P13 - Advanced Mail Server Monitoring with PRTG Network Monitor
PRTG – P13 Advanced Mail Server Monitoring with PRTG Network Monitor
Basic monitoring is not enough for production mail systems.
To ensure reliability, security, and deliverability, you need advanced Mail Server Monitoring that goes beyond CPU, RAM, and SMTP checks.
In this tutorial, we extend monitoring for Mailcow running on Docker using PRTG SSH Script Advanced sensors, DNS validation, blacklist detection, and spam activity tracking.
This setup provides real-world operational visibility for system administrators.
🐳 MAILCOW & DOCKER
Mailcow runs multiple Docker containers.
If only one critical container fails, the entire mail system can break.
We will monitor:
postfix-mailcow
dovecot-mailcow
rspamd-mailcow
clamav-mailcow
nginx-mailcow
#1️⃣ SSH Script Advanced – Docker Containers
🎯 Function
• Check if important Mailcow containers are running
Output:
• 1 = OK
• 0 = FAIL
Threshold:
• ❌ Lower DOWN: 1
📌 Only 1 container needs to fail → mail service fails.
Step 1: Grant Docker permissions to SSH user
Then reboot the mail server.
Verify:
If it no longer requests permission, configuration is correct.
Step 2: Create Check Script
Create file:
Script Content
#!/bin/bash
PATTERNS=(
"postfix-mailcow"
"dovecot-mailcow"
"rspamd-mailcow"
"clamd-mailcow"
"nginx-mailcow"
)
FAILED=0
FAILED_LIST=""
for p in "${PATTERNS[@]}"; do
running=$(docker ps \
--filter "name=$p" \
--filter "status=running" \
--format '{{.Names}}')
if [ -z "$running" ]; then
FAILED=$((FAILED+1))
FAILED_LIST="$FAILED_LIST $p"
fi
done
# Message
if [ "$FAILED" -eq 0 ]; then
MSG="All mailcow containers are running"
else
MSG="Container down:$FAILED_LIST"
fi
cat <<EOF
<prtg>
<result>
<channel>Mailcow Containers</channel>
<value>$FAILED</value>
<unit>Count</unit>
<limitmaxerror>0</limitmaxerror>
<limitmode>1</limitmode>
</result>
<text>$MSG</text>
</prtg>
EOF
exit 0
Set permissions:
Manual test:
Step 3: Restart Probe Services
Restart PRTG probe to detect new scripts.
Step 4: Add Sensor – SSH Script Advanced
Result:
• 0 → OK
• 1 → Immediate alert
Step 5: Real-World Test
Script must return 0 → PRTG DOWN immediately.
Restart:
Returns 1.
#2️⃣ SSH Script Advanced – Mail Queue Monitoring
🎯 Function
• Monitor stuck mail queue
Channel:
• Queue Count
📌 If queue increases → outgoing mail blocked or blacklisted.
🟢 Case 1 – Immediate Detection
Step 1: Create Script
Script Content
#!/bin/bash
# Get mail queue count (Postfix)
QUEUE_COUNT=$(postqueue -p 2>/dev/null | grep -c '^[A-F0-9]')
# Fallback if command is faulty
[ -z "$QUEUE_COUNT" ] && QUEUE_COUNT=0
# Message
if [ "$QUEUE_COUNT" -eq 0 ]; then
MSG="Mail queue empty (outgoing OK)"
else
MSG="Mail queue pending: $QUEUE_COUNT"
fi
cat <<EOF
<prtg>
<result>
<channel>Queue Count</channel>
<value>$QUEUE_COUNT</value>
<unit>Count</unit>
<limitmaxwarning>100</limitmaxwarning>
<limitmaxerror>500</limitmaxerror>
<limitmode>1</limitmode>
</result>
<text>$MSG</text>
</prtg>
EOF
exit 0
Set permission and test:
sudo /var/prtg/scriptsxml/check_mail_queue.sh
Step 2: Add Sensor
Step 3: Threshold Configuration
Recommended for sysadmin:
| Level | Value |
|---|---|
| ⚠️ Upper WARNING | 1 |
| ❌ Upper ERROR | 50 |
👉 Just 1 email in queue → WARNING
🟡 Case 2 – High Volume Environment
| Level | Value |
|---|---|
| ⚠️ Warning | 20 |
| ❌ Error | 100 |
🔴 Case 3 – Reporting Only
| Level | Value |
|---|---|
| ⚠️ Warning | 100 |
| ❌ Error | 500 |
Not suitable for real-time monitoring.
#3️⃣ DNS Sensor (MX Record)
🎯 Function
• Check MX record existence
URL:
Required keyword:
Recommended DNS Thresholds
🔴 Loading Time
| Status | Value |
|---|---|
| ⚠️ Warning | > 1,500 ms |
| ❌ Down | > 5,000 ms |
📌 DNS API normally < 300 ms.
🟡 Time to First Byte
| Status | Value |
|---|---|
| ⚠️ Warning | > 800 ms |
| ❌ Down | > 3,000 ms |
#4️⃣ Blacklist Check
🎯 Function
• Check if mail IP is blacklisted
Step 1: Bash Script
Script Content
#!/bin/bash
IP=$(curl -s https://api.ipify.org)
[ -z "$IP" ] && IP="UNKNOWN"
REVERSED_IP=$(echo $IP | awk -F. '{print $4"."$3"."$2"."$1}')
RBL_LIST=(
"zen.spamhaus.org"
"bl.spamcop.net"
"b.barracudacentral.org"
"dnsbl.sorbs.net"
"psbl.surriel.com"
)
COUNT=0
LISTED=""
for RBL in "${RBL_LIST[@]}"; do
if dig +short ${REVERSED_IP}.${RBL} | grep -qE '^[0-9]'; then
COUNT=$((COUNT+1))
LISTED="$LISTED $RBL"
fi
done
MSG="IP $IP clean"
[ "$COUNT" -gt 0 ] && MSG="IP $IP listed on:$LISTED"
cat <<EOF
<prtg>
<result>
<channel>Blacklist Count</channel>
<value>$COUNT</value>
<unit>Count</unit>
<limitmaxwarning>0</limitmaxwarning>
<limitmaxerror>1</limitmaxerror>
<limitmode>1</limitmode>
</result>
<text>$MSG</text>
</prtg>
EOF
exit 0
Set permission and test:
sudo /var/prtg/scriptsxml/check_mail_blacklist.sh
⛔ Do not scan too frequently to avoid RBL blocking.
Removal request example:
https://www.barracudacentral.org/rbl/removal-request
#5️⃣ Sensor – Rejected Incoming Mail (Spam Check)
🎯 Function
• Monitor rejected incoming mail
• Detect spam attack, virus, policy reject
📌 Rejected Incoming Mail ≠ Mail Queue
Step 1: Create Script
Script Content
#!/bin/bash
# Check time
MINUTES=5
# Container rspamd
RSPAMD_CONTAINER="mailcowdockerized-rspamd-mailcow-1"
# Timestamp từ MINUTES phút trước
SINCE_TS=$(date -d "$MINUTES minutes ago" +"%Y-%m-%d %H:%M")
# Count mail incoming reject
REJECT_COUNT=$(docker logs --since "$SINCE_TS" "$RSPAMD_CONTAINER" 2>/dev/null \
| grep -i "action=reject" \
| wc -l)
[ -z "$REJECT_COUNT" ] && REJECT_COUNT=0
# Message
if [ "$REJECT_COUNT" -eq 0 ]; then
MSG="No incoming mail rejected in last ${MINUTES} minutes"
else
MSG="Incoming rejected: $REJECT_COUNT mails in last ${MINUTES} minutes"
fi
cat <<EOF
<prtg>
<result>
<channel>Incoming Reject Count</channel>
<value>$REJECT_COUNT</value>
<unit>Count</unit>
<limitmaxwarning>1</limitmaxwarning>
<limitmaxerror>10</limitmaxerror>
<limitmode>1</limitmode>
</result>
<text>$MSG</text>
</prtg>
EOF
exit 0
Set permission and test:
sudo /var/prtg/scriptsxml/check_mail_incoming_reject.sh
Step 2: Add Sensor
Step 3: Recommended Threshold
| Level | Value |
|---|---|
| ⚠️ Warning | 1 |
| ❌ Error | 10 |
📌 One rejected incoming mail → immediate awareness of spam activity.
🏁 Conclusion
Advanced Mail Server Monitoring requires:
Docker container validation
Mail queue inspection
DNS MX verification
Blacklist detection
Spam rejection monitoring
With this PRTG configuration, your Mailcow mail system is monitored at infrastructure, service, and security levels.
This is production-grade monitoring designed for real-world system administrators who need proactive control — not reactive troubleshooting.
See also related articles
P3 – Powerful Guide 2026 Monitor WAN IP with PRTG
P3 – Powerful Guide 2026 Monitor WAN IP with PRTG PRTG – P3 Monitor Internet & WAN IP Using PRTG Network Monitor Monitoring your Internet connection is critical for any business infrastructure. If your WAN connection goes down, services such as email, VPN, remote access, and cloud applications become unavailable...
Read MoreP2 – Secure PRTG Fast: Change Port PRTG & Enable SSL
P2 – Secure PRTG Fast: Change Port PRTG & Enable SSL PRTG – P2 Secure PRTG with SSL | Enable HTTPS & Change Default Port Securing your monitoring system is not optional — it is essential. In this guide, we will walk through how to secure PRTG Network Monitor by...
Read MoreP1 – Complete Install PRTG Guide for Windows 10
PRTG – P1 How to Install PRTG on Windows 10 | Initial Setup & Configuration 🚀 Install PRTG on Windows 10 – Initial Setup & Configuration (P1) If you are starting your monitoring journey, learning how to Install PRTG properly is the first critical step. In this tutorial, I will...
Read More