System: Analysing mailq and the mqueue directory
Sendmail has always been a bit like 'black magic' that works best when left to its own devices. The rising tide of spam emails however is causing trouble that sometimes requires intervention to track down the cause of mail jams and sometimes even to manually remove emails from the server.
What's in the mailq?
The mailq command will show you details on all emails currently being processed and their status, but it's a bit difficult to make sense of with its verbose output.
The following command will generate a summary of the 'status' of emails in the mail queue - whether they've been held up (Deferred) or blocked (Service Unavailable) and the responsible mail server:
mailq | grep " (" | sed 's/\(8BITMIME\| 7BIT\)/ /' | sort | uniq -c
For more details on the status (and content) of individual emails you need to delve deeper into the system.
The mqueue directory and SMTP Reply Codes
The /var/spool/mqueue directory contains temporary files associated with the messages in the mail queue and may contain the log file. For further information, see the syslogd daemon.
Temporary files have names that include the mail queue ID of the message for which the file was created. A file starting with df is a Data file containing the content of the email. Files starting with qf are Queue control files used by sendmail when managing the queue.
You can see why emails are being held up by using the mailq function (above), or by analysing the data files:
grep -h "<<<" /var/spool/mqueue/df* | sort | uniq -c
This command actually searches for emails that have already been rejected and sent back to our server with an error code in the mail headers. We can use these error codes to decide whether our server should keep trying to send the email./p>
Temporary Errors (Deferred)
These reply codes indicate that the mail delivery process has failed, but it may be that the problem is temporary - caused by technical reasons such as a failed or delayed DNS lookup for example.
- 421
- Service not available, closing transmission channel
- 450
- Requested mail action not taken: mailbox unavailable
- 451
- Requested action aborted: error in processing
- 452
- Requested action not taken: insufficient system storage
Critical Errors (Service unavailable)
These reply codes indicate a problem with the email itself that has caused it to be rejected. A '500' error often means that the email has been rejected as spam because of its origin or content.
- 503
- Bad sequence of commands
- 550
- Requested action not taken: mailbox unavailable
- 552
- Requested mail action aborted: exceeded storage allocation
- 554
- Transaction failed
Internet Service Providers are using a range of spam-blocking software and you will see that different programs return different error codes when rejecting email due to spam - the most common being 550, 552 and 554 - regardless of the actual meanings of those codes.
The actual reason for an error code being returned usually follows the code number.
<<< 451 Temporary local problem - please try later
<<< 452 4.1.0 ... temporary failure
<<< 554 Mail contained a URL rejected by SURBL: Blacklisted
If your server is relaying mail that is sometimes rejected as spam you may find that those emails stay in the mail queue for a long time (up to a week) because not only can they not be delivered, but the original sender may not exist either.
Deleting files from mqueue
If your mail server is being hampered by having to process a lot of bounced or rejected email then you can purge emails from the queue by deleting the relevant files from the mqueue directory.
The following command will find the message id's of all emails that have encountered a 'Service Unavailable' response code and delete both the df and qf files:
# grep -l "^<<< 5.. " /var/spool/mqueue/df* \
| sed 's/df/qf/' \
| awk '{print "/usr/share/sendmail/qtool.pl -d "$1}' \
| sh
DO NOT run this command on your system unless you are very sure about what it does. To test the command without risking any files just leave off the sh command at the end.
References
- SMTP specification of RFC 821
- IBM Documentation: Mail files and directories
- nixCraft: Clear / Delete / Flush Mail Queue Command
Related Articles - Sendmail
- PHP Signing outbound emails with DKIM
- PHP Generating a Key Pair for DKIM
- System Expanding IPv6 Addresses for DNSBL Checks
- System Analysing mailq and the mqueue directory
- System Using qtool.pl to manage sendmail queues
- System Analysing the mail.log
- System DKIM Key Pair Generator
Sys Admin 7 February, 2017
What is the difference between qf* and Qf* files in the mqueue?
According to this link, if any qf file fails to be 'trustworthy', sendmail converts the leading q in its name to an uppercase Q.