Excessive outbound spam mail from the server
- Lots of spam mails flowing from the server.
- The To/From ID are junk ids.
- Lots of mails getting stcuk in the queue
- Yahoo/Rediff/gmail mails are not going
- User is getting lots of bounce messages
Please do the following:
1. Check which mails are there in the queue and are there any junk mails in it:
2. Identify a common sender/recipient which is flooding the queue.
3. Check the messages log for that user:
cat /var/log/messages | grep <userid> | more
4. Check the smtpd details for any one of the delivery:
cat /var/log/messages | grep "qmail-smtpd xxxx:" where xxxx is the no displayed in the above log.
5. Check if any user is compromise and mails are sent using his authentication. If yes then immediately change the user password.
6. Remove the unwanted mails from the queue. The details are available at:
To avoid such instances it is highly recommended to: 1. Implement the password policy and password complexity on the server The details are available at:
2. Implement the Rate Control on the server. The details are available at:
3. Implement the SMS alerts on the server so that if the queue increases below threshold you will get an sms alert for it. The details are available in the below:
One of the most important activities which you can do for your mail server is to monitor it daily. This ensures that the server runs smoothly and that you have an early warning on any impending problems like the disk space, memory utilisation etc. Typically your team would do this once a day (at least we hope so).
In an attempt to help you perform this activity with minimum effort, you can configure SMS alerts from your server.
How does this work?
We would install an update on your Mithi Connect Server to enable SMS alerts and we would configure the critical monitoring agents to send alerts via SMS to designated mobile phones.
What do you need to avail of this service?
- The SMS alerts are sent over http to the Internet service provider, hence your
server would need to be exposed to the Internet and you would need to have port 80 open in the corporate firewall.
- You would need to subscribe to a bulk SMS service
What all alerts will this service send?
We would configure the following alerts per server
- Disaster recovery server sync and heartbeat service monitoring
- Resource utilisation alerts like CPU, Memory and disk space
- Service failure alerts, including firewall, smtp, pop, etc.
- Alerts for failures in critical dependant external services like DNS.
- Alerts for growth in mail queues beyond a threshold.
- Alerts for unexpected growth in connections to the servers indicating a possible DOS attack