Loading ...
Sorry, an error occurred while loading the content.
 

Re: Alert of unusually large queue

Expand Messages
  • list@airstreamcomm.net
    ... Another method would be to use SNMP monitoring, which we have setup and works quite nicely as our monitoring system will send email alerts, sms messages,
    Message 1 of 13 , Oct 26, 2012
      On 10/16/12 8:15 AM, Wietse Venema wrote:
      Kaleb Hosie:
      
      We host a mail server which runs Postfix and there has been a few
      times where one of our clients computers becomes infected with
      malware and the password is compromised.
      
      How this has come to my attention is because every once in a while,
      I will login to the mail server and see an unusually large mail
      queue which is all being sent to one domain.
      
      Is it possible to monitor the queue automatically and have it send
      me an alert if the postfix queue reaches over a certain threshold?
      
      To fight symptoms, run a cron job every 10 minutes or so:
      
          #!/bin/sh
      
          postqueue -p | awk '
      	BEGIN { limit = 10240 }
      	/^-- .+ Kbytes in .+ Request/ { queue_len = $5}
      	END { if (queue_len > limit) 
      	    print "Queue size", queue_len | "mail -s 'Queue size problem' root"
      	}
          '
      
      To throttle clients that send too much mail, see postfwd, policyd
      and the like.
      
      	Wietse
      
      
      Another method would be to use SNMP monitoring, which we have setup and works quite nicely as our monitoring system will send email alerts, sms messages, and phone calls.  On the mail server (centos 5/6) there is a script that is grabbing the size of the mailq:

      mon_queue.sh
      #!/bin/bash

      # assume queue length of zero
      count=0

      # Place the output of postqueue into the array variable
      # Output should look something like:
      # -- 285 Kbytes in 20 Requests.
      # (without the leading "# ")
      queuelength=( $(/usr/sbin/postqueue -p | tail -n 1) )

      # Make sure the array has six elements, we are interested in the
      # fifth element (index 4 because arrays in BASH are 0-based)
      if (( ${#queuelength[*]} == 6 ))
      then
        if (( queuelength[4] > 0 ))
        then
          count=${queuelength[4]}
        else
          count=0
        fi
      elif (( ${#queuelength[*]} == 4 )) && [[ ${queuelength[*]} = "Mail queue is empty" ]]
      then
        count=0
      else
        # unknown output from postqueue
        count="0"
      fi

      echo ${count}

      exit
      Then inside snmpd.conf add the line:

      exec postqueue /usr/bin/sudo /path/to/script/mon_queue.sh

      Now you should have an snmp oid of something like .1.3.6.1.4.1.2021.8.1.101.1 which can be used to query.  Then setup your SNMP monitoring server with thresholds for queue size, and enjoy having a historical perspective on queues.
    Your message has been successfully submitted and would be delivered to recipients shortly.