Event Enrichment : Linux : Mailq threshold warning

enrichments panning 1024x686 Event Enrichment : Linux : Mailq threshold warning

Here’s another addition to our real life Enrichment series; the Mailq threshold warning event.

Enhancements / Comments are welcome!

Name:

Mailq threshold warning

Escalation:

Send to SYS on call team  <= Add your escalation destination

Remediation:

Note: Copy/Paste the commands after >>> into your ssh session

1) Log in to mail-01.acme.com <== replace with your host

>>> ssh ops@mail-01.acme.com

2) Issue the ‘mailq’ command to view the queue

>>> mailq

Response should be similar to:

-Queue ID- –Size– —-Arrival Time—- -Sender/Recipient——-
AAE603481BD 3471 Thu Oct 18 14:44:30 user@domain.com
(connect to outside.com[xxx.xxx.xxx.xxx]: Connection timed out)
user2@outside.com

The Q-id number is the id for the mail having a problem.

3) Review the email and investigate why it is not being sent by issuing the postcat command

>>> postcat -q AAE603481BD

4) If the email should be deleted, use the postsuper command

>>> postsuper -d AAE603481BD

OPTIONAL:

Sample script to delete no-reply emails:

for i in $(mailq | grep -B1 'do-not-reply@domain.com'| grep '^[A-Z,0-9]'| awk '{print $1}')
 do
 postsuper -d $i
 done

 


If you are interested in substantially cutting down on the time necessary to implement Event Enrichments, check out the new Event Enrichment Platform.

What's your opinion?