????
Current Path : /proc/328295/root/nutscripts/ |
Current File : //proc/328295/root/nutscripts/mails_monitor.sh |
#!/bin/bash # This script will give lots of information about current and historical # mail data. Showing things like users sending mail to many addresses, # most mail in the inbound/outbound queues, how many frozen, and # bounceback messages in the queue, etc. Very useful when dealing with # exim alerts. trap "{ exit 255; }" SIGINT QUEUE=$(exim -bpr) LOGINS=$(egrep '(esmtpa|esmtpsa)' /var/log/exim_mainlog | sed -n 's/.*dovecot_.....:\(.* \)/\1/p') DOMAINS=$(exim -bpr | exiqsumm -c | tail -n +5 | head -n -3 | head) TOPUSERS=$(grep -Eo "\(.*\)" <<<"$QUEUE" | sort | uniq -c | sort -nrk1 | head) LOGIN_COUNT=$(awk '{print $1}' <<<"$LOGINS" | sort | uniq -c | sort -nrk1 | awk '{ if ($1 > 250) print $1,$2}') EMAIL_COUNT=$(awk '{print $1}' <<<"$LOGINS" | sort | uniq -c | sort -nrk1) SMTP_COUNT=$(egrep 'SMTP connection.*TCP\/IP' /var/log/exim_mainlog | awk '{print $7}' | cut -d [ -f 2 | cut -d ] -f 1 | sort -bg | uniq -c | sort -nrk1 | head -5) SCRIPTSPAM=$(awk '/cwd=\/home/ { print $4 }' /var/log/exim_mainlog | sort | uniq -c | awk '/cwd=/ { if ($1>150) print $1,$2 }' | sort -nrk1) ADDRESSES=$(for i in $(awk -F'@' '{print $2}' <<<"$EMAIL_COUNT" | sort -u); do grep $i <<<"$LOGINS" | sed -n 's/.* T=".*" from .* for \(.*\)/\1/p' | tr ' ' '\n' | wc -l | xargs echo $i; done | awk '{ if ($2 > 250) print }' | sort -nrk2) PHPSPAM=$(awk '/X-PHP-Script/ {print $3}' /var/spool/exim/input/*/*-H | sort | uniq -c | sort -nrk1 | head) URLBOUNCE=$(exiqgrep -f '<>' | awk -F'@' '/@/ {print $2}' | sort | uniq -c | sort -nrk1 | head) OUTGOING=$(grep -Eo "<[^ ]*@[^ ]*>" <<<"$QUEUE" | sed 's/<\(.*@.*\)>/\1/' | sort | uniq -c | sort -nrk1 | head) INCOMING=$(grep -Eo "^\s*[^ ]*@[^ ]*$" <<<"$QUEUE" | sort | uniq -c | sort -nrk1 | head) BOUNCES=$(awk '/<>/ {count++} END {print count}' <<<"$QUEUE") FCOUNT=$(exiqgrep -zic) FROZEN=$(awk '{print $1}' <<<"$FCOUNT") TOTAL=$(awk '{print $5}' <<<"$FCOUNT") [[ -n $CURRENTIP ]] && echo -e "\nCurrent mail IP: ""$CURRENTIP" || echo -e "\nMail is sending from main ip: ""$(hostname -i)" [[ -n $OUTGOING ]] && echo -e "\nOutgoing:\n""$OUTGOING" [[ -n $INCOMING ]] && echo -e "\nIncoming:\n""$INCOMING" [[ -n $DOMAINS ]] && echo -e "\nDomains with lots of mail in queue:\n""$DOMAINS" [[ -n $TOPUSERS ]] && echo -e "\nUsers with the most mail:\n""$TOPUSERS" [[ -n $LOGIN_COUNT ]] && echo -e "\nMost IMAP/POP3 logins:\n""$LOGIN_COUNT" [[ -n $ADDRESSES ]] && echo -e "\nDomains sending to large numbers of unique recipients:\n""$ADDRESSES" [[ -n $SMTP_COUNT ]] && echo -e "\nTop IPs to SMTP:\n""$SMTP_COUNT" [[ -n $SCRIPTSPAM ]] && echo -e "\nMost mail by script:\n""$SCRIPTSPAM" [[ -n $PHPSPAM ]] && echo -e "\nHighest number of PHP mailers:\n""$PHPSPAM" [[ -n $URLBOUNCE ]] && echo -e "\nDomains with lots of bouncebacks:\n""$URLBOUNCE" echo -e "\nTotal Queue / # of Bouncebacks / # of Frozen:\n""$TOTAL / $BOUNCES / $FROZEN\n" echo -e "You can use this one-liner to clear the frozen messages from the queue:\n exiqgrep -if '<>' | xargs exim -Mrm | wc -l; exiqgrep -zi | xargs exim -Mrm | wc -l\n"