SmarterMail - Fixing Outgoing SMTP Spam Emails
- Wednesday, August 11, 2010
- Naveen Kohli
Yesterday I had to deal with one of the worst email spam issue on the mail server. One of the person who had email
account on the server, got his desktop or account hacked. And that desktop was sending email through
the server like crazy. The way I came to know about the problem was that one of the site administrators
told me that all email deliveries were stopped few hours ago. And after that I got the information, an
email came from our email server hosting provider that the server has reached daily limit of email relay.
This was the first time ever I got this notification.
I have SmarterMail mail server application installed. So far I never had any issue with it
and has worked great. I quickly logged onto the server and brought up management console for email server. I
looked at the email spool. Wow! There were more than 100K email waiting to be delivered in the spool. Well,
that explained that why none of the valid emails were not getting emails because there were so many spam emails
stuck in the que waiting to clear.
Steps Followed To Resolve The Issue
- First, I stopped mail service on the server from Service Control Manager.
- Next i looked at emails that were stuck in the spooler. There were whole bunch of emails that did not
have any sender email associated with it in the report. I opened about dozen of them and found that
all of them were associated with one user account through which those were being delivered.
- Since I could not keep the email server down forever while I was working resolving the problem, I had to
start the mail server. But before starting the service, I had to take come precaution so that no more
spam emails are getting put on the spool. So here are steps taken to avoid further clogging of spool.
- Added the offending email address into the Blocked list of people for outgoing emails.
- Deleted the offending email address from the server. I tried disabling that account but that
did not work very well. Only thing I can say is that Relay settings were not honoring the disabled account.
- Now was the time to clean up spool. Well, I was not going to wait till I clean up 100K messages
from the spool though the user interface. So simple procedure is to rename Spool folder
on your server to something like Spool_Spam. Then create a new folder with name
Spool on the server.
- Now I started the mail service again. Watchd it for few minutes to make sure that spam emails were not
appearing on the spool. Well, that went great. No more outgoing spam emails.
Restoring Old Spool
Now that problem with spam emails were taken care of, now I had to restore valid emails from old spool so that
we do not loose any emails. Here are the steps that I followed.
-
Since I figured out that there was only one sender account that was causing the problem all outgoing
spam emails, I just need to make sure that all entried from old spool related to that account
are removed. All emails are stored as individual files with extension .eml in
Subspool folders under Spool folder. I searched for that sender
email address in all folders and deleted all .eml files for that. Now you will be left
with .hdr files related to those deleted .eml files. Clean those files
up.
- Copy the remaining .eml and .hdr files from this old spool folder into the new working Spool
folder.
This should put everything back to normal.