How to monitor Postfix queue length using an SNMP monitor

Background

It’s essential to monitor email queues if you’re an Internet service provider or email service provider. Any of your 1000s of email users might have chosen an insecure password meaning that a hacker’s script might come and do a brute force password attack on the email account, and in the process unleash 1000s of messages of even 100 000s of messages meaning your email server will be blacklisted. Although it’s recoverable, the quicker you find the problem, the easier it will be to solve. If you leave the problem for more than a few days, you might end up spending days, weeks, and sometimes even months fixing the problem. The fact of the matter is once you have been banned by a couple of high profile spam detection services, delisting is an incredibly hard and arduous process.

Queue monitoring using Postfix and PRTG /  Custom OID Sensors

Postfix is a really popular MTA and often used to send emails. This article covers a method for monitoring the Postfix queue. There are other methods as well, but this method is really straightforward and works if you have also have PRTG installed. The article is the work of a forum contributor at PRTG with some small modifications. If you are not using PRTG as your monitoring software, any SNMP monitoring system normally allows custom OIDs and so you should be okay to proceed.

The Script

cat /etc/postfix/snmp_monitor_postqueue.sh

#!/bin/bash
# 20.06.2011 - JJaritsch @ ANEXIA Internetdienstleistungs GmbH
# jj @ anexia.at

queuelength=`/usr/sbin/postqueue -p | tail -n1 | awk '{print $5}'`
queuecount=`echo $queuelength | grep "[0-9]"`

if [ "$queuecount" == "" ]; then
        echo 0;
else
        echo ${queuelength};
fi
exit 35

Change owner, assign correct permissions, and make executable:

chown postfix:postfix snmp_monitor_postqueue.sh
chmod 755 snmp_monitor_postqueue.sh
chmod +x snmp_monitor_postqueue.sh

Add to /etc/snmp/snmpd.conf

snmpd.conf:

exec postqueue /usr/bin/sudo /etc/postfix/snmp_monitor_postqueue.sh

On recent version of this script be sure to remove /usr/bin/sudo

exec postqueue /etc/postfix/snmp_monitor_postqueue.sh

Add to /etc/sudoers

snmp ALL=(ALL) NOPASSWD: /etc/postfix/snmp_monitor_postqueue.sh

Restart service

service snmpd restart

In PRTG / Add Sensor / SNMP Custom

.1.3.6.1.4.1.2021.8.1.101.1

Testing

To test from the command line:

# snmpwalk -c secret_community -v 2c localhost 1.3.6.1.4.1.2021.8.1.101.1
UCD-SNMP-MIB::extOutput.1 = STRING: 20

Troubleshooting

# snmpwalk -c public -v 2c localhost .1.3.6.1.4.1.2021.8.1.101.1
iso.3.6.1.4.1.2021.8.1.101.1 = No Such Instance currently exists at this OID

sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper

Try removing sudo from the exec command.

snmpwalk: command not found

If you get `snmpwalk: command not found`, then on CentOS do this:

yum install net-snmp-utils -y

See also

• How to monitor an Exim queue on a WHM server using SNMP and PRTG

References

• https://kb.paessler.com/en/topic/21223-monitoring-e-mail-queue-on-postfix
• https://kb.vander.host/knowledgebase/operating-systems/how-to-get-snmp-daemon-working-on-ubuntu-18-04-lts/
• https://kb.vander.host/knowledgebase/email/consolidated-list-of-pronounced-rbls-real-time-black-lists-and-experiences-in-de-listing/