4th February 2015
Written by Dave Byrne
We are providing the following code to be used as an information resource only. It is licensed under GNU GPL. Any use of, or development of the resources provided is strictly unsupported and VooServers Ltd will not be liable for any loss of or damage to business or personal assets.
Monitor Exim MTA’s on sending hosts (web servers etc):
The following bash script is used to monitor the physical size of the common queue in Exim, that is, inbound and outbound aggregated together. It will perform a simple check on the number of individual items in the queue, and if over a predetermined limit, will send an email to a monitored mailbox with information regarding the queue.
An Exim Mail Queue Summary will be sent, along with a breakdown of the top sending and receiving addresses categorized in both inbound out internal/external.
This allows staff to see if the queue is being saturated with inbound or outbound spam to and/or from internal or external email addresses, and in what sort of quantities. In most cases it is instantly obvious why the queue is growing in size.
#!/bin/bash
######### Edit here ##########
_mail_user=serverlogs@vooclients.com
_limit=100
##############################
clear;
_result="/tmp/eximqueue.txt"
_queue="`exim -bpc`"
bold=`tput bold`
normal=`tput sgr0`
if [ "$_queue" -ge "$_limit" ]; then
echo "============================================================================ " > $_result
echo " Current queue is: $_queue (Limit is $_limit)" >> $_result
echo "============================================================================ " >> $_result
echo " " >> $_result
echo "Overall summary of Mail Queue:" >> $_result
echo "`exim -bp | exiqsumm`" >> $_result
echo " " >> $_result
echo " " >> $_result
echo "============================================================================ " >> $_result
echo "Top 10 Addresses being sent TO:" >> $_result
echo "(If address is internal, then mail is inbound. If address is external, then mail is outbound)" >> $_result
echo "============================================================================ " >> $_result
echo " " >> $_result
echo "`exim -bp | awk 'NR % 3 == 2 {print $1}' | sort | uniq -c | sort -rn | head -n10`" >> $_result
echo " " >> $_result
echo " " >> $_result
echo "============================================================================ " >> $_result
echo "Top 10 Addresses being sent FROM:" >> $_result
echo "(If address is internal, then mail is outbound. If address is external, then mail is inbound)" >> $_result
echo "============================================================================ " >> $_result
echo " " >> $_result
echo " " >> $_result
echo "`exim -bp | awk 'NR % 3 == 1 {print $4}' | sort | uniq -c | sort -rn | head -n10`" >> $_result
mail -s "Number of mails on `hostname` : $_queue (Limit is $_limit)" $_mail_user < $_result
cat $_result
fi
rm -f $_resultMonitor basic PostFix queue size (outboard relays):
The following bash script is rather simpler, all we need for this is an alert to tell us the PostFix Queue size on the outbound spam mail relay. The Relay has its own web interface where we can check in more detail what’s going on, and in most cases, the previously documented Exim MAT Monitor should have alerted you to what’s going on also.
The check monitors the “deferred” queue in PostFix, which is essentially everything that the relay couldn’t send in that immediate moment in time. If you have a spam outbreak, this queue will not be empty!
#!/bin/bash ######### Edit here ########## _mail_user=serverlogs@vooclients.com _limit=400 ############################## clear; _result="/tmp/postfixqueue.txt" _queue="`find /var/spool/postfix/deferred -type f | wc -l`" if [ "$_queue" -ge "$_limit" ]; then echo "Current number of mails in the outbound queue: $_queue (Threshold is set at '$_limit')" > $_result #echo "Summary of Mail queue" >> $_result #echo "`exim -bp | exiqsumm`" >> $_result mail -s "ALERT! Number of Mails in Outbound Queue on ESVA1: $_queue" $_mail_user < $_result #cat $_result fi echo "Current number of mails in the outbound queue: $_queue (Threshold is set at $_limit)" > $_result cat $_result rm -f $_result
Application for Easier Exim Queue Management on Sending Hosts:
Sometimes, your staff will not remember every command for every scenario, certainly not off the top of their head, and the time spent looking up the correct Exim command syntax is time where more spam mails are being relayed. We developed this rather simple, but also rather helpful command line application to be able to perform various actions on the Exim queue in question.
Features:
- Remove multiple messages from queue by full address/partial domain
- Remove ALL messages from queue (Careful now..)
- Print a detailed queue listing
- Print a quick queue summary
- Show a simple mail queue item count
- Print Exim’s current activity
- Test how Exim will route to a given address
- Display message headers, body or logs via Message ID and save these to a file
#!/bin/bash
########################
# VooServers Exim Tool #
# v0.2 #
# -Dave Byrne #
########################
printf "n########################n# VooServers Exim Tool #n########################nn"
printf "Select an option:nn1. Remove messages from queue by address/domainn2. Remove ALL messages from queuen3. Print detailed queue listingn4. Print quick queue summaryn5. Show simple mail queue item countn6. Print Exim's current activityn7. Test how Exim will route to an addressn8. Display headers, body or logs via Message IDnnEnter 1-8: "
read menuchoice
printf "n-----------nYou chose $menuchoicen-----------n"
case $menuchoice in
1)
printf "n1. By sending address/domainn2. By Receiving address/domainnnEnter 1-2:"
read case1opt
case $case1opt in
1)
echo "Enter full sending address or .*@domain.tld to remove from queue:"
read rmargss
exiqgrep -i -f $rmargss | xargs exim -Mrm
exit 1
;;
2)
echo "Enter full receiving address or .*@domain.tld to remove from queue:"
read rmargsr
exiqgrep -i -r $rmargsr | xargs exim -Mrm
exit 1
esac
;;
2)
echo "Are you sure? Y/N"
read conf1
if [ "$conf1" = "y" ]; then
exim -bp | exiqgrep -i | xargs exim -Mrm
printf "nEntire Mail Queue Destroyed"
fi
;;
3)
exim -bp
;;
4)
exim -bp | exiqsumm
;;
5)
count=`exim -bpc`
printf "nThere are $count mails in the exim queuenn"
;;
6)
printf "n"
exiwhat
printf "n"
;;
7)
printf "n"
echo "Enter full address to show route: "
read routeaddr
printf "n"
exim -bt $routeaddr
printf "n"
;;
8)
printf "n1. Headersn2. Bodyn3. LogsnnEnter 1-3: "
read msgopt1
case $msgopt1 in
1)
printf "Enter Message ID: "
read msgid1
exim -Mvh $msgid1
exim -Mvh $msgid1 > /var/tmp/$msgid1-header
printf "nnMessage Header also saved to file: /var/tmp/$msgid1-headernn"
;;
2)
printf "Enter Message ID: "
read msgid1
exim -Mvb $msgid1
exim -Mvb $msgid1 > /var/tmp/$msgid1-body
printf "nnMessage Body also saved to file: /var/tmp/$msgid1-bodynn"
;;
2)
printf "Enter Message ID: "
read msgid1
exim -Mvl $msgid1
exim -Mvl $msgid1 > /var/tmp/$msgid1-log
printf "nnMessage Log also saved to file: /var/tmp/$msgid1-lognn"
esac
;;
*)
printf "nnInvalid option. Try again...nn"
sleep 2
./eximtool
esac
exit 1