Understanding the cPanel “Max Defers and Failures per Hour” Email Issue
In cPanel 11.32, a feature was introduced to help limit the ability of compromised or hacked websites from sending out spam emails. This safeguard prevents a domain from overwhelming the email server with failed or deferred messages.
If you’re seeing an error like:
Domain example.com has exceeded the max defers and failures per hour (5/5 (100%)) allowed.
in a bounce-back message, it indicates that your domain has hit the limit for failed or deferred emails per hour. This limit is enforced by cPanel’s internal monitoring system to ensure that compromised accounts don’t abuse email resources.
What Causes This Error?
This error occurs when a domain account tries to send emails that are either:
- Deferred (unable to be delivered immediately, so the server will try again later)
- Failed (unable to be delivered at all)
cPanel continuously monitors outgoing emails across all accounts under your domain. When a certain percentage of attempted deliveries have failed or been deferred within an hour, the server temporarily blocks outgoing email for that domain.
In your case, the settings are configured as follows:
- Maximum percentage of failed or deferred messages a domain may send per hour: 100%
- Number of failed or deferred messages a domain may send before protections are triggered: 5
This means that if your domain sends 5 emails within an hour and all of them fail or get deferred, it will trigger the limit and outgoing mail will be blocked temporarily.
Default Limits in Newer cPanel Versions
As of the latest versions of cPanel, these limits can be customized by the server administrator. Your current configuration allows up to 5 failed or deferred emails per hour, and if 100% of these emails fail or are deferred, email sending will be temporarily blocked for that domain.
cPanel’s Explanation of the Feature
According to cPanel’s documentation:
“This feature restricts the percentage of outgoing mail that can consist of failed or deferred messages. Once the domain exceeds this percentage, it is blocked from sending further email temporarily.”
This block is typically cleared automatically at the start of the next hour. For instance, if the block happens at 2:45 PM, the domain will be able to send emails again after 3:00 PM.
How to Resolve the Issue
- Wait for the Hourly Reset
Since cPanel automatically removes the block at the start of each hour, sometimes the easiest solution is to wait for the reset to occur. At the top of the hour, the system will reassess and allow email sending if the limit is no longer exceeded. - Manual Fix by a System Administrator
If waiting is not an option and you need to resolve the issue immediately, a system administrator with root access to the server can manually clear the block. Here’s how:- Delete the Limit File:
Run the following command to remove the limit file for the affected domain:rm -f /var/cpanel/email_send_limits/max_deferfail_exampledomain.com
Replace
exampledomain.com
with the actual domain name. - Restart Exim
After removing the file, restart the Exim mail service to apply the changes:service exim restart
Please note, these steps require root access, so contact your hosting provider or system administrator for assistance if needed.
- Delete the Limit File:
How to Prevent Future Occurrences
Preventing unauthorized access and reducing failed or deferred emails requires implementing strong security practices. Here are some essential tips:
- Review Email Practices: Ensure your email accounts are not sending messages to invalid or incorrect recipients, as this often leads to failures or deferrals.
- Change Email Passwords Regularly: If your domain experiences issues with unauthorized email access, ensure that all users change their email passwords immediately. Use strong, unique passwords for each account.
- Do Not Store Passwords on Computers: Avoid storing email passwords in plain text files or browsers, which could be accessed by malware or unauthorized users. Instead, use secure password managers to store and manage passwords.
- Use Email Authentication: Enable SPF, DKIM, and DMARC records to improve email delivery success rates. These authentication protocols help prevent spoofing and phishing attempts that could harm your domain’s reputation.
- Enable Two-Factor Authentication (2FA): If available, enable two-factor authentication (2FA) for webmail access. This adds an extra layer of security by requiring a secondary code from a mobile app or device.
- Monitor Email Usage: Regularly review your email logs for unusual activity. Unauthorized users may attempt to send spam, which can quickly trigger these limits.
- Limit Access: Only give email access to trusted individuals. Use secure channels when sharing login credentials, and disable accounts that are no longer in use.
- Scan for Malware: Regularly scan your computer and server for malware, as infected systems can be used to hijack email accounts for spamming purposes.
- Ensure Webmail Software is Updated: Keep your webmail client and server software up to date with the latest security patches. Outdated software is often a target for hackers exploiting known vulnerabilities.
By following these steps, you can significantly reduce the risk of unauthorized access and email delivery issues, protecting both your domain and email users.