Looking at the Postfix Mail Queue

From Zanecorpwiki

Jump to: navigation, search

It's a good idea every now and again to check the logs to see if there's anything spinning around in there, or something unexpected is happening. The basics of the log file (/var/log/mail) are pretty straightforward: 

Date/Time - host - postfix component - [entry or internal mail ID] - [entry if previous field had a mail ID]

The mail ID is a hexadecimal number.

If you're investigating a specific piece of mail, look for the to or from address as appropriate. If you see bits of mail swirling around and want to know why, the next step is to check the queue and/or look at the mail itself.

You can look at the queue by running 'postqueue -p' (or mailq, which is the old sendmail interface). This has much the same info, the date the mail was first received on the system, mail ID, current status (indicated after the mail ID by ! = on hold, * = active, nothing probably means deferred), and any reasons behind the last failure for delivery if any. Good mail may hang out in the queue for a little while (while spamassassin checks it out?).

To actually look at the contents of anything in the queue, check out /var/spool/postfix/ followed by the queue that the mail is in and the mail ID from the logs or postqueue report. In some of the queues, the mail is indexed by the first hex-it in the mail ID. Use postcat (give it the actual spool file, not just the ID, or use 'postcat -q mail ID) to print out a more legible version of the email.

One common reason for swirling mail is the server receives bad mail with a forged origin. In such a case, you'll see postfix's helpful response (such as no user) swirling around while it tries to connect to the forged origin's mail server to let them know there's a problem.

To remove those swirling emails, you can run: 

for i in `postqueue -p | grep MAILER-DAEMON | awk '{print $1}'`; do postsuper -d $i; done

which will remove all old bounce stuff that's failed to deliver. To remove stuff that's still in queue as well, do: 

for i in `postqueue -p | grep MAILER-DAEMON | awk '{print $1}'`; do LENGTH=${#i}; if [ "${i:$((LENGTH - 1))}" == "*" ]; then postsuper -d ${i:0:$((LENGTH - 1))}; else postsuper -d $i; fi ; done

This pulls out all the email from MAILER-DAEMON (postfix), grabs the mail ID and removes them from the queue.

Another useful tool is 'qshape' which reports how many mails (total) are in what queues and where they come from. For some reason, SuSE (10.2) buries the thing, but it can be run with: 

 perl /usr/share/doc/packages/postfix/auxiliary/qshape/qshape.pl
Retrieved from "http://www.zanecorp.com/wiki/index.php/Looking_at_the_Postfix_Mail_Queue"
Personal tools
NEW CHANGED