Error Warning by email The queue of the MTA is large

Description

You may have a compromised sender in behind the Email Security who has attempted to send out mass amounts of email, and as a result you are getting "MTA Queue is Large" alerts from the ES.

Cause

Mass amounts of illegitimate emails will be sent out from the compromised sender, and it will fill the MTA queue on the ES if Flood Protection/Zombie Protection isnt setup. After you remove/remediate the machine responsible for sending out the waves of spam, you will need to remove the junk email from the MTA queue on the Email Security.

Resolution

Perform the following on the Email Security Appliance to empty the queue so you wont receive this alert

 

  1. Open the ES web interface and go to System | Network Architecture | MTA Configuration. Turn down the Bounce and Retry Time to 5/10 minutes respectively and save the change

 

  2. Download putty (from http://www.putty.org) and run it, then SSH into the ES using the snwlcli login first, and complete the login with your admin credentials. (if using a Software Appliance, disregard this step).

 

  3. From the Putty SSH Session, run the following commands:

 
SNWLCLI:> stop pmta 
SNWLCLI:> stop smtp
SNWLCLI:> start smtp
SNWLCLI:> start pmta
 
(If using a Software Appliance, Open the Start Menu of the Windows Server, and Stop/Start all SES Services)
 
   4. Now review the MTA queue via the Reports & Monitoring | Monitoring | MTA Status , and you should see that any emails sent over 10 minutes ago have been removed from it.

 

Related Articles

  • Invalid SFP Connected warning on SonicWall firewall when using supported 10G SFP+ Module
    Read More
  • How to exclude the domain from DHA scanning?
    Read More
  • Email Security: How to download the Outlook Junk Tool?
    Read More

Categories

Email Security
Email Security Appliance
not finding your answers?
Ask the Community