Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 4 subscribers
  • Views 3881 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Entire mail queue stuck, urgent help please!

Johnny Long

We are running the latest UTM 9.708-6 on the AWS marketplace, ever since March last year, there are about once or twice a month, one or two large emails are stuck the entire email queen, usually, it's an email with PDF attachments as described in these tickets-

community.sophos.com/.../mails-are-not-processed-due-to-pdf-attachments
https://community.sophos.com/utm-firewall/f/mail-protection-smtp-pop3-antispam-and-antivirus/127443/emails-stuck-in-smtp-spool-with-error

The attachments are usually scanned PDF documents, some of them are hard to read, the scanner always timeout and stuck all the inbound and outbound emails in 

I went through the discussions above but there isn't any helpful answer, it seems to be a legit bug and occurs increasingly this year (3 times in 2 weeks), on one occasion more than 20k emails stuck in the mail queue for nearly a day, we cannot constantly keep our eyes on the queue, could you please help us with a solution?



This thread was automatically locked due to age.
Parents
  • 0

    This might be something to get Support involved with, especially if it's hosted.  The links don't really seem to be helping other than to add an exception for the sender and the other one directing them to XG, not UTM.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to Amodin

    Thanks for your reply.

    We got support involved last year, but the technician simply remoted in our server and removed the email that stuck the queue and reboot the UTM system and then called it fixed, he had no idea what causes it to happen.

    It is a very frustrating problem but there seems to be no fix yet.

  • 0 in reply to Johnny Long

    Does the exception work for it to pass through as discussed in one of the posts you linked, or would that be an option at least for a quick fix?

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to Amodin

    Thanks again for your input.

    The exception would not work in our case, because the senders are random, not a particular user.

    The only exception that may work is to skip scanning all PDF files, but is there a way to do that in UTM?

  • 0 in reply to Johnny Long

    I don't really know enough about the e-mail piece of UTM, but it doesn't appear like it would.  You can whitelist other things, but not file extension types, just addresses, networks, etc.  I'll keep looking around.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to Johnny Long

    Hi Johnny and welcome to the UTM Community!

    If you can identify a blocking email, show us the lines from the SMTP log related to that email.

    Cheers - Bob

    PS MediaSoft's UTM is in AWS and uses the SMTP Proxy.  We haven't seen this.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Sorry for the late reply

    Here is one example:

    2022:01:19-10:45:07 mail exim-in[18726]: 2022-01-19 10:45:07 1n9z61-0004s2-28 sasi reports probability: 0.099750, version: Antispam-Engine: 4.1.4, AntispamData: 2022.1.19.316
2022:01:19-10:45:07 mail exim-in[18726]: 2022-01-19 10:45:07 1n9z61-0004s2-28 <= trent@wxxxxxxn.com.au H=ihm-bur-irony3.ihm.iinet.net.au [203.113.244.213]:58671 P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=3070347 id=0f71bb6c144c481ebf56fe05f64d2f85@ihm-port-e13m07.prdhosting.local
2022:01:19-10:45:08 mail smtpd[4849]: QMGR[4849]: 1n9z61-0004s2-28 moved to work queue
2022:01:19-10:45:09 mail smtpd[6579]: SCANNER[6579]: 1n9z65-0001i7-Lp <= trent@wxxxxxxn.com.au R=1n9z61-0004s2-28 P=INPUT S=3065513
2022:01:19-10:56:00 mail smtpd[4842]: MASTER[4842]: 1n9z61-0004s2-28 Scanner timeout or deadlock
2022:01:19-10:57:00 mail smtpd[22785]: SCANNER[22785]: 1n9zHY-0005vV-HU <= trent@wxxxxxxn.com.au R=1n9z61-0004s2-28 P=INPUT S=3065513
2022:01:19-11:08:00 mail smtpd[4842]: MASTER[4842]: 1n9z61-0004s2-28 Scanner timeout or deadlock
2022:01:19-11:09:00 mail smtpd[28104]: SCANNER[28104]: 1n9zTA-0007JI-J3 <= trent@wxxxxxxn.com.au R=1n9z61-0004s2-28 P=INPUT S=3065513
2022:01:19-11:20:00 mail smtpd[4842]: MASTER[4842]: 1n9z61-0004s2-28 Scanner timeout or deadlock

  • 0 in reply to Johnny Long

    If you're still having this problem, Johnny, check to see what attachment (a .pdf or a .scn?) is causing the queue to get blocked.  If Sophos Support solved this for you, please share the solution.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Johnny Long

    If you're still having this problem, Johnny, check to see what attachment (a .pdf or a .scn?) is causing the queue to get blocked.  If Sophos Support solved this for you, please share the solution.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML