Error Warning by email The queue of the MTA is large
03/26/2020 8 8868
You may have a compromised sender in behind the Email Security who has attempted to send out mass amounts of email, and as a result you are getting "MTA Queue is Large" alerts from the ES.
Mass amounts of illegitimate emails will be sent out from the compromised sender, and it will fill the MTA queue on the ES if Flood Protection/Zombie Protection isnt setup. After you remove/remediate the machine responsible for sending out the waves of spam, you will need to remove the junk email from the MTA queue on the Email Security.
Perform the following on the Email Security Appliance to empty the queue so you wont receive this alert
- Open the ES web interface and go to System | Network Architecture | MTA Configuration. Turn down the Bounce and Retry Time to 5/10 minutes respectively and save the change
2. Download putty (from http://www.putty.org) and run it, then SSH into the ES using the snwlcli login first, and complete the login with your admin credentials. (if using a Software Appliance, disregard this step).
3. From the Putty SSH Session, run the following commands:
SNWLCLI:> stop pmta
SNWLCLI:> stop smtp
SNWLCLI:> start smtp
SNWLCLI:> start pmta
(If using a Software Appliance, Open the Start Menu of the Windows Server, and Stop/Start all SES Services)
4. Now review the MTA queue via the Reports & Monitoring | Monitoring | MTA Status , and you should see that any emails sent over 10 minutes ago have been removed from it.