exim monitor

rldev

Verified User
Joined
May 26, 2004
Messages
1,072
I need a script that monitors exim and emails me an alert if there is a problem.
This is not to monitor a port.

The problem is, when things like clamd stop working, exim stops delivering email.
There is nothing in place to alert other then people reporting they can not receive email.
 
I've been giving this a lot of thought since I first became aware of the problem. I suggest a script to send a mail to a special address set up for the purpose, say every X minutes.

Then check the mailbox to see if the mail gets there; if not, to send an outgoing email to a monitor address NOT on the server.

Then delete the email so the next test won't find it.

Do you think this method will work?

Jeff
 
I think this is a great approach to monitoring this problem. This way one does not have to worry about scanning logs for specific terms.
 
Now you're talking :) .

We're too busy now comparing ASSP vs my own internal SpamBlocker3 release candidate; it'll be at least a week before we can get to it.

If no one does it before we get to it, then just remind me in a week or so and I'll get it done.

Jeff
 
Anyone care to write it

I can give it a shot since I need to do it anyway as I currently have a customer with a dedicated server with this problem.

It will be written in perl though.

I think a cronjob could send the email like this every 5 minutes:

echo "test" | mail -s test [email protected]

And the monitor can be run also every 5 minutes (a minute of two later of course) to check to see if there is any mail in the box.

Is that a workable solution or should the whole process be in one script and one cron job?

I could have the script send the mail and then sleep for a while and then check to see if it arrived.

The latter might be the best thing that way its less to set up.

How long does it take for clamd to eximine an email and deliver it? Also just to make sure, would clamd examine mail that is sent from the local machine to the local mailbox?
 
The little bit of testing I have done tells me that the email sent to the same server it originated from does not go through clamd. It only goes through clamd if it originated from the outside. Can somebody confirm this?
 
Wouldn't it be better to monitor the services like clamd then exim?

What else causes exim to stop delivering mail?

Grant
 
Poor design. Me bad.

A check for clamd is probably better; if it's not running restart exim (which restarts clamd).

Jeff
 
No it si not better better and does not address the problem. Procwatch can monitor clamd for that matter. The problem is that sometimes clamd can freeze but any port monitor thinks it is running and hence does no reporting or restarting. Besides clam is not the only problem I have encountered.
 
Anyone else have an idea? Has anyone checked to see if you send email from the same server but through port 25 if that would be sent through clamd?

Jeff
 
Anyone else have an idea? Has anyone checked to see if you send email from the same server but through port 25 if that would be sent through clamd?

Jeff

Yes it does. You can test this very easly

  1. Disable your virusscanner
  2. go to http://www.eicar.org/anti_virus_test_file.htm and download an NOT HARMFUL test virus ( its just a string to test virusscanners with. )
  3. try to send the e-mail on your own server, you should get a 550 error ( given by clamd. ) stating that the message contains a virus or malware

Bastiaan.
 
Back
Top