Back to Community Threads
1
Around 15000 mails in spool
Problem reported by Devang Shah - 3/5/2019 at 9:48 AM
Submitted
Hi,

since evening today no regular mails are being transmitting & entire spool is filled with 15000+ mails which cant be tracked 
as nos just keep jumping from 10000 to 12000 to 14000 & back

no regular mails are relaying

we have changed password of few rogue mail ids, deleted few ids 

server is running fine since years

after this i have updated to latest SM 16.x Entp build also but still no good

please some can help us here & suggest some check 

10 Replies

Reply to Thread
0
Devang Shah Replied
3/5/2019 at 9:55 AM
0
Devang Shah Replied
3/5/2019 at 10:07 AM
surprisingly, one domain with around 300+ users seems to be having all such issue
we have changed pass for admin & many users but still its playing

we have kept throttling on, IDS is on but the issue still remains
0
ScottF Replied
3/5/2019 at 2:34 PM
What is the status of the messages in the Spool? I've seen them get stuck in "Spam Check" which indicates a problem with Cyren, RBLs, etc.
0
Devang Shah Replied
3/5/2019 at 2:50 PM
status of message in spool is "Delivery Delay" & it's stuck for more than 2 hours [in thousands]

domain is set as more than 1000 mails outgoing to be throttled & action set as Reject 

the said domain is having static IP for that domain only

We have changed password of all major users also, we are manually trying to clean spool but volume is keep mounting up
0
Gary P Replied
3/5/2019 at 3:55 PM
I agree with Scott

Had a similar issue about a year ago was due to RBL/ URIBL delays which caused the spool to back up, due to SPAM check slowing down,  look at ave time, for each. It could be that.
0
Devang Shah Replied
3/5/2019 at 5:20 PM
it seems rogue / SMTP Harvest 

sample of header of mails in spool

X-Declude-Spoolname: 121043993.eml
X-Declude-RefID:
X-Declude-Note: Scanned by Declude 4.12.11
X-Declude-Scan: Outgoing Score [0] at 20:28:55 on 05 Mar 2019
X-Declude-Tests: Whitelisted
X-Country-Chain:
X-Declude-Code: f
X-HELO: [customer80-185.airweb.cz]
X-Identity: 185.40.80.185 | customer80-185.airweb.cz | ems2.net
0
Devang Shah Replied
3/5/2019 at 5:26 PM
we are using declude & it's marking this outgoing mails in whitelist 
0
Linda Pagillo Replied
3/6/2019 at 7:42 AM
Hi Devang. All authenticated email leaving your server is automatically whitelisted by Declude. It seems to me that you may have a compromised account that is sending these out. Declude’s Hijack component can prevent this from happening. Are you using Hijack? If not, you should turn it on for the future so it can prevent this from happening. Here are a few KB articles that explain what Hijack is and how it can help...
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Authorized SmarterTools Reseller Authorized Message Sniffer Reseller
0
Devang Shah Replied
3/6/2019 at 7:52 AM
OK Issue got resolved by renaming spool folder

is there a util / script available which can search legitimate / rogue mails from old spool so actual mails can be brought back in spool for relay

there was one post but the link is broken & i cant find it manually 
0
Linda Pagillo Replied
3/6/2019 at 9:40 AM
Devang, the problem here is a compromised account. Do you know which accounts are compromised? If not, you can turn on Declude Hijack and it will catch the outbound email from the compromised account and it will tell you which account(s) are compromised.
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Authorized SmarterTools Reseller Authorized Message Sniffer Reseller
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

My spool is full of pending messages. What do I do?SmarterMail > Troubleshooting
Cannot Send Email MessagesSmarterMail > Troubleshooting
Find a Compromised AccountSmarterMail > Troubleshooting
554 Error - MTA Poor Reputation FixesSmarterMail > Troubleshooting
Migrate SmarterMail to a Different ServerSmarterMail > Installation and Configuration