we've had this problem years ago on SG430, now again on SG650 HA.
There are some mail (PDF attached 9MB, but also only 387kb) getting stuck in spool.
Retrying oder restart SMTP (GUI and ssh) doesn't take effect. The message delivery log of the mail says "Scanner timeout".
Really annoing, but you can see the mails, inform the users that they have to resend it and exchange attached files via cloud services.
We call support and the scanner_timeout was increased from 3 to 15 (cc set smtp scanner_timeout 15).
Now the whole queue stops(?) when a "scanner timeout" mail comes in.
In "MailManager" "Statistics Overview" "Waiting for delivery (spooled):" the number of spooled mails increase, in the Mailmanager where you can take a look at the spool you see no mails.
If there is not much traffic, it's getting ok after waiting some minutes. ( See attached pic - a few minutes no mail delivery and after that all the mails from spool are delivered at once, downs and peeks yesterday 16o'clock, today 9 o'clock).
But if it's to much the queue seems to got stuck completely - the longest time we waited was 3 hours - no mail in and no mail out (then the users complained massivly...) .
We had to stop and restart smtp and the mails are getting processed normally again after about 3min.
After restart smtp the "bad" mails which triggered the error are gone. Seems that they're getting rejected when smtp stops while there are in the scantime. But the sender did not get any undeliverable message.
Sophos CPU (10%) and RAM(30%) are still low while scanning and beeing stuck.
Now after setting timeout back to 3, a bad mail still stops the delivery for about 3min, the mail itself isn't displayed in spool until 15min later.
Maybe anyone has an idea or similar problems?