Sometimes Cpanel/WHM seems to eat your customer's mail out by apparently no reason.
You can figure this out by reading the exim’s log and finding those strange strings (this is an incoming message):
2011-04-20 10:35:08 1QCSsN-00029z-RG H=smtp2.mailserver.ch [184.108.40.206] Warning: "SpamAssassin as usrname detected message as NOT spam (-1.8)"
2011-04-20 10:35:08 1QCSsN-00029z-RG <= firstname.lastname@example.org H=smtp2.mailserver.ch [220.127.116.11] P=esmtps X=TLSv1:AES256-SHA:256 S=105081 id=C9D46976.7B0Aemail@example.com
2011-04-20 10:35:08 1QCSsN-00029z-RG => /dev/null <firstname.lastname@example.org> R=central_filter T=**bypassed**
2011-04-20 10:35:08 1QCSsN-00029z-RG Completed
As you can see, Spamassassin considered the message as NOT spam, but no matter what, the message ended inside /dev/null.
Although note the "central_filter": it did tell exim to ignore the message.
Well, you should know that, in addition to spamassassin, there is an additional bayesian filter that learns whatever keyword in the message should be considered as spam.
You can see how it works by checking the /etc/vfilter/domaniname.com file and the relative /home/domainna/.cpanel/filter.yaml
Those files, essentially, contain the bad keywords and how they should be treated (either deleted or moved to some folder).
Rather than delete the contents of the file, it's better to go into "cPanel" > "Account Level Filtering" and "cPanel" > "User Level Filtering" and remove whichever location has that filter setup. Removing the filter will remove that entry in the file without requiring you to edit any .yaml file.