Email Forwarding Troubleshooting Tutorial (2026): Fix cPanel Forwarders, Aliases, and Catch-All Without Breaking Deliverability

Email forwarding looks simple, until mail starts disappearing, looping, or landing in spam. This email forwarding troubleshooting tutorial covers cPanel/WHM forwarders, aliases, and catch-all behavior. You’ll run practical checks in Exim, DNS, and message headers. The goal is to prove what happened to a specific email.

What you’ll troubleshoot (and what you won’t)

This guide focuses on forwarding problems on cPanel servers running Exim (the default MTA). You’ll learn how to diagnose:

Forwarders that stop working after an account move or DNS change
Catch-all addresses that create backscatter or flood a mailbox
Forwarding loops (forwarder → external provider → back to your domain)
Headers and routing that reveal rewriting, SRS, and SPF alignment issues
Cases where cPanel shows a forwarder, but Exim routes locally (or vice versa)

It does not cover general SMTP auth failures, mailbox login issues, or queue floods caused by a compromised script. If those are in scope, use cPanel Email Troubleshooting Tutorial (2026) alongside this one.

Prerequisites: access, paths, and a safe way to test

You’ll need one of these:

WHM root access (recommended) so you can follow delivery in Exim logs
cPanel access to the affected account so you can review forwarders and catch-all settings

On most cPanel servers, these are the files you’ll touch most:

Exim main log: /var/log/exim_mainlog
Exim reject log: /var/log/exim_rejectlog
Exim panic log: /var/log/exim_paniclog
User mail routing: /etc/vfilters/ and /etc/valiases/ (generated by cPanel)

If you host client mailboxes, do this work on a stable server. Underpowered VPS plans make log searches painful when traffic spikes or scanning kicks in.

If you want predictable performance and cPanel-friendly support, start with managed VPS hosting from HostMyCode. Keep the mail stack patched and monitored.

Step 1: Reproduce the problem with a controlled test message

Forwarding issues are faster to solve when you can trigger them on demand.

Create a test sender address (Gmail, Outlook, or a separate domain you control).
Send a unique subject line, for example: FWD-TEST-2026-06-30-001.
Send to the affected address on your domain (the one that forwards).
If possible, also send to a real mailbox on the same domain (non-forwarding) to compare behavior.

Save the full headers of the received message (or the bounce) from the destination provider. Those headers often reveal SRS rewriting, SPF alignment problems, and where filtering happened.

Step 2: Confirm the forwarder and catch-all configuration in cPanel

In cPanel (for the domain’s account):

Go to Email → Forwarders and confirm the forwarder exists.
Check Default Address (this is cPanel’s catch-all). Don’t leave it on “Forward to email address” unless you intentionally want a catch-all.
Verify there isn’t a conflicting forwarder for the same local part (example: both sales@domain.tld and sales alias rules).

Misconfigurations that show up quickly:

Catch-all forwarding to an external inbox: tends to generate backscatter and can trigger provider throttles.
Forwarder to a mailbox on the same domain that also forwards: an easy way to create a loop.
Forwarder to a typo (missing domain, wrong provider, wrong mailbox).

Step 3: Verify the domain’s mail routing and MX records (don’t assume)

A forwarder can be configured correctly and still never run. If the domain’s MX doesn’t point to the cPanel server, the message never reaches it.

From the server, run:

dig +short MX yourdomain.tld

dig +short A mail.yourdomain.tld

dig +short TXT yourdomain.tld

Confirm the basics:

The MX records point to hostnames that resolve to your server’s IP (or to the mail provider you expect).
If you’re using “Local Mail Exchanger” in cPanel but MX points to Microsoft 365 / Google Workspace, your forwarders won’t apply because mail never lands locally.

If you’re mid-cutover or you suspect split delivery, don’t wing it. Follow a TTL plan and keep a rollback path. Use: DNS propagation planning and rollback checks.

Step 4: Track a single message in Exim logs (the fastest truth)

SSH into the server as root (or use WHM Terminal). Watch the Exim log while you send the test email.

tail -f /var/log/exim_mainlog

Send your message and look for lines that mention the recipient. On busy servers, grep for your unique subject or sender:

grep -i "FWD-TEST-2026-06-30-001" /var/log/exim_mainlog | tail -n 50

grep -i "from=<your-sender" /var/log/exim_mainlog | tail -n 80

grep -i "to=<forwarded-address" /var/log/exim_mainlog | tail -n 80

You want to capture:

A message ID (looks like 1sXyZa-000abc-DEF).
A line that shows the routing decision (local delivery vs remote).
The forward target (remote SMTP handoff or a redirect).

If Exim accepts the message and then rejects it for policy reasons, also check:

tail -n 80 /var/log/exim_rejectlog

Step 5: Inspect the generated forwarder files (where cPanel actually stores rules)

cPanel writes forwarding rules into /etc/valiases/. Each domain has its own file. Each line maps a local part to a destination.

Example:

cat /etc/valiases/yourdomain.tld

You might see:

sales: someone@gmail.com
info: \:fail: No such user here
*: catchall@external.tld

Quick checks that save time:

If the forwarder exists in cPanel but not in /etc/valiases/, something is out of sync (or you’re on the wrong server).
If you see *:, the domain has a catch-all rule. Treat that as a deliberate security choice, not a harmless convenience.
If the destination looks like a local mailbox (example user without @domain), confirm you actually want local routing.

Don’t manually edit /etc/valiases/ as your normal workflow. cPanel can overwrite it. Use the cPanel/WHM UI or the appropriate scripts if you’re automating changes.

Manual edits can work as an emergency patch. If you do it, document exactly what you changed.

Step 6: Fix the two most common forwarding failures

Failure A: Forwarder works internally but external provider never receives it

Sometimes Exim shows a clean remote delivery (250 OK), but the destination user still can’t find the message. In many cases, the provider accepted it and then filtered it later.

Check the fundamentals:

Confirm your server has correct rDNS/PTR for the sending IP.
Confirm SPF/DKIM/DMARC are aligned for the forwarded path.
Verify whether cPanel is using SRS (Sender Rewriting Scheme) or whether forwarded mail keeps the original envelope sender.

If forwarding to Gmail/Outlook breaks SPF or raises filtering risk, use: SPF, DKIM, DMARC, and rDNS setup.

Failure B: Forwarder creates a loop (mail bounces with “Too many hops”)

Loops happen when the destination routes the message back to your domain. They also happen when your rules chain points back to the starting address.

Exim usually stops the damage. It bounces with loop detection or hop-count errors.

To diagnose:

Open the bounce and confirm the Received: chain repeats the same hosts.
Trace the forward target: does it resolve to an alias that returns to the original address?
Recheck the domain’s MX: if your domain points to Microsoft 365 but your forwarder targets a mailbox on your domain, Microsoft may route it back based on connectors or aliases.

Fix options:

Remove the circular rule. Pick one authoritative destination.
If you need copies in two places, use a provider-side rule (like a mailbox rule) instead of multi-hop forwarding.
Avoid catch-all forwarding unless you’re prepared to filter aggressively.

Step 7: Make forwarding safer with SRS (and know the trade-offs)

Plain forwarding often breaks SPF. The receiving provider sees your server sending mail “from” a third-party domain.

SRS rewrites the envelope sender to your domain. That helps SPF pass on the forwarded hop and often reduces false spam hits.

On cPanel, SRS is controlled in WHM under Exim Configuration Manager (exact naming can vary slightly by build, but it’s typically under Exim settings). If you enable SRS:

Test forwarding to Gmail and Outlook with full headers.
Confirm bounces still return correctly (SRS is designed for this, but complex routing can still trip you up).

If you run high-volume forwarding (newsletters to hundreds of forwarded recipients), consider skipping forwarders entirely. A proper mailbox plus client-side rules is usually easier on reputation and easier to audit.

Step 8: Diagnose catch-all damage (and how to unwind it without losing mail)

Catch-all addresses feel helpful, until bots find your domain. Then you start receiving mail for admin@, billing@, invoices@, plus thousands of random strings.

Forwarding that noise to a major provider can get your server flagged.

How to check whether catch-all is active:

In cPanel → Default Address, see whether it’s set to forward or deliver.
In /etc/valiases/yourdomain.tld, look for *:.

Safer patterns for 2026:

Set default address to Fail (recommended for most domains).
If you must capture unknown addresses, deliver to a local mailbox and filter there. Don’t forward blindly to Gmail/Outlook.

Unwind plan (low risk):

Switch catch-all from “Forward” to “Fail” or “Discard.”
Create explicit forwarders for the addresses you actually need (sales@, support@, billing@).
Monitor Exim logs for 24 hours for unexpected “unknown user” rejects.

Step 9: Check for account-level filters that override forwarding

cPanel filters can change delivery in ways that look like “forwarding is broken.” Two places matter:

User-level filters in cPanel → Email Filters
Global filters in WHM → Global Email Filters

A common symptom: mail forwards sometimes, but messages with certain subjects or spam scores “disappear.” In reality, a filter is delivering to a folder, piping to a script, discarding, or failing.

If you’re working from a specific message ID in Exim logs, search for filter-related actions around the same timestamp. Many setups log enough routing notes to point you to the decision that changed delivery.

Step 10: Validate your fix with a checklist (and keep it stable)

After changes, run this quick validation set:

DNS: MX points where you think it points; no stale records during cutover
Routing: Exim logs show a single clear path (local deliver or remote deliver)
No loops: no repeated Received headers; no hop-count bounces
Catch-all: disabled unless there’s a documented reason
Authentication: SPF/DKIM/DMARC and rDNS are correct for your sending IP
Provider delivery: test to Gmail + Outlook and check spam placement

If you also need to harden the server so a forwarded address can’t be abused by scripts, pair this tutorial with: cPanel hardening (WHM, services, isolation).

Operational tips: keep forwarders from turning into a support nightmare

Forwarders are quick to set up. That’s why resellers lean on them. They also generate a steady stream of “missing email” tickets if you don’t set expectations.

Document intent: for each domain, note whether forwarding is temporary (migration) or permanent.
Prefer mailbox rules: if a client uses Microsoft 365/Google Workspace, create rules there instead of multi-hop forwarding from cPanel.
Avoid catch-all forwarding: it amplifies spam and damages reputation faster than most people expect.
Test restores: after migrations, confirm /etc/valiases and cPanel forwarders match the expected setup.

For migrations where forwarders must keep working during DNS transitions, assume you’ll need to restore quickly. You’ll also need to verify under pressure. This structure helps: build a restore-first runbook.

Summary: the shortest path to the real cause

Forwarding gets easier to debug once you stop trusting the UI. First, verify where MX points. Next, track one message ID in Exim. Then read /etc/valiases to see the exact rule Exim applied.

That sequence usually pins the cause down in minutes.

If you want a server sized properly for email plus websites, with a hosting team that understands WHM/Exim behavior, use a HostMyCode VPS. Step up to managed VPS hosting if you’d rather not babysit mail routing and log triage.

Running cPanel forwarders for client domains goes smoother when the server has steady I/O and enough RAM for scanning and log retention. HostMyCode offers managed VPS hosting for hands-on admin support, or a self-managed HostMyCode VPS if you prefer full control.

FAQ

Why does my cPanel forwarder work for some senders but not others?

Forwarded mail often gets filtered based on SPF alignment, sender reputation, or missing DKIM. Track the message in /var/log/exim_mainlog and compare the destination-side headers to see where delivery changed.

Should I use a catch-all address on a hosting domain?

Usually no. Catch-all attracts spam and backscatter. Create only the addresses you need and set the default address to Fail unless you have a documented reason to do otherwise.

Where does cPanel store forwarders on disk?

On cPanel servers, forwarding/alias rules are typically written under /etc/valiases/ per domain. Use that file to confirm what Exim will apply.

How do I prove an email actually left my server during forwarding?

Find the message ID in /var/log/exim_mainlog and locate the remote delivery line that shows the destination host and SMTP response (for example, a 250 OK). Then confirm receipt or filtering at the destination provider using message headers.