Friday, February 3, 2012

Shell one liner to analyze sendmail mail queue for mail "bomb" sources

If your sendmail server gets "bombed" by some sender, one task you may need to do is to find the most common patterns in the massive pile up of mail in your queues. This one liner counts Subject, To, and From fields from the qf files, and then counts the list. With the double sort, it's a bit on the inefficient side, but it may help you anyway.

find /local/apps/mail/spool/mqueue -type f -name "qf*" -exec cat {} \; \
| awk -F: '/From|To|Subject/ {for(k=2;k<=NF;++k)printf $k; print "\n"}' \
| sort \
| uniq -c \
| sort -n

I have broken line across multiple lines for clarity by escaping the ends. You may want to paste the sections in to one line for convenience. In that case drop the trailing '\'s.

