• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Issue Postfix queue stuck

R

Riset

New Pleskian
Since yesterday the mail queue on my server is stuck. I tried the command /usr/sbin/postsuper -r ALL to resend, but that did not work. The I checked the maillog and since there was a lot of email addressen that I don`t know (lots of foreign domains) I thought it was a spam issue. I installed fail2ban and about 15 ip addresses where blocked right away.

This did not solve the issue so I continue to search and then with the command mailq i get for the mails that are in the queue (no spam at all) the next error:

(host or domain name not found. Name service error for name=domain.com type=MX: Host not found, try again)

This made me think it`s a DNS issue on the server or an issue for the receiver. I did nslookup ons some of the domains and received the right information. I also send email from another server to those email adresses, that also worked fine. I checked if the server is open relay and/or on a blacklist, that was also not the case. Also I run the plesk repair mail command. The response was that there are no issues on the server.

I think there might be a script trying to send spam since there is emails send to unknown email addresses from all the domains on the server, even from domains that dont use email. Also I see this alot: webserver1 /usr/lib64/plesk-9.0/psa-pc-remote[3486]: Message aborted.

At this point im frustrated and don`t know where to look anymore. Hope someone here can help me.

Server info:
CentOS 7.6
Plesk Onyx 17.8.11 Update #56
 
Regarding the DNS idea: Have you verified that /etc/resolv.conf has valid entries? For example
8.8.8.8
8.8.4.4
 
In regards to a possible spam issue:
- is the daily mail log vastly bigger now than it was in the days before the problem?
- how many messages are in the mail queue?
- is the number of queued messages rising at an abnormal rate?
- if you observe active connections to the server, is there a constant connection to a site or a script that seems odd?
- similarly, is there a persistent SMTP connection from a local user that might indicate a SMTP account breach?
- are you using the Outgoing Mail Control in Plesk?
- is your PHP set up with 'mail.add_x_header = On'?
 
@Peter Debik

In the /etc/resolv.conf the entries are correct. To be sure I changed them to 8.8.8.8/8.8.4.4 for now.

@Ales

- is the daily mail log vastly bigger now than it was in the days before the problem?

When I open the maillog it seems to be only for one day. It seems very huge/long for a log with a small amount of domains.

- how many messages are in the mail queue?

At this moment there are only about 15 mails in the queue. I removed 10 mails from the queue that where sent from [email protected] (literely, so not an example) to [email protected] (here domain.com is a valid domain on my server but hello@ is not a valid email address).

- is the number of queued messages rising at an abnormal rate?

No, just sometimes there are a few mails showing up from the contact forms.

- if you observe active connections to the server, is there a constant connection to a site or a script that seems odd?

Where can I observe this?

- similarly, is there a persistent SMTP connection from a local user that might indicate a SMTP account breach?

In the logs I think it seems like there is a lot of failed login attempts to non existing mailboxen from existing domains. Othere then that I don`t know how to find out of an SMTP account is breached. Also I turned on maximum of 100 mails per user to sent every day for now and none of the users hit that limit, or get even close to that.

- are you using the Outgoing Mail Control in Plesk?

Yes I do.

- is your PHP set up with 'mail.add_x_header = On'?

This seems to be "Off" at the most used PHP version. Should I turn this to "On" or check all PHP versions if it`s set to "Off"?
 
The server is sending mail again. I did not change anything in the /etc/resolv.conf but I run restorecon /etc/resolv.conf and after that the mail goes out. Can you think of any reason why this is? Or should I have done this in the first place? Is this a command that should be run always after changing the resolv.conf?
 
Had the exact same issue, some throttling is going on with Plesk.
 
You must log in or register to reply here.

Similar threads

M
Issue Mail Stuck In Queue after installing and delete Sentinel Anti-malware
Replies
6
Views
280
mcac
M
S
Issue I tried to delete a subscription but it is in queue
Replies
1
Views
256
Peter Debik
P
J
Issue Email not working and delivering to accounts on server if I Install Plesk Emil security
Replies
2
Views
8K
jammer699669
J
Lrnt
Resolved Mail stuck in queue between my 2 servers (Connection timed out)
Replies
3
Views
339
Lrnt
Lrnt
A
Question Receiving my Forms email from 238237654.t-sender-sib instead of via sendinblue?
Replies
1
Views
2K
ckent701
C
Back
Top