Kaleb Hosie:
> We host a mail server which runs Postfix and there has been a few
> times where one of our clients computers becomes infected with
> malware and the password is compromised.
>
> How this has come to my attention is because every once in a while,
> I will login to the mail server and see an unusually large mail
> queue which is all being sent to one domain.
>
> Is it possible to monitor the queue automatically and have it send
> me an alert if the postfix queue reaches over a certain threshold?
To fight symptoms, run a cron job every 10 minutes or so:
#!/bin/sh
postqueue -p | awk '
BEGIN { limit = 10240 }
/^-- .+ Kbytes in .+ Request/ { queue_len = $5}
END { if (queue_len > limit)
print "Queue size", queue_len | "mail -s 'Queue size problem' root"
}
'
To throttle clients that send too much mail, see postfwd, policyd
and the like.
Wietse
