Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Replies 0 replies
  • Subscribers 38 subscribers
  • Views 75 views
  • Users 0 members are here
Options
Suggested

Mails not more delivered (MTA-Mode). After service smtpd:restart mails successfully delivered, but also very old from February/March/April

Erik Wi

Hi there,

we had a very interesting problem with our Sophos-Firewall and the mailflow on Wednesday.

  1. On 2024-06-26 around 08:00am (UTC+2) no more mails were delivered via our Firewall.
  2. All mails were visible in the GUI under "Mail logs", but only "Temporarily Rejected Greylisted". An initial rejection is a normal behavior.
  3. In the GUI under "Mail spool" we only saw 6 mails from shortley 08:00am, but there should have been hundreds. Adjusting the date filter was also unsuccessful.
  4. After running the command "service smtpd:restart -ds nosync" the following happened:
    a. 170 pages of 20 mails could be seen in the spooler!
    b. Employees reported that mails from February, March, April etc. were delivered.

We:

  • a. use the version: XG430_WP02_SFOS 20.0.0 GA-Build222.
  • b. use the MTA mode.
  • c. had no CPU/RAM/disk workload.
  • d. could not see any failed pattern updates.
  • e. did not see any services in the GUI with a problem status.
  • checked smtpd_error.log and smtpd_panic.log, but both are empty.

Attached a snipped from the logs, shortly before and after the problem occurred.

	Line 312083: MSG   Jun 26 06:04:35Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLlj-0003RQ-2M-D'
	Line 312087: MSG   Jun 26 06:04:35Z [  MS-10567]: S='noreply-***@***.com' R='AMR@***.DE' Subject='DMAN:XA83561-660' Size='9204' Status='Mail has been queued for delivery.' src_ip='10.**.**.**' src_port=52912 user_id=0 user_grp_id=0 fw_id=1 src_zone_id=5
	Line 312093: MSG   Jun 26 06:04:35Z [1sMLlj-0003RJ-0f]: move 'iJ6tOb-VHCZxe-VL' to forwarder queue
	Line 312101: MSG   Jun 26 06:04:35Z [  MS-10567]: S='noreply-***@***.com' R='AMR@***.DE' Subject='DMAN:XA83561-670' Size='9332' Status='Mail has been queued for delivery.' src_ip='10.**.**.**' src_port=52922 user_id=0 user_grp_id=0 fw_id=1 src_zone_id=5
	Line 312107: MSG   Jun 26 06:04:35Z [1sMLlj-0003RQ-2M]: move 'yg4VHO-ulQeua-oG' to forwarder queue
	Line 312116: MSG   Jun 26 06:04:36Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLlk-0003Rf-0v-D'
	Line 312121: MSG   Jun 26 06:04:36Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLlk-0003Rm-2g-D'
	Line 312125: MSG   Jun 26 06:04:36Z [  MS-10567]: S='noreply-***@***.com' R='AMR@***.DE' Subject='DMAN:XA83561-680' Size='9460' Status='Mail has been queued for delivery.' src_ip='10.**.**.**' src_port=52924 user_id=0 user_grp_id=0 fw_id=1 src_zone_id=5
	Line 312131: MSG   Jun 26 06:04:37Z [1sMLlk-0003Rf-0v]: move 'eLRyTE-2s6PAH-Z5' to forwarder queue
	Line 312139: MSG   Jun 26 06:04:37Z [  MS-10567]: S='noreply-***@***.com' R='AMR@***.DE' Subject='DMAN:XA83561-690' Size='9588' Status='Mail has been queued for delivery.' src_ip='10.**.**.**' src_port=52934 user_id=0 user_grp_id=0 fw_id=1 src_zone_id=5
	Line 312143: MSG   Jun 26 06:04:37Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLll-0003Rr-1B-D'
	Line 312145: 14856 1 queue-runner process running
	Line 312176: MSG   Jun 26 06:04:37Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLll-0003S7-2w-D'
	Line 312226: MSG   Jun 26 06:04:38Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLlm-0003Sr-1R-D'
	Line 312267: MSG   Jun 26 06:04:39Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLlm-0003Tg-3D-D'
	Line 312272: MSG   Jun 26 06:04:39Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLln-0003Ty-1q-D'
	Line 312277: MSG   Jun 26 06:04:40Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLlo-0003Uq-0P-D'
	Line 312282: MSG   Jun 26 06:04:40Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLlo-0003VG-2A-D'
	Line 312326: MSG   Jun 26 06:04:41Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLlp-0003Vi-0k-D'
	Line 312337: MSG   Jun 26 06:04:41Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLlp-0003WH-2R-D'
	Line 312342: MSG   Jun 26 06:04:42Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLlq-0003WL-0w-D'
	Line 312347: MSG   Jun 26 06:04:42Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLlq-0003WX-2g-D'
	Line 312352: MSG   Jun 26 06:04:43Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLlr-0003Wi-1F-D'
	Line 312357: MSG   Jun 26 06:04:44Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLlr-0003Wy-3C-D'
	Line 312362: MSG   Jun 26 06:04:44Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLls-0003X5-1i-D'
	Line 312367: MSG   Jun 26 06:04:45Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLlt-0003XD-07-D'
	Line 312372: MSG   Jun 26 06:04:45Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLlt-0003XG-1n-D'
	Line 312377: MSG   Jun 26 06:04:46Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLlu-0003XL-0G-D'
	Line 312382: MSG   Jun 26 06:04:46Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLlu-0003Xe-1z-D'
	Line 312387: MSG   Jun 26 06:04:47Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLlv-0003Xh-0S-D'
	Line 312392: MSG   Jun 26 06:04:47Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLlv-0003Xk-28-D'
	Line 312397: MSG   Jun 26 06:04:48Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLlw-0003Xm-0g-D'
	Line 312402: MSG   Jun 26 06:04:48Z [ T_SMTPD-M]: new mail queued, add to inqueue '1sMLlw-0003YK-2P-D'

It looks like a not passed spam check (like RBL, Greylisting, SPF, 0Day...). Where are the failed mails stored, /var/spool/input or output/?

How can we avoid this in future, where emails get stuck for months and are not visible in the GUI in the spooler?

Is it possible to send external commands to monitor the mail queue (like exim -bp)?

Best regards and thanks a lot!

Erik



Added TAGs
[edited by: emmosophos at 5:51 PM (GMT -7) on 28 Jun 2024]
Unfiltered HTML