????
Your IP : 3.17.176.167
| Current Path : /nutscripts/ |
|
|
| Current File : //nutscripts/mails_monitor.sh |
#!/bin/bash
# This script will give lots of information about current and historical
# mail data. Showing things like users sending mail to many addresses,
# most mail in the inbound/outbound queues, how many frozen, and
# bounceback messages in the queue, etc. Very useful when dealing with
# exim alerts.
trap "{ exit 255; }" SIGINT
QUEUE=$(exim -bpr)
LOGINS=$(egrep '(esmtpa|esmtpsa)' /var/log/exim_mainlog | sed -n 's/.*dovecot_.....:\(.* \)/\1/p')
DOMAINS=$(exim -bpr | exiqsumm -c | tail -n +5 | head -n -3 | head)
TOPUSERS=$(grep -Eo "\(.*\)" <<<"$QUEUE" | sort | uniq -c | sort -nrk1 | head)
LOGIN_COUNT=$(awk '{print $1}' <<<"$LOGINS" | sort | uniq -c | sort -nrk1 | awk '{ if ($1 > 250) print $1,$2}')
EMAIL_COUNT=$(awk '{print $1}' <<<"$LOGINS" | sort | uniq -c | sort -nrk1)
SMTP_COUNT=$(egrep 'SMTP connection.*TCP\/IP' /var/log/exim_mainlog | awk '{print $7}' | cut -d [ -f 2 | cut -d ] -f 1 | sort -bg | uniq -c | sort -nrk1 | head -5)
SCRIPTSPAM=$(awk '/cwd=\/home/ { print $4 }' /var/log/exim_mainlog | sort | uniq -c | awk '/cwd=/ { if ($1>150) print $1,$2 }' | sort -nrk1)
ADDRESSES=$(for i in $(awk -F'@' '{print $2}' <<<"$EMAIL_COUNT" | sort -u); do grep $i <<<"$LOGINS" | sed -n 's/.* T=".*" from .* for \(.*\)/\1/p' | tr ' ' '\n' | wc -l | xargs echo $i; done | awk '{ if ($2 > 250) print }' | sort -nrk2)
PHPSPAM=$(awk '/X-PHP-Script/ {print $3}' /var/spool/exim/input/*/*-H | sort | uniq -c | sort -nrk1 | head)
URLBOUNCE=$(exiqgrep -f '<>' | awk -F'@' '/@/ {print $2}' | sort | uniq -c | sort -nrk1 | head)
OUTGOING=$(grep -Eo "<[^ ]*@[^ ]*>" <<<"$QUEUE" | sed 's/<\(.*@.*\)>/\1/' | sort | uniq -c | sort -nrk1 | head)
INCOMING=$(grep -Eo "^\s*[^ ]*@[^ ]*$" <<<"$QUEUE" | sort | uniq -c | sort -nrk1 | head)
BOUNCES=$(awk '/<>/ {count++} END {print count}' <<<"$QUEUE")
FCOUNT=$(exiqgrep -zic)
FROZEN=$(awk '{print $1}' <<<"$FCOUNT")
TOTAL=$(awk '{print $5}' <<<"$FCOUNT")
[[ -n $CURRENTIP ]] && echo -e "\nCurrent mail IP: ""$CURRENTIP" || echo -e "\nMail is sending from main ip: ""$(hostname -i)"
[[ -n $OUTGOING ]] && echo -e "\nOutgoing:\n""$OUTGOING"
[[ -n $INCOMING ]] && echo -e "\nIncoming:\n""$INCOMING"
[[ -n $DOMAINS ]] && echo -e "\nDomains with lots of mail in queue:\n""$DOMAINS"
[[ -n $TOPUSERS ]] && echo -e "\nUsers with the most mail:\n""$TOPUSERS"
[[ -n $LOGIN_COUNT ]] && echo -e "\nMost IMAP/POP3 logins:\n""$LOGIN_COUNT"
[[ -n $ADDRESSES ]] && echo -e "\nDomains sending to large numbers of unique recipients:\n""$ADDRESSES"
[[ -n $SMTP_COUNT ]] && echo -e "\nTop IPs to SMTP:\n""$SMTP_COUNT"
[[ -n $SCRIPTSPAM ]] && echo -e "\nMost mail by script:\n""$SCRIPTSPAM"
[[ -n $PHPSPAM ]] && echo -e "\nHighest number of PHP mailers:\n""$PHPSPAM"
[[ -n $URLBOUNCE ]] && echo -e "\nDomains with lots of bouncebacks:\n""$URLBOUNCE"
echo -e "\nTotal Queue / # of Bouncebacks / # of Frozen:\n""$TOTAL / $BOUNCES / $FROZEN\n"
echo -e "You can use this one-liner to clear the frozen messages from the queue:\n exiqgrep -if '<>' | xargs exim -Mrm | wc -l; exiqgrep -zi | xargs exim -Mrm | wc -l\n"