jeff-j of osxroot
2/13/2015 - 12:05 AM

This script checks the total number of messages in the kerio mail queu If the count is above the MAX set below, an alert is sent to the noti

This script checks the total number of messages in the kerio mail queu If the count is above the MAX set below, an alert is sent to the notify addresses. Ideally, this can provide early warning or monitoring of a compromised server.

#!/bin/bash

# This script checks the total number of messages in the kerio mail queu
# If the count is above the MAX set below, an alert is sent to the notify addresses.
# Ideally, this can provide early warning or monitoring of a compromised server.

########################################################################################

NOTIFY="jdj@mac.com alitwack@ascp.com"

# Notication is sent when the queu hits this limit
MAX=100

#######################################################################################

# lookup kerio mailstore
mailstore="`grep '<variable name="StoreDir">' /usr/local/kerio/mailserver/mailserver.cfg | sed 's/[^>]*>//; s/<.*//'`"

# the mail queue is here
mailqueue="$mailstore/queue"

# how many messages in the queue
COUNT=`find "$mailqueue" -type f -name "*.eml" -ctime -1d | wc -l | tr -d " "`

# Send notice or not
if [[ "$COUNT" -gt "$MAX" ]]; then
   echo "   ## ALERT sent to: $NOTIFY"
   echo "   ## $COUNT messages in the queue"
   echo "   ## This is more than the max allowed: $MAX"
   echo "   ## An email was sent to: $NOTIFY"
   echo > /tmp/tripwire
   find "$mailqueue" -type f -name "*.eml" -ctime -1d | while read MSG; do
      echo "#####################################" >> /tmp/tripwire
      head -30 "$MSG" >> /tmp/tripwire
      echo >> /tmp/tripwire
      echo >> /tmp/tripwire
   done
   cat /tmp/tripwire |  mail -s "KERIO ALERT - $COUNT msgs in the mail queue" "$NOTIFY"
   exit 1
fi

exit 0