AntiSpam & RBL Hits - Does it Make Sense to Monitor?
Hello All;
Well, the more you play with Xymon, the more uses you come up with for it.
For example, I am responsible for our AV/antispam/Postfix server, on that server we block inbound email based on anything from being on our "do not allow" list, to being on one of two RBL's we use, and of course being identified as either spam or a virus.
So where am I going with this? I'd like to know if anyone out there is monitoring something similar, and query you folks to see if this even makes sense for Xymon?
One reason why I'd like to add this into Xymon is that we already use too many "tools", and I'd like to either rid us of some of these or condense some of them into just one tool where possible. Of course having Xymon with its rrd graphs would play an important role too since my management would love to see that data in a graphical representation.
Thanks all in advance,
.vp
On Friday, 20 November 2009 14:57:28 wiskbroom at hotmail.com wrote:
Hello All;
Well, the more you play with Xymon, the more uses you come up with for it.
For example, I am responsible for our AV/antispam/Postfix server, on that server we block inbound email based on anything from being on our "do not allow" list, to being on one of two RBL's we use, and of course being identified as either spam or a virus.
Sure, but what does this have to do with monitoring?
So where am I going with this? I'd like to know if anyone out there is monitoring something similar, and query you folks to see if this even makes sense for Xymon?
Monitoring what?
One reason why I'd like to add this into Xymon is that we already use too many "tools", and I'd like to either rid us of some of these or condense some of them into just one tool where possible. Of course having Xymon with its rrd graphs would play an important role too since my management would love to see that data in a graphical representation.
Well, I'm not sure what you wanted to do, but speaking about the general topic, we have a server-side extension that monitors whether SMTP servers are blacklisted on RBLs. When deploying it at a new site, I started cleaning it up a bit, and will try and make it available somewhere soon. But, I don't know if this is what you are talking about.
I would like to be able to monitor mail queues in postfix. net-snmp has some support for exposing sendmail mail queue statistics via SNMP, but it works by looking at files in the sendmail queue. I would like devmon to support this, but we don't run sendmail, and there's no support for postfix.
If you mean you would like some statistics on how many mails were accepted or rejected for a specific reason, if you are using a tool that can write RRD files, you should be able to integrate it into the trends view quite easily (by adding a graph definition, and enabling the graph in the GRAPHS line in hobbitserver.cfg). Most of these tools work by log parsing anyway, so you could quite easily write a short client-side script to parse the log and send NCV-compatible data. This would mean you could alarm on certain values/states.
Regards, Buchan
wiskbroom at hotmail.com a écrit :
Hello All;
Well, the more you play with Xymon, the more uses you come up with for it.
For example, I am responsible for our AV/antispam/Postfix server, on that server we block inbound email based on anything from being on our "do not allow" list, to being on one of two RBL's we use, and of course being identified as either spam or a virus.
So where am I going with this? I'd like to know if anyone out there is monitoring something similar, and query you folks to see if this even makes sense for Xymon?
One reason why I'd like to add this into Xymon is that we already use too many "tools", and I'd like to either rid us of some of these or condense some of them into just one tool where possible. Of course having Xymon with its rrd graphs would play an important role too since my management would love to see that data in a graphical representation.
Thanks all in advance,
.vp
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk
Hi,
On my side, I monitor postfix and exim queues, there are already built plugins available here : http://www.deadcat.net/viewfile.php?fileid=387
In the past I have graphed inbound email volume via RRD, including a 'stacked' filled-area graph of rejects showing which DNSBL(s) triggered the reject.
Since I use 'rblsmtpd' to query 4 RBLs in series, it is useful to know which one is performing the best, so I can move it earlier in the sequence, or if one seldom gets a hit (or starts blocking everything) I can remove it.
As mentioned earlier, attractive graphs are eye-pleasing to management folk.
Kevin
participants (4)
-
bgmilne@staff.telkomsa.net
-
doctor@makelofine.org
-
kkadow@gmail.com
-
wiskbroom@hotmail.com