Tip: Troubleshooting Large Message Queue

By Ray Poorman

Posted: 4 Aug 2003

Some items came to light when we were under a fairly large relay load... Several clients had viruses that were spewing relayed mail. We are an ISP with many downstream customers.

Illuminating the Problem...

Typing "MailCon" at the prompt will bring up the netmail monitoring screen, you can view how many messages are in the queue, get a feel for how much mail is going through your server, and view uptime.. In our case the queue was uncharacteristically large... we maintain between 50/100 queued, yesterday we were at 2700.

Now that we have an indicator what next... Who is spewing this mail..?

There are a couple of methods to determine the problem:

  • One is to read the .msg files in the sys:/novonyx/mail/spool directory and look for a pattern of the IP # they are connecting from. This particular case was changing the "helo" domain name with every message so the from source was changing, but not the IP as id'd by Netmail. You've found the source, now what... Notify them or eliminate them by adding a blocked host, and unload smtpd, load smtpd. They'll call someday..;-) They'll thank you for telling them about their virus problem....

  • Another method to see who is connected to your mail server.. Run TCPCon (NetWare), select protocol information, TCP, select view / modify TCP connections, this lists the current TCP connections to your box, kind of like "netstat -an" on your windows box.

Final problem.. a busy queue, recycling every so often trying to spew the bad mail.. The just do it method for clearing the queue is to do an "ims unload" and delete everything in sys:/novonyx/mail/spool, then reload.. however there is a way without unloading ims..

List the queue by typing "Mail Queue" at the console, this will create a file sys:/novonyx/mail/dbf/queue.ims with all of the mail domains queued. Another thing that came to light was a tip from Matt Defoor... type "Mail Queue e" this will bring the file up in the editor...

To remove messages from the queue you can use "Mail Remove". This will delete a queued message. With this knowledge you can edit your queue.ims file and do a search and replace in front of each entry "[ 1]" replace with "mail remove", rename the file with a .ncf extension and you can run it like a batch file... I usually copy it to the root of sys: and name it dumpq.ncf, then run it with sys:\dumpq.ncf.

Hopefully you'll all find this useful someday.. NETMAIL ROCKS..!

