[hobbit] AntiSpam & RBL Hits - Does it Make Sense to Monitor?

Buchan Milne bgmilne at staff.telkomsa.net
Mon Nov 23 15:24:11 CET 2009 

On Friday, 20 November 2009 14:57:28 wiskbroom at hotmail.com wrote:
> Hello All;
>
> Well, the more you play with Xymon, the more uses you come up with for it. 
>
> For example, I am responsible for our AV/antispam/Postfix server, on that
> server we block inbound email based on anything from being on our "do not
> allow" list, to being on one of two RBL's we use, and of course being
> identified as either spam or a virus. 

Sure, but what does this have to do with monitoring?

> So where am I going with this?  I'd like to know if anyone out there is
> monitoring something similar, and query you folks to see if this even makes
> sense for Xymon? 

Monitoring what?

> One reason why I'd like to add this into Xymon is that we already use too
> many "tools", and I'd like to either rid us of some of these or condense
> some of them into just one tool where possible.  Of course having Xymon
> with its rrd graphs would play an important role too since my management
> would love to see that data in a graphical representation.

Well, I'm not sure what you wanted to do, but speaking about the general 
topic, we have a server-side extension that monitors whether SMTP servers are 
blacklisted on RBLs. When deploying it at a new site, I started cleaning it up 
a bit, and will try and make it available somewhere soon. But, I don't know if 
this is what you are talking about.

I would like to be able to monitor mail queues in postfix. net-snmp has some 
support for exposing sendmail mail queue statistics via SNMP, but it  works by 
looking at files in the sendmail queue. I would like devmon to support this, 
but we don't run sendmail, and there's no support for postfix.

If you mean you would like some statistics on how many mails were accepted or 
rejected for a specific reason, if you are using a tool that can write RRD 
files, you should be able to integrate it into the trends view quite easily (by 
adding a graph definition, and enabling the graph in the GRAPHS line in 
hobbitserver.cfg). Most of these tools work by log parsing anyway, so you 
could quite easily write a short client-side script to parse the log and send 
NCV-compatible data. This would mean you could alarm on certain values/states.

Regards,
Buchan

More information about the Xymon mailing list