Mail Relay not sending all emails. Accepted: from relay in logs but nothing more

When you go to the 'SMTP Spool' tab in Mail Manager in WebAdmin, do you see any of these undelivered emails?  Do you know for a fact that they haven't been delivered?  Are internal users relaying directly off the SMTP Proxy or through an internal mail server?

Cheers - Bob

I assume that if you have a mail server, you are not a home user.   Mail flow is a critical issue to most organizations.  You should have and use Sophos Support first for anything as critical as this.

We have. To be honest I find UTM support terrible in most cases.

Support ended up putting SMTP into debug mode to check. It still did not work and did not give much more info. However afetr switching debug off and restarting the service we started to get the emails sent. CPU rocketed and a load of emails started to flow out.

What I am still waiting for is a reason why this would happen. Most emails were sending.

I have seen a small number of other posts about strange one-of-a-kind UTM problems being resolved by a reboot, although I have never experienced that situation myself.   Presumably, some random event corrupts a key portion of process memory and the strange behavior exists until the reboot gets memory back into a clean state.   Since rebooting solves the problem but also destroys the evidence, I doubt any better answer exists in this lifetime.

Well it looks old like it’s happened again

Lots of emails not going out and possibly emails not coming in.

When I look on the log I just have a exim-in with accepted from relay. I then have nothing else in the log.

All other emails have a exim-in and a exim-out.

Restarting smtp seems to solve the problem. My issue is I can not see on mail manager these emails with just the exim-in. As a result I have no idea what the scale of the problem is.

I parsed the log file and found 400 just today.

Do any of those mails have by chance particularly large attachments? Maybe there is a large one holding the UTM off. I had an issue one day when our Exchange stopped working for odd reasons. It still accepted Mails, so until it was discovered, there was already a large queue of mails. It was only resolved after we made sure the attachment limits in Exchange, UTM and at our ISP (Smarthost) where set to the same limit. It wasn't before we changed it, and one really large attachment held the whole queue back.

I expected to have a refuse message if a limit is reached in one devices in the chain, but that did not happen.

I guess it is unlikely that this is your problem, but you probably want to check anyways.

I’m not aware that they have an attachment. It seems to be emails sent via a relay. Does the UTM have a limit to what it will send.

I have to say that support is garbage. We have had a few issues now that just have not been resolved and I’m not sure I can defend Sophos in our business. It’s becoming to stressful. The issue is that now anything that happens the finger of blame comes mine and the Sophos way. Unfortunately it seems that increasingly it is the Sophos.

The last firmware update broke VPNs to amazon and when we phoned they knew it was an issue. If they knew it was an issue they should have pulled the update.

I am not aware if there are limits defined in factory settings. But you can check limits at Email Protection, SMTP, Advanced:

I have had issues, with the setting, and had to increase the connections/host, the logs did state that there were too many connection.

the other issue I came across was the server did not have enough space and was not processing the email on the exchange server itself.

as I run the Firewall, it gave me grate pleasure to inform the IT company that their Exchange server needed more space, I sent them the log entries, and voila fixed.