Managing The Deferred Mail Queue

Managing the deferred mail queue

The FortiMail unit prioritizes the mail queue into two types:

  • Regular mail queue

When the initial attempt to deliver an email fails, the FortiMail unit moves the email to the regular mail queue.

  • Slow mail queue

After another two failed delivery attempts, the FortiMail unit moves the email to the slow mail queue. This allows the FortiMail unit to resend valid email quickly, instead of keep resending invalid email (for example, email destined to an invalid MTA).

After the undelivered email remains in the deferred queue for five minutes, the mail appears under Monitor > Mail Queue > Mail Queue. This also means that email staying in the deferred queue for less than five minutes does not appear on the Mail Queue tab.

Delivery failure can be caused by temporary reasons such as interruptions to network connectivity. FortiMail units will periodically retry delivery. (Administrators can also manually initiate a retry.) If the email is subsequently sent successfully, the FortiMail unit simply removes the email from the queue. It does not notify the sender. But if delivery continues to be deferred, the FortiMail unit eventually sends an initial delivery status notification (DSN) email message to notify the sender that delivery has not yet succeeded. Finally, if the FortiMail unit cannot send the email message by the end of the time limit for delivery retries, the FortiMail unit sends a final DSN to notify the sender about the delivery failure and deletes the email message from the deferred queue. If the sender cannot receive this notification, such as if the sender’s SMTP server is unreachable or if the sender address is invalid or empty, the FortiMail unit will save a copy of the email in the dead mail folder. For more information, see “Managing undeliverable mail” on page 181.

For information on configuring the delivery retry interval, maximum amount of time that an email message can spend in a queue, and DSN timing, see “Configuring mail server settings” on page 366.

When you delete a deferred email, the FortiMail unit sends an email message, with the deleted email attached to it, to notify the sender.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read-Write permission to the Policy category

For details, see “About administrator account permissions and domains” on page 290.

To view, delete, or resend an email in the deferred mail queue, go to Monitor > Mail Queue > Mail Queue.

Table 14:Managing the deferred mail queue

GUI item           Description

View (button)    Select a message and click View to see its contents.

Delete (button) Click to deleted the selected item.

Resend          Mark the check boxes of the rows corresponding to the email messages that you want to immediately retry to send, then click Resend. (button)

To determine if these retries succeeded, click Refresh. If a retry succeeds, the email will no longer appear in either the deferred mail queue or the dead mail folder. Otherwise, the retry has failed.

Table 14:Managing the deferred mail queue

GUI item Description
Type Select the directionality and priority level of email to filter the mail queue display. For details about email directionality, see “Incoming versus outgoing email messages” on page 454.

•      Default: Displays all email in the regular mail queue.

•      Incoming: Only displays the incoming email in the regular mail queue.

•      Outgoing: Only displays the outgoing email in the regular mail queue.

•      IBE: Only displays the IBE email in the regular mail queue. For information about IBE email, see “Configuring IBE encryption” on page 357.

•      Default-slow: Displays all email in the slow mail queue.

•      Incoming-slow: Displays the incoming email in the slow mail queue.

•      Outgoing-slow: Displays the outgoing email in the slow mail queue.

•      IBE-slow: Displays the IBE email in the slow mail queue.

Search

(button)

Select to filter the mail queue display by entering criteria that email must match in order to be visible.
Session ID Lists the Session-Id: message header of the email.
Envelope

From

Lists the sender (MAIL FROM:) of the email.
Envelope To Lists the recipient (RCPT TO:) of the email.
Reason Lists the reasons why the email has been deferred, such as DNS lookup failure or refused connections.
First

Processed

Lists the date and time that the FortiMail unit first tried to send the email.
Last

Processed

Lists the date and time that the FortiMail unit last tried to send the email.
Tries Lists the number of times that the FortiMail unit has tried to send the email.

Managing undeliverable mail

The Dead Mail tab displays the list of email messages in the dead mail folder.

Unlike the deferred mail queue, the dead mail folder contains copies of delivery status notification (DSN) email messages, also called non-delivery reports (NDR).

DSN messages are sent from the FortiMail unit (“postmaster”) to an email’s sender when the email is considered to be more permanently undeliverable because all previous retry attempts of the deferred email message have failed. These email messages from “postmaster” include a copy of the original email message for which the DSN was generated.

If an email cannot be sent nor a DSN returned to the sender, it is usually because both the recipient and sender addresses are invalid. Such email messages are often sent by spammers who know the domain name of an SMTP server but not the names of its email users, and are attempting to send spam by guessing at valid recipient email addresses.

The FortiMail unit can automatically delete old dead mail. For details, see “Configuring mail queue setting” on page 370.

Alternatively, you can:

  • To prevent dead mail to invalid recipients, enable recipient address verification to reject email with invalid recipients. Rejecting email with invalid recipients also prevents quarantine mailboxes for invalid recipients from consuming hard disk space. For details, see “Configuring recipient address verification” on page 387.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read-Write permission to the Policy category

For details, see “About administrator account permissions and domains” on page 290.

To view or delete undeliverable email, go to Monitor > Mail Queue > Dead Mail.

 

This entry was posted in Administration Guides, FortiMail on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.