This script checks the total number of messages in the kerio mail queu If the count is above the MAX set below, an alert is sent to the notify addresses. Ideally, this can provide early warning or monitoring of a compromised server.
#!/bin/bash
# This script checks the total number of messages in the kerio mail queu
# If the count is above the MAX set below, an alert is sent to the notify addresses.
# Ideally, this can provide early warning or monitoring of a compromised server.
########################################################################################
NOTIFY="jdj@mac.com alitwack@ascp.com"
# Notication is sent when the queu hits this limit
MAX=100
#######################################################################################
# lookup kerio mailstore
mailstore="`grep '<variable name="StoreDir">' /usr/local/kerio/mailserver/mailserver.cfg | sed 's/[^>]*>//; s/<.*//'`"
# the mail queue is here
mailqueue="$mailstore/queue"
# how many messages in the queue
COUNT=`find "$mailqueue" -type f -name "*.eml" -ctime -1d | wc -l | tr -d " "`
# Send notice or not
if [[ "$COUNT" -gt "$MAX" ]]; then
echo " ## ALERT sent to: $NOTIFY"
echo " ## $COUNT messages in the queue"
echo " ## This is more than the max allowed: $MAX"
echo " ## An email was sent to: $NOTIFY"
echo > /tmp/tripwire
find "$mailqueue" -type f -name "*.eml" -ctime -1d | while read MSG; do
echo "#####################################" >> /tmp/tripwire
head -30 "$MSG" >> /tmp/tripwire
echo >> /tmp/tripwire
echo >> /tmp/tripwire
done
cat /tmp/tripwire | mail -s "KERIO ALERT - $COUNT msgs in the mail queue" "$NOTIFY"
exit 1
fi
exit 0