Use posttls-finger to monitor your DANE configuration in icinga2

First you need to install the posttls-finger command. This command is included in postfix versions >=2.11. On Debian you may just rebuild the packages from unstable for your distribution.

Then download the check_posttls_finger script and make it executable:

Add a command definition to icinga2 by creating /etc/icinga2/conf.d/check_posttls_finger.conf with the following content:

Also add an service definition to /etc/icinga2/conf.d/services.conf:

Now configure the domains your want to monitor in your host definitions. For example to monitor

Use delv to monitor your DNSSEC configuration in icinga2

First you need to install delv. delv is a new diagnostic tool like dig, but with improved DNSSEC support (read more). It comes with bind 9.10 and newer. If you’re already using bind >9.10 then it should be already installed. Otherwise you can grab the latest bind tarball, compile it and use the compiled delv binary:

Then download the check_delv nagios plugin script:

Add a command definition to icinga2 by creating /etc/icinga2/conf.d/check_delv.conf with the following content:

Also add an service definition to /etc/icinga2/conf.d/services.conf:

Now configure the domains your want to monitor in your host definitions. For example to monitor

Checking your IP against RBLs in icinga2

To make sure that your IP is listed on any RBL you can implement a daily check in icinga2.

The check can be implement with the check_rbl script:

The script has a few perl module dependencies. To install them on a debian system execute:

Then download the script and make it executable:

Also download a copy of the configuration file:

Edit the configuration file and add/remove RBLs as needed. When writting this, the list still included the retired AHBL blacklist. To disable it comment the following line:

Now its time to start a test run:

The script will display all checked RBLs and exit with a Nagios status line:

Now add the command/service definitions to your icinga2 configuration and apply the rbl_address to your hosts definition.

Create /etc/icinga2/conf.d/check_rbl.conf with the following content:

Add the following service description to your /etc/icinga2/conf.d/services.conf:

And a rbl_address variable to all hosts you want to check:

Restart the icinga2 service and see the results in icinga-web.

mtpolicyd version 1.15 released

Version 1.15 has been released.

Get the sources from: or from CPAN.

New Features:

  • New Plugins: Accounting, Quota
    These plugins could be used to implement smtp level accounting and quotas. See Mail::MtPolicyd::Cookbook::HowtoAccountingQuota and the plugin reference for details.
  • SQL Infrastructure updates
    Plugins are now able to create their own tables automatically. Collected some shared SQL code into Plugin::Role::SqlUtils.
  • Support for scheduled tasks
    Plugins can execute scheduled tasks by implementing a cron() function.

SMS notifications in icinga2 with

The service could be used to send SMS notifications from icinga2.

First create a service account at and install the sms77send command which comes with the SMS::SMS77 perl module:

You may want to send a test message to your mobile:

To be able to call sms77send from icinga2 you need to place the following wrapper script in /etc/icinga2/scripts/

Place the following command definition in /etc/icinga2/conf.d/commands.conf:

Place a template for the notification in /etc/icinga2/conf.d/templates.conf:

And the notification in /etc/icinga2/conf.d/notifications.conf:

To activate SMS notifications for a host add the following lines to your host definition in /etc/icings2/conf.d/hosts.conf:

And your mobile phone number to your contact in /etc/icinga2/conf.d/users.conf (eg. within object User icingaadmin):

mtpolicyd version 1.14 released

Version 1.14 of the mtpolicyd has been released.

New Features:

  • Stress Plugin. Trigger an action if postfix is under stress.
  • Added on_error option to plugins.
    If set to continue and the plugin dies mtpolicyd will continue with processing instead of returning an error:
  • Application level profiling has been added.
    A small profiler has been added to record request timings. Timings will be logged at log level 3. Plugins may add their own timings thru the following API:

Structured JSON Logging with Log4perl

With the help of the Log::Log4perl::Layout::JSON module Log4perl is able to output structured logs.

Example Log4perl Configuration with JSON output to syslog:

Example Code:

Example Output:

The Log4perl MDC feature could be used to attach additional information to all log events produced by your program. For a CGI script it may be usefull to attach the client ip or session information to log events.

Attach additional fields to the MDC:

MDC Example Output:

Structured JSON Logging with Amavis

Amavis is able to output an structured JSON log format. First make sure you syslog daemon allows log messages longer than 1500 bytes. For example in rsyslogd you can use the following configuration line to raise the maximum message size to 32k:

To activate JSON logging in amavisd you need to adjust the $logline_maxlen setting since amavis will otherwise split long log lines at this threshold.

The log format in amavis is defined by the $log_templ template. For JSON logging you have to use the report_json macro:

For more macros take a look at the amavis documentation:


Relaying of collectd metrics to a central graphit with syslog

Download and install the Collectd::Plugins::WriteSyslogGraphite plugin from cpan:

This plugin allows you to write the collectd output to syslog.

Activate the plugin within your collectd configuration:

Now configure rsyslogd to log to your central logging host.

If you’re using logstash on your central logging host can use the following grok pattern/filter to extract the metrics from the log stream and pass them to graphits carbon storage.

Grok pattern:

Logstash filter/output: