10.6. Monitoring sendmail.

What should you configure in osagent.conf.xml to monitor an sendmail mail server, where users can read mails with pop3 ?

10.6.1. Checks for monitoring sendmail

  • Checking running sendmail and inetd processes with PROC

  • Checking open sockets on port 25 (smtp) and pop3 (110) with SOCKETS

  • Checking the sendmail error logs for error messages with LOGS

  • Checking disk space for /var/spool/mail and /var/spool/mqueue with DISK

  • Checking the sendmail mail queue with MAILQ

10.6.2. Example configuration for monitoring sendmail

<!-- ... -->
<PROC>
  <PROCESS>
    <PROCNAME>sendmail</PROCNAME>
    <ERRORLEVEL>ERROR</ERRORLEVEL>
    <DESCRIPTION>
      sendmail isn't running. You should restart sendmail with
      /etc/init.d/sendmail start (as root)
      <!-- The restart command depends on your system... -->
    </DESCRIPTION>
  </PROCESS>
  <PROCESS>
    <!-- We need inetd to start the pop3 daemon -->
    <PROCNAME>inetd</PROCNAME>
    <ERRORLEVEL>ERROR</ERRORLEVEL>
    <DESCRIPTION>
      inetd isn't running. You should restart inetd with
      /etc/init.d/inetd start (as root)
      <!-- The restart command depends on your system... -->
    </DESCRIPTION>
  </PROCESS>
  <!-- More processes you want to check -->
</PROC>

<SOCKETS>
  <CHECK4SOCKET>
    <!-- Maybe you have do define the right interface definition for
    your system -->
    <INTERFACE>:::</INTERFACE>
    <PORT>25</PORT><!-- SMTP: We want to receive mails on this port -->
    <ERRORLEVEL>ERROR</ERRORLEVEL>
    <DESCRIPTION>Sendmail hasn't an open port ?</DESCRIPTION>
  </CHECK4SOCKET>
  <CHECK4SOCKET>
    <!-- Maybe you have do define the right interface definition for
    your system -->
    <INTERFACE>:::</INTERFACE>
    <PORT>110</PORT><!-- POP3: Users want to read mails on this port -->
    <ERRORLEVEL>ERROR</ERRORLEVEL>
    <DESCRIPTION>pop3 hasn't an open port ? Maybe inetd isn't working correctly.</DESCRIPTION>
  </CHECK4SOCKET>
  <!-- More sockets you want to check -->
</SOCKETS>

<LOGS>
  <LOGFILE>
    <LOGFILENAME>/var/log/mail.log</LOGFILENAME>
    
    <!-- we use in.qpopper as pop3 daemon. Maybe you have to filter
    some other messages for your pop3 daemon -->
    <LOGFILTER><REGEX>in.qpopper\[\d+\]: .* login by user</REGEX></LOGFILTER>

    <!-- sendmail-messages -->
    <LOGFILTER><REGEX>(sm-mta|sendmail)\[\d+\]: .* from=.*relay=.*</REGEX></LOGFILTER>
    <LOGFILTER><REGEX>(sm-mta|sendmail)\[\d+\]: .* to=.*stat=Sent</REGEX></LOGFILTER>
    <LOGFILTER><REGEX>sendmail\[\d+\]: .*dsn=4.4.3, stat=queued</REGEX></LOGFILTER>

    <LOGFILTER>
      <REGEX>.*</REGEX><!-- Everything unknown -->
      <PRIORITY>1000</PRIORITY>
      <!-- That is AFTER all default priorities! -->
      <ERRORLEVEL>WARNING</ERRORLEVEL>
    </LOGFILTER>
  </LOGFILE>
  <!-- More logs you want to check -->
</LOGS>

<DISK>
  <!-- We assume, /var/spool/mail and /var/spool/mqueue are
  filesystems itself. -->
  <FS>
    <FSNAME>^/var/spool/mail$</FSNAME>
    <ERRORLEVEL>WARNING</ERRORLEVEL>
    <VALUE>80</VALUE>
    <DESCRIPTION>/var/spool/mail is getting full.</DESCRIPTION>
  </FS>
  <FS>
    <FSNAME>^/var/spool/mail$</FSNAME>
    <ERRORLEVEL>ERROR</ERRORLEVEL>
    <VALUE>95</VALUE>
    <DESCRIPTION>/var/spool/mail is  full.</DESCRIPTION>
  </FS>
  <FS>
    <FSNAME>^/var/spool/mqueue$</FSNAME>
    <ERRORLEVEL>WARNING</ERRORLEVEL>
    <VALUE>80</VALUE>
    <DESCRIPTION>/var/spool/mqueue is getting full.</DESCRIPTION>
  </FS>
  <FS>
    <FSNAME>^/var/spool/mqueue$</FSNAME>
    <ERRORLEVEL>ERROR</ERRORLEVEL>
    <VALUE>95</VALUE>
    <DESCRIPTION>/var/spool/mqueue is  full.</DESCRIPTION>
  </FS>

  <!-- More filesystems you want to check -->
</DISK>