Overview
The user email account has been compromised, which resulted in a huge number of emails occupying the Kerio Connect message queue. The user password was reset and the emails were removed from the Message Queue. Further monitoring shows the Message queue is still increasing.
Large amount of spam emails causes Kerio Connect freezes and degraded server performance. It also prevents the incoming and outgoing mail flow. It is recommended to manually clear the message queue.
Prerequisites
Administrator (root) Access to the Kerio Connect Store directory and the ability to stop Kerio Connect Service.
Diagnosis
The message queue may be overloaded due to a high volume of spam messages.
Solution
- Stop the Kerio Connect Service. Refer to the Starting or Stopping the Server article.
- Navigate to the
/store/queuedirectory. The default paths are:- Windows:
C:\Program Files\Kerio\MailServer\store\queue - Linux:
/opt/kerio/mailserver/store/queue - macOS:
/usr/local/kerio/mailserver/store/queue
- Windows:
- Move all folders in the directory to a new folder with any name except
"pickup", e.g."example.old". - Start the Kerio Connect Service.
Please note the following:
- If Kerio Connect Service does not start, try restarting the whole server machine.
- If a Spam attack is detected causing the issue, you will need to increase security levels for the SMTP server and Security Policy.
- All folders moved could also be deleted, but keeping them in a directory within the message queue folder is just a way to have them backed up in case any of the messages that were stuck are needed, or for the purpose of re-insertion back in the queue.
- Re-insertion of these messages back in the queue is possible, but not recommended as they might contain undesired spam messages.
Testing
After performing the process above, the user can send internal and external test emails that will be successfully delivered.
Priyanka Bhotika
Comments