Anyone know of a ready made solution that would do the following? 1. check mailq periodically. like every five minutes. 2. if mailq goes above, say about 200. 3. using the firewall, close port 25. 4. then send a telegram chat to the sysadmin. I choose telegram because I think it allows to receive from an api. Not like whatsapp.
Not that I know of, but you could write something yourself, starting with https://github.com/sensu-plugins/sensu-plugins-postfix/blob/master/bin/check-mailq.rb maybe?
Here is a link to a posible solution using monit. https://serverfault.com/questions/697670/how-to-monitor-the-postfix-mail-queue-using-monit While searching the net, came across netdata. It has telegram integration along with other chats. https://www.netdata.cloud/integrations/#notifications Checkout what netdata is all about. Looks really impressive. https://www.netdata.cloud/agent/ Open source and we do not have to use the cloud part. Now need some advice on what to use with ispconfig. Monit or Netdata?
It doesn't really matter, you can currently add monit to the panel but we might have to remove this as it is not working right now.
Installed netdata following this link. Really is an easy one line installation. https://learn.netdata.cloud/docs/get Then configure the alarm for postfix mail queue using the following config. /etc/netdata/health.d/postfix.conf Code: template: postfix_local_queue on: postfix.qemails every: 10s calc: $emails warn: $this > 10 crit: $this > 100 to: sysadmin info: number of emails in the postfix queue Got the config from the following link. https://jpmrblood.github.io/notes/netdata-postfix/ Next configured netdata notifications following this link. By the way email notifications is already default. I wanted telegram notifications. https://learn.netdata.cloud/docs/agent/health/notifications/ For telegram. https://learn.netdata.cloud/docs/agent/health/notifications/telegram Happy to say it works. Now have to figure out how to close port 25 when the postfix queue critical alarm is triggered.
The netdata community forum gave some advice. https://community.netdata.cloud/t/h...on-critical-alarm-on-postfix-mail-queue/610/3 Now need help with which command that I should excecute to close outgoing port 25. And the command to open outgoing port 25. I want to still allow incoming port 25. Using debian 10.7. Some command that will play nice with ispconfig. Any advice?
I must have misunderstood the problem you were trying to solve, I thought you wanted to close incoming port 25, but you intend to catch larger batches of outgoing mail (eg. from an abused account I presume) and prevent it from going out, and alert the admin to look at it? There may be better long-term solutions to that, but it's an interesting approach. As for example commands, the letsencrypt pre hook and post hook perform a very similar task.
One custom solution that comes to mind is to identify the sender address of the messages and if an individual sender is over some threshold, "disable" their mail account (set mail_user.postfix='n' for the matching email), then move all the mail from that user into postfix's hold queue. Your other mail will still continue as normal (no port 25 blocks). Those are based on queue size though, and what you probably want is to trigger on the number of messages sent in some timeframe, as quite a bit of mail can process through a mail server without pushing the queue up terribly high. High volume spam runs used to be more common a few years ago, and they do still happen occasionally, but most of them now-a-days are lower volume to avoid obvious detection.
I want to allow incoming port 25 so that emails from outsite can be received. Rspamd's rate limit will stop an abused email account that can only send by port 587. So when there is some form of attack through a website or something, netdata will be monitoring the postfix queue every 10secs. The moment postfix queue goes above 10, the admin will receive an email and a telegram message. Upto here it is working great. Telegram and emails are coming in. When the postfix queue goes above 100, netdata will still send the email and telegram message plus will close the outgoing port 25. I do not know what command to run to close outgoing port 25 and open outgoing port 25. Can help with the commands? Cool. If something like this is builtin ispconfig, that would be great.
Unfortunately, it was not a user account that was sending the emails. It was a php script using sendmail binary. So no account to stop.
The letsencrypt pre hook opens port 80 (so you would use very similar code with a different chain name and port number in your "unblock port 25" commands), and the post script closes port 80 (so corresponds to your "block port 25" commands).
