SmarterMail - Fixing Outgoing SMTP Spam Emails

Yesterday I had to deal with one of the worst email spam issue on the mail server. One of the person who had email account on the server, got his desktop or account hacked. And that desktop was sending email through the server like crazy. The way I came to know about the problem was that one of the site administrators told me that all email deliveries were stopped few hours ago. And after that I got the information, an email came from our email server hosting provider that the server has reached daily limit of email relay. This was the first time ever I got this notification.

I have SmarterMail mail server application installed. So far I never had any issue with it and has worked great. I quickly logged onto the server and brought up management console for email server. I looked at the email spool. Wow! There were more than 100K email waiting to be delivered in the spool. Well, that explained that why none of the valid emails were not getting emails because there were so many spam emails stuck in the que waiting to clear.

Steps Followed To Resolve The Issue

  • First, I stopped mail service on the server from Service Control Manager.
  • Next i looked at emails that were stuck in the spooler. There were whole bunch of emails that did not have any sender email associated with it in the report. I opened about dozen of them and found that all of them were associated with one user account through which those were being delivered.
  • Since I could not keep the email server down forever while I was working resolving the problem, I had to start the mail server. But before starting the service, I had to take come precaution so that no more spam emails are getting put on the spool. So here are steps taken to avoid further clogging of spool.
    • Added the offending email address into the Blocked list of people for outgoing emails.
    • Deleted the offending email address from the server. I tried disabling that account but that did not work very well. Only thing I can say is that Relay settings were not honoring the disabled account.
    • Now was the time to clean up spool. Well, I was not going to wait till I clean up 100K messages from the spool though the user interface. So simple procedure is to rename Spool folder on your server to something like Spool_Spam. Then create a new folder with name Spool on the server.
  • Now I started the mail service again. Watchd it for few minutes to make sure that spam emails were not appearing on the spool. Well, that went great. No more outgoing spam emails.

Restoring Old Spool

Now that problem with spam emails were taken care of, now I had to restore valid emails from old spool so that we do not loose any emails. Here are the steps that I followed.

  • Since I figured out that there was only one sender account that was causing the problem all outgoing spam emails, I just need to make sure that all entried from old spool related to that account are removed. All emails are stored as individual files with extension .eml in Subspool folders under Spool folder. I searched for that sender email address in all folders and deleted all .eml files for that. Now you will be left with .hdr files related to those deleted .eml files. Clean those files up.
  • Copy the remaining .eml and .hdr files from this old spool folder into the new working Spool folder.

This should put everything back to normal.

Search

Social

Weather

19.0 °C / 66.3 °F

weather conditions Mist

Monthly Posts

Blog Tags