ArticlesArticles Most Popular ArticlesMost Popular Articles
RSS Feeds
DrillDown Icon Table of Contents
DrillDown Icon 2019 Official Holidays & Support Schedule
DrillDown Icon IMPORTANT: End of Life of SHA1 on Windows Server 2003
DrillDown Icon IMPORTANT: Supported Operating Systems
DrillDown Icon PLEASE READ: Our Update Server IPs Have Changed
DrillDown Icon Support
DrillDown Icon modusGate for Microsoft Azure
DrillDown Icon modusCloud
DrillDown Icon Alleviating Spam – Best Practices
DrillDown Icon directQuarantine Technical Information
DrillDown Icon modusMail & modusGate Technical Information
DrillDown Icon Documentation & Release Information
DrillDown Icon Known Issues (non-release related)
DrillDown Icon Configuration Information
DrillDown Icon Troubleshooting
DrillDown Icon NTLM Advertisement Causes Connection & Login Problems
DrillDown Icon LDAP Service Won't Start
DrillDown Icon PostgreSQL Extended DB Upgrade Scripts Do Not Add Quota Columns
DrillDown Icon Mac OS X Mail corrupts file attachments
DrillDown Icon Unhandled error occurs when accessing WebMail/Quarantine
DrillDown Icon Error Codes and Messages
DrillDown Icon AV Backup Folders Are Not Self-Cleaning
DrillDown Icon Invirus Buildup and/or Server Freezes at Regular Intervals
DrillDown Icon ‘Failed to access IIS metabase’ when Accessing the Web Applications
DrillDown Icon How-To: Isolate Problems Using the System Health
DrillDown Icon How-To: Respool Messages
DrillDown Icon How-to: Troubleshooting DNS Resolution Problems
DrillDown Icon Troubleshooting Mail Delivery Problems
DrillDown Icon System Health Counters Display "Unavailable" in WebMonitor
DrillDown Icon Cannot Delete "Scanning Errors" from the Quarantine
DrillDown Icon Running Outlook 2007 & Windows Vista with modusMail May Cause Slow Downs
DrillDown Icon PostgreSQL Will Not Install Properly
DrillDown Icon Quarantine Reports are not Being Generated
DrillDown Icon WebQuarantine Settings Generate a "Value Cannot be Null" Error
DrillDown Icon Quarantined Messages are Being Labeled as “Possible Virus”
DrillDown Icon Incoming Spool Directory is Backing Up
DrillDown Icon Outlook Express 5.0.6 Cannot Send Through Modus When Using SMTP Auth
DrillDown Icon Non-sequential Logging in the Log File
DrillDown Icon Mailbox Aliases Periodically Disappear from the modusGate Console
DrillDown Icon MODUSCAN Service Does Not Start
DrillDown Icon Quarantine Reports are Generated Too Often / Cannot Release Spam from the Report
DrillDown Icon modusGate is Not Scanning Outbound Mail for Spam Content
DrillDown Icon EXPORT Function in the Message Audit Log Does Not Open the Export Dialog Box
DrillDown Icon POP3 Service Slow Response Causes Message Retrieval Problems
DrillDown Icon Inconsistent SMTPDS Behavior When Returning a DSN (Delivery Status Notification)
DrillDown Icon Norman AV is no longer being updated
DrillDown Icon Cannot Access or Save Changes in WebMail/Quarantine Settings
DrillDown Icon Spam / Virus Definition Updates Not Working Properly
DrillDown Icon Office 2007 Attachments Being Scanned as Archives and Blocked
DrillDown Icon Users List Refresh is Slow to Respond
DrillDown Icon Remote Console Freezes when Optimizing the Index
DrillDown Icon "Delete All Spam" in the Quarantine Report Times Out
DrillDown Icon Util.exe Uses 100% CPU
DrillDown Icon WebMail & WebQuarantine Login Issues
DrillDown Icon WebMail Log Files Not Created
DrillDown Icon WebAdmin Settings Generate "Page cannot be displayed" Error
DrillDown Icon How-To: Ensure Deliverability to Specific Problem Domains
DrillDown Icon Info: Dell Servers
DrillDown Icon Info: 3rd-Party Anti-Virus Desktop Scanners
DrillDown Icon Info: Applying Windows 2003 Critical Updates
DrillDown Icon Header Elements Added by MX-LOGIC Cause Parsing Problems for the AutoReply Function
DrillDown Icon Archived Articles
DrillDown Icon Quarantine Database Problems when Upgrading from 4.4.568
DrillDown Icon How to fix web components to view with IE 11
DrillDown Icon Unable to Update Avira Virus Engine:
DrillDown Icon Invalid license for VircomMailAuto
DrillDown Icon Error 00002f0D running Spam updates.
DrillDown Icon Avira Virus Updates Generate an Error: 0XE007FDF1
DrillDown Icon Modusmon Service will not start:
DrillDown Icon How-To: Troubleshoot outbound mail flow
DrillDown Icon IMAP Syn Flood
DrillDown Icon Understanding Message Headers
DrillDown Icon Hardware & OS System Requirements
DrillDown Icon Tools
DrillDown Icon Other Product Technical Information
DrillDown Icon Professional Services
DrillDown Icon Newsletters
  Email This ArticlePrint PreviewPrint Current Article/Category and All Sub-Articles/Categories
 
How-To: Troubleshoot outbound mail flow
 

Product: All

Version & Build: All

 

 

 

Problem:

 

It has occur from time to time that domains are able to receive email but are not able to send outbound emails. There is a number of factors that can contribute to this issue from modus services not started to compromised accounts. Here are some troubleshooting steps that can be done to ensure mail flow is working.

 

 

 

Symthoms:


Step 1:

 

  • Ensure that port 25 is able to relay outbound from your existing modus server. Open a command prompt from your modus server and attempt to telnet to any external domain on port 25. May i suggest telnet to mgate-01.vircom.com on port 25. If you are able to connect and see a banner this indicates that port 25 is opened.

  • If an SMTP banner does not display or if you are unable to connect to via port 25, please verify your local firewall policies to ensure outbound mail flow is allowed. if this is not the case head to step 2.

Step 2:

 

  • Ensure if all modus services are running on the server, any service that is not running may cause mail flow issues or delay in email. If this is not the case head to step 3.


 

Step 3: 

 

  • Locate your spool directory within your modus console. The path can be found in modus under SYSTEM - SETTINGS

  • Copy that directory path into a windows explorer page where a list of folders will be displayed. One of those folders will be named DOMAINS.
  • Right click the domains folder and select PROPERTIES from the menu.

  • On the properties page be aware of the Contains label and the number of files listed.
  • If the number is greater than 500, this may indicate a spam attack or compromised account.

 

 

Step 4: 

 

  • In the spool directory in the domains folder, locate any domain listed of abnormal naming convention or bizarre format. This may indicate a compromised account ... ie (yahhoo.com, hootmail.com... etc.
  • go into one of these folder and see if any files are listed.
  • If a number of files are listed with the extension .DEF, this indicates that emails being sent to this domain have failed or is unable to reach its destination.

 

 

Step 5:

 

  • Double click to open any of the .DEF files found.
  • The content of the file may contain some information as listed below.
  • The main points of the .DEF file are highlighted below.
  • The TRY-NUMBER value indicates how many times the email attempted to resend itself.
  • The AUTH-LOGIN value indicates which user account authenticated to send the message.
  • The LAST-ERROR value indicates the reason as to why the email was not delivered.

 

Step 6:

 

  • After repeatedly performing STEP 4 and STEP 5 on different domain folders.
  • And if the content of the .DEF files seem to contain the same AUTH-LOGIN and LAST-ERROR info.
  • This is will a sure you that there is a compromised account, which can indeed cause the disruption of outbound mail flow.

 

Solution: 

 

modusGate:

 

  • Locate the culprits mailbox within your mail exchanger software and perform the following.
    • Change user account password\or disable account.
    • Rename the modus spool directory path found in STEP 3.
    • Restart all modus services in the console under SYSTEM - SERVICES.
    • Perform security scan on mail exchanger.
    • Perform security scan on clients end workstation.
 

modusMail:

 

  •  Locate the culprit mailbox within modusMail Console and perform the following.
    • Change user account password\or disable account.
    • Rename the modus spool directory path found in STEP 3.
    • Restart all modus services in the console under SYSTEM - SERVICES.
    • Perform security scan on modusMail server.
    • Perform security scan on clients end workstation.

  

 

 

 

 

 

Modified 9/5/2017
Keywords: outbound mail MTN
Article ID: 1969