Tools to help identify abnormal behaviour

Post by MattPeddlesden » Sun Feb 07, 2016 11:52 am

Is there some way to be alerted when the server experiences some kind of abnormal condition?

outbound queue is more than some number (indicating a bunch of stuck, possibly spam messages),
above average flow (or above some set warning level) from a particular registered user (indicating account has been breached) and so forth?

My server is under a constant barrage of attacks (as I guess most are) and without constant micro-management it's hard to keep on top of it and before I know it, we've been breached and are being used to send a ton of spam out. It seems that there are some reasonably easy indicators that would highlight abnormal activity and could provide the ability to rapidly detect and fix these issues.

It would also be great to be able to see a list of all messages sent by the server and have some way to flag spam and ham based on this - so that the anti spam components can learn from previous mistakes. It would also help more rapidly identify what the cause of a spam breach is. My server is relatively quiet these days, and managing it is far from something I can do regularly as I have in the past - so having some support from the software to identify where things have gone wrong or might be out of the ordinary etc would help immensely.

