Managing the Mail Queue – When Outbound Email Is Stuck

Every email leaving your server first lands in the mail queue, then attempts delivery. Usually this takes seconds. When things go wrong — receiving server slow, IP blocklisted, suddenly thousands of messages waiting — the queue grows and mail gets “deferred”. This guide explains how the queue works on cPanel (Exim), what to do when it’s stuck, and how to handle the specific case of a compromised account flooding the queue with spam.

How the mail queue works

• You send an email (from webmail, application, or external mail client).
• Exim (cPanel’s mail server) accepts it and places it in the queue.
• Exim tries delivery — connects to the recipient’s mail server, hands off the message.
• If accepted: message removed from queue (delivered).
• If temporarily rejected (greylist, busy receiver): message stays in queue, retried every few minutes.
• If permanently rejected: bounce notification sent to original sender; message removed.
• If retries fail for 5 days: bounce sent, message removed.

Normal queue state: empty or very small. Healthy outbound = queue cleared within seconds.

Viewing your queue (shared cPanel)

Shared hosting users don’t have direct queue access — that’s server-wide and managed by us. To check status of your specific outbound mail:

• cPanel → Email → Track Delivery. Search by sender or recipient. Shows status of each message: success, deferred, failed.
• If many messages are “deferred”, the recipient’s server is having issues — usually self-resolves.
• If many are “failed”, your sending domain or IP has a problem.

For the server-wide queue or to clear stuck mail, contact support.

Viewing the queue on WHM (reseller, VPS, dedicated)

WHM → Email → Mail Queue Manager. Shows every message in the queue with sender, recipient, age, and reason for delay.

Or via SSH:

# Count queue
exim -bpc

# List queue with details
exim -bp

# Summary by status
exim -bp | exiqsumm

exim -bpc is the first command to run when investigating queue issues. If it returns 5, your queue is small. If it returns 50,000, something is very wrong.

Common queue scenarios

Queue is empty — but mail isn’t being delivered

Means mail isn’t reaching your server at all. Application-side issue, not queue issue. Check:

• WordPress’s mail plugin actually working.
• PHP mail() function returning success.
• Application’s mail-sending code path actually executing.

Queue has a few messages, all “deferred”

Normal during temporary receiver issues. Greylisting (a common spam-protection technique) defers every first email from a sender for 5-15 minutes. Subsequent deliveries succeed.

Wait an hour. If deferred messages aren’t clearing, check the deferral reason in the queue details.

Queue is huge (thousands)

Almost always one of two scenarios:

• Server IP is blocklisted — receivers refusing all your outbound mail. Check mxtoolbox blocklists.
• Compromised account sending spam — see below for handling.

Handling a compromised-account spam flood

Symptom: queue has thousands of messages from one of your email accounts, going to random external addresses. This is one of the most damaging compromises — your IP reputation drops, deliverability for everyone on the server suffers.

1. Identify the compromised account. Look at the queue — the sender address is in there. Often it’s user@yourdomain.com where user is your normal account but spam is going to lists of random addresses.
2. Change that account’s password immediately. cPanel → Email Accounts → manage that mailbox → change password.
3. Check sent folder. Webmail or IMAP — see what was sent so you can apologize / clean up if needed.
4. Open a support ticket. We need to:
   • Flush the queued spam (so it doesn’t keep going out and damaging IP reputation further).
   • Check our server-wide queue isn’t affecting other customers.
   • Investigate how the credential leaked.
5. Hunt for the entry point. Usually one of:
   • Reused password leaked in a third-party breach.
   • Compromised personal device with mail client cached credentials.
   • Vulnerable form on your site allowing arbitrary mail sending.

Speed matters. Every hour of unimpeded spam sending damages reputation further. Change the password the moment you see this happening.

Flushing the queue (WHM/VPS only)

On root-access servers, you can force-process the queue:

# Process queue now (retry all)
exim -q

# Process queue verbosely
exim -qff -v

# Delete all messages from a specific sender (use carefully!)
exiqgrep -i -f 'sender@compromised.com' | xargs -r exim -Mrm

For compromised-account cleanup, deleting all queued mail from the bad sender (third command) is appropriate. Don’t bulk-delete from senders you can’t verify are malicious — you’d be discarding legitimate retried mail too.

Mail queue and IP reputation

Queue health and IP reputation are linked. A long queue often means:

• Many receivers are deferring/rejecting your mail.
• Common reasons: blocklisting, missing authentication, suspicious content.
• Until reputation improves, queue grows.

Fixes (in addition to clearing the immediate problem):

• Set up SPF, DKIM, DMARC properly. Authentication guide.
• Set proper reverse DNS / PTR. PTR guide.
• Check blocklists at mxtoolbox.com; request delisting where applicable.
• For sustained high-volume sending, use a dedicated SMTP relay (Mailgun, SendGrid, Brevo) with a warmed-up sending IP.

Common queue questions

“My PHP mail() function works but messages aren’t arriving.” Track Delivery the recipient. If status shows success, messages reached recipient (check spam folder there). If deferred/failed, the SMTP response tells why.

“WordPress emails (password resets, notifications) are stuck.” Probably authentication issues at receivers. Set up SPF/DKIM/DMARC. Consider WP Mail SMTP plugin pointing to a real SMTP relay.

“Same email keeps appearing in ‘deferred’ over and over.” Receiver consistently temporary-failing. After 5 days exim gives up and bounces. Look at deferral reason — often DNS issues on receiver side.

“Can I prioritize a specific message?” Not directly. You can manually trigger queue retry which may pick it up sooner.

“How do I prevent compromised accounts from filling the queue?” Strong unique passwords on every mailbox. Disable mailboxes you don’t use. Monitor unusual sending patterns (sudden high volume from one account is suspicious).

What’s next

• Authentication to prevent rejections: SPF/DKIM/DMARC.
• Reading delivery results: Mail logs and bounces.
• If you’ve been compromised: Cleanup workflow.

A healthy mail queue is one that’s nearly empty. If yours isn’t, the queue itself is a symptom — fix the underlying issue (authentication, blocklist, compromise) and the queue clears itself.