• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Postfix queue stuck

R

Riset

New Pleskian
Since yesterday the mail queue on my server is stuck. I tried the command /usr/sbin/postsuper -r ALL to resend, but that did not work. The I checked the maillog and since there was a lot of email addressen that I don`t know (lots of foreign domains) I thought it was a spam issue. I installed fail2ban and about 15 ip addresses where blocked right away.

This did not solve the issue so I continue to search and then with the command mailq i get for the mails that are in the queue (no spam at all) the next error:

(host or domain name not found. Name service error for name=domain.com type=MX: Host not found, try again)

This made me think it`s a DNS issue on the server or an issue for the receiver. I did nslookup ons some of the domains and received the right information. I also send email from another server to those email adresses, that also worked fine. I checked if the server is open relay and/or on a blacklist, that was also not the case. Also I run the plesk repair mail command. The response was that there are no issues on the server.

I think there might be a script trying to send spam since there is emails send to unknown email addresses from all the domains on the server, even from domains that dont use email. Also I see this alot: webserver1 /usr/lib64/plesk-9.0/psa-pc-remote[3486]: Message aborted.

At this point im frustrated and don`t know where to look anymore. Hope someone here can help me.

Server info:
CentOS 7.6
Plesk Onyx 17.8.11 Update #56
 
Regarding the DNS idea: Have you verified that /etc/resolv.conf has valid entries? For example
8.8.8.8
8.8.4.4
 
In regards to a possible spam issue:
- is the daily mail log vastly bigger now than it was in the days before the problem?
- how many messages are in the mail queue?
- is the number of queued messages rising at an abnormal rate?
- if you observe active connections to the server, is there a constant connection to a site or a script that seems odd?
- similarly, is there a persistent SMTP connection from a local user that might indicate a SMTP account breach?
- are you using the Outgoing Mail Control in Plesk?
- is your PHP set up with 'mail.add_x_header = On'?
 
@Peter Debik

In the /etc/resolv.conf the entries are correct. To be sure I changed them to 8.8.8.8/8.8.4.4 for now.

@Ales

- is the daily mail log vastly bigger now than it was in the days before the problem?

When I open the maillog it seems to be only for one day. It seems very huge/long for a log with a small amount of domains.

- how many messages are in the mail queue?

At this moment there are only about 15 mails in the queue. I removed 10 mails from the queue that where sent from [email protected] (literely, so not an example) to [email protected] (here domain.com is a valid domain on my server but hello@ is not a valid email address).

- is the number of queued messages rising at an abnormal rate?

No, just sometimes there are a few mails showing up from the contact forms.

- if you observe active connections to the server, is there a constant connection to a site or a script that seems odd?

Where can I observe this?

- similarly, is there a persistent SMTP connection from a local user that might indicate a SMTP account breach?

In the logs I think it seems like there is a lot of failed login attempts to non existing mailboxen from existing domains. Othere then that I don`t know how to find out of an SMTP account is breached. Also I turned on maximum of 100 mails per user to sent every day for now and none of the users hit that limit, or get even close to that.

- are you using the Outgoing Mail Control in Plesk?

Yes I do.

- is your PHP set up with 'mail.add_x_header = On'?

This seems to be "Off" at the most used PHP version. Should I turn this to "On" or check all PHP versions if it`s set to "Off"?
 
The server is sending mail again. I did not change anything in the /etc/resolv.conf but I run restorecon /etc/resolv.conf and after that the mail goes out. Can you think of any reason why this is? Or should I have done this in the first place? Is this a command that should be run always after changing the resolv.conf?
 
Had the exact same issue, some throttling is going on with Plesk.
 
You must log in or register to reply here.

Similar threads

C
Issue Need Help with Stuck Emails in Mail Queue
Replies
3
Views
1K
Kaspar@Plesk
Kaspar@Plesk
V
Issue Smarthost + SRS = relay?
Replies
2
Views
882
vanlier
V
M
Issue Mail Stuck In Queue after installing and delete Sentinel Anti-malware
Replies
6
Views
737
mcac
M
S
Issue I tried to delete a subscription but it is in queue
Replies
1
Views
511
Peter Debik
P
J
Issue Email not working and delivering to accounts on server if I Install Plesk Emil security
Replies
2
Views
9K
jammer699669
J
Back
Top