v2\/tags?post=80"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}