Skip to main content

Monitoring with Slack

You can use Slack to monitor for events that happen on the Halon MTA, like when rate limits are exceeded for example.

Setting up the webhook

Begin by registering an incoming webhook as described here. After doing this, you'll get unique webhook URL that you can then use when posting messages to Slack.

Sending the notifications

Below is an HSL example showing how you can post a message to Slack when a rate limit has been exceeded. Note how it's using a second rate limit to ensure that no more than one message can be generated per entry and hour. To send the messages asynchronously we're using the http-bulk plugin.

RCPT TO context
$senderdomain = $transaction["senderaddress"]["domain"];
$limit = 250;
if (rate("per-hour", $senderdomain, $limit, 3600) === false) {
    if (rate("per-hour-report", $senderdomain, 1, 3600) === true) {
        $data = ["text" => "*".gethostname().":* $senderdomain has sent more than $limit messages per hour."];
        http_bulk("slack", json_encode($data));
    }
    Defer("$senderdomain has sent more than $limit messages per hour.");
}

The http-bulk plugin can be configured as follows:

/src/config/smtpd.yaml
plugins:
  - id: http-bulk
    config:
      queues:
        - id: slack
          path: /var/log/halon/slack.jlog
          format: jsonarray
          url: "https://hooks.slack.com/services/XXXXXXXXX/XXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXX"
          min_items: 1
          max_items: 1
          tls_verify: true
note

The url property should be replaced with the webhook URL you generated.