• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Postfix queue stuck

R

Riset

New Pleskian
Since yesterday the mail queue on my server is stuck. I tried the command /usr/sbin/postsuper -r ALL to resend, but that did not work. The I checked the maillog and since there was a lot of email addressen that I don`t know (lots of foreign domains) I thought it was a spam issue. I installed fail2ban and about 15 ip addresses where blocked right away.

This did not solve the issue so I continue to search and then with the command mailq i get for the mails that are in the queue (no spam at all) the next error:

(host or domain name not found. Name service error for name=domain.com type=MX: Host not found, try again)

This made me think it`s a DNS issue on the server or an issue for the receiver. I did nslookup ons some of the domains and received the right information. I also send email from another server to those email adresses, that also worked fine. I checked if the server is open relay and/or on a blacklist, that was also not the case. Also I run the plesk repair mail command. The response was that there are no issues on the server.

I think there might be a script trying to send spam since there is emails send to unknown email addresses from all the domains on the server, even from domains that dont use email. Also I see this alot: webserver1 /usr/lib64/plesk-9.0/psa-pc-remote[3486]: Message aborted.

At this point im frustrated and don`t know where to look anymore. Hope someone here can help me.

Server info:
CentOS 7.6
Plesk Onyx 17.8.11 Update #56
 
Regarding the DNS idea: Have you verified that /etc/resolv.conf has valid entries? For example
8.8.8.8
8.8.4.4
 
In regards to a possible spam issue:
- is the daily mail log vastly bigger now than it was in the days before the problem?
- how many messages are in the mail queue?
- is the number of queued messages rising at an abnormal rate?
- if you observe active connections to the server, is there a constant connection to a site or a script that seems odd?
- similarly, is there a persistent SMTP connection from a local user that might indicate a SMTP account breach?
- are you using the Outgoing Mail Control in Plesk?
- is your PHP set up with 'mail.add_x_header = On'?
 
@Peter Debik

In the /etc/resolv.conf the entries are correct. To be sure I changed them to 8.8.8.8/8.8.4.4 for now.

@Ales

- is the daily mail log vastly bigger now than it was in the days before the problem?

When I open the maillog it seems to be only for one day. It seems very huge/long for a log with a small amount of domains.

- how many messages are in the mail queue?

At this moment there are only about 15 mails in the queue. I removed 10 mails from the queue that where sent from [email protected] (literely, so not an example) to [email protected] (here domain.com is a valid domain on my server but hello@ is not a valid email address).

- is the number of queued messages rising at an abnormal rate?

No, just sometimes there are a few mails showing up from the contact forms.

- if you observe active connections to the server, is there a constant connection to a site or a script that seems odd?

Where can I observe this?

- similarly, is there a persistent SMTP connection from a local user that might indicate a SMTP account breach?

In the logs I think it seems like there is a lot of failed login attempts to non existing mailboxen from existing domains. Othere then that I don`t know how to find out of an SMTP account is breached. Also I turned on maximum of 100 mails per user to sent every day for now and none of the users hit that limit, or get even close to that.

- are you using the Outgoing Mail Control in Plesk?

Yes I do.

- is your PHP set up with 'mail.add_x_header = On'?

This seems to be "Off" at the most used PHP version. Should I turn this to "On" or check all PHP versions if it`s set to "Off"?
 
The server is sending mail again. I did not change anything in the /etc/resolv.conf but I run restorecon /etc/resolv.conf and after that the mail goes out. Can you think of any reason why this is? Or should I have done this in the first place? Is this a command that should be run always after changing the resolv.conf?
 
Had the exact same issue, some throttling is going on with Plesk.
 
You must log in or register to reply here.

Similar threads

M
Question Plesk Email Security Pro - 421 4.3.2 Service shutting down, closing channel - Mails are stuck in the queue
Replies
16
Views
1K
Raul A.
R
C
Issue Need Help with Stuck Emails in Mail Queue
Replies
3
Views
2K
Kaspar@Plesk
Kaspar@Plesk
A
Issue Mail queue very slow with 10 min delay
2
Replies
22
Views
1K
apis
A
D
Question DKIM entry for hostname
Replies
3
Views
587
Kaspar
K
V
Issue Smarthost + SRS = relay?
Replies
2
Views
10K
vanlier
V
Back
Top