Tuesday, February 20, 2007

Mail Queue Recipient Distribution

This pipeline will parse the output of sendmail’s mailq command to determine who’s getting the mail in the queue. I regularly work with a shared hosting environment. When a queue on one of our mail servers suddenly shoots up, I need to know why and fast. I use this to see which domain is receiving the mail. If it’s a domain on that server I look to see if a spam probing bot has found an account with a “catchall” alias. This will tell you how many messages each domain has currently in the queue. Using the same pipeline but removing the -v will show you the distribution for senders. This is helpful to know if one domain is launching a large volley of mail which could mean an abusive customer. Also note that the ^l is time-dependent. This is the first letter of your message ID’s and the proper letter can be found by doing a mailq or mailq -OMaxQueueRunSize=1.



mailq | grep -v ^l | awk -F@ '{print $2}' | sort | uniq -c | sort -n

No comments:

Post a Comment