Qmail Engineered Trouble Shooting
When the load on the machine is high start by checking the concurrency of the smtp server
tail -F /var/log/smtp/current
The smtp service generates the highest load, so check how high your currency rate is and if it is maxing out. Also check for any error or warning messages.
If you find an error message it might indicate something like the mysql server is down or the p0f daemon is not running. Check that those services are running. You might want to restart the services and check for errors in their logs.
Also run the top command
Check the load levels. Normally a machine will be under 4. You should get an idea of your normal load levels. Check your qmailmrtg graphs for monthly and yearly load levels.
Watch the process as they run and see if any are chewing up the machine. Usually clamd, dspam or mysql will run all the time. Also check the number of processes running. Most servers have less than 1,000 anything more is kind of crazy.
Run the ps command to see what programs are running.
ps ax | more
The more command at the end will let you see a page at a time. Press the space bar for the next page.
On some machines, I've seen it was worth while shutting down all the processes and starting them back up. This can help if any program in the system gets hung up for any reason and is blocking the rest of the programs. This is similar to the windows idea of rebooting the whole machine. In linux we know the operating system is stable, so we can restart services instead of rebooting the machine.
It is also worth checking the disk space
That will display the disk space for each disk parition including the percent of space available. Look out when you go above 80%. Some machines hit 100% on the /var or /home partition. That normally shows up in people complaining about email. In that case be sure to clean out any old logs in /var/log and /var/log/httpd. You can use the du command like
du -sh /var/log/*
To get a nice readable list of directorys with their sizes. Look for any big directories where you can clean out space.
If the /home/vpopmail hosted partition is 100% full you'll need to start removing email and backing it up first if need be. One trick is to remove accounts that have not been accessed for a 6 months or a year.
vdeloldusers -eV -a365
will give you a list of all accounts older than 1 year (365 days).
If you want to actually remove those accounts run
vdeloldusers -eV -a365 -D
Without the -D option no actual accounts will be deleted.
Also check the /var/log/qmail/current log
tail -F /var/log/qmail/current
Look for any warning messages. Some domains may have a catchall to an account that does not exist. Clear those out. With the check user feature it is best for domains to use the bounce-no-mailbox option in the .qmail-default file like
| /home/vpopmail/bin/vdelivermail bounce-no-mailbox
That is the most optimum setting. Using a catach to a users account will just get them collecting lots of spam since many spammers try different user names at each domain such as the well known dictionary attack. With the bounce-no-mailbox the smtp server validates that an actual account (or forward, alias or mailing list) exists before accepting the email.
If the machine does accept the email the catchall account is probably full and needs to be cleaned out. Or the account doesn't exist anymore because they got so much spam the user just deleted the account but the catch was not set back to bounce-no-mailbox. You'll need to fix those up too.
Also check for over quota accounts. Try to clean those if you can. If you see alot of over quota messages be sure to have the quota checking option turned on for the smtp server.