Mailborder Guardian Service #

Overview #

The Mailborder Guardian service is a core component of the Mailborder email gateway, designed to provide continuous monitoring, system health checks, and automatic recovery capabilities for other Mailborder services. By overseeing processes like SpamAssassin, Rspamd, and the ClamAV daemon, Mailborder Guardian ensures that the email gateway maintains optimal performance, security, and reliability.

Unlike other Mailborder services, Guardian does not run persistently or on a socket. It is a one-time service controlled by systemd and is scheduled to run every 3 minutes to perform its monitoring tasks.

Key Functions #

1. Service Monitoring and Recovery #

Mailborder Guardian actively monitors the status of critical email security services, including:

• SpamAssassin or Rspamd: Provides spam filtering and scoring.
• ClamAV Daemon: Performs virus and malware scanning on incoming emails.
• Vita: Handles email logging and delivery status updates.
• Milter: Manages the SMTP content filtering process.
• Eval: Executes email evaluations, specifically checking for SPF, RBL, and Geolocation.
• Redis: Provides fast caching and delivery status tracking.

If any service is detected as unresponsive or failed, Guardian will automatically attempt to restart it, ensuring minimal downtime.

2. Health Checks #

The Guardian service performs periodic health checks on system resources such as:

• CPU usage
• Memory consumption
• Disk space availability
• Network connectivity

This helps identify potential issues before they affect email processing.

3. Log Management #

Mailborder Guardian maintains detailed logs for all monitored services and recovery actions. Logs are stored in:

• /var/log/mailborder/mailborder-guardian.log
• /var/log/mailborder/mailborder-guardian-error.log

These logs provide insight into system health, service status, and recovery attempts.

Integration with Other Mailborder Services #

1. Dependency Management #

Mailborder Guardian ensures that dependent services start and stop in the correct order. For example, Redis must be operational before Vita can log delivery statuses.

2. Automatic Configuration Validation #

Guardian verifies the integrity of configuration files for all Mailborder services. If misconfigurations are detected, it logs the issue and prevents faulty services from starting until the problem is resolved.

3. File and Directory Management #

System directories and files used by Mailborder services are managed through systemd-tmpfiles. Guardian ensures these are correctly created with the proper permissions.

Key Directories:

• /var/tmp/mailborder/
• /var/log/mailborder/
• /var/spool/mailborder/

Configuration #

1. Guardian Configuration File #

The Guardian configuration is managed in:

• /etc/default/mailborder

This file contains settings for monitoring intervals, thresholds for resource usage, and service-specific parameters.

2. Systemd Service File #

The Guardian service is managed through systemd and is scheduled to run every 3 minutes:

• Service file location: /lib/systemd/system/mb-guardian.service

Basic Commands:

# Start the Guardian service manually
sudo systemctl start mb-guardian

# Enable Guardian to run every 3 minutes
sudo systemctl enable mb-guardian.timer

# Check Guardian service status
sudo systemctl status mb-guardian

Log File Structure #

• Primary Log: /var/log/mailborder/mailborder-guardian.log

  • Contains routine service status checks and health reports.

• Error Log: /var/log/mailborder/mailborder-guardian-error.log

  • Captures detailed error messages, failed service recoveries, and configuration issues.

Troubleshooting #

1. Service Fails to Start #

• Check the status of the Guardian service:

  sudo systemctl status mb-guardian
  

• Review the error logs at /var/log/mailborder/mailborder-guardian-error.log for detailed messages.

2. Guardian Not Restarting Failed Services #

• Verify the configuration in /etc/default/mailborder.
• Ensure that the systemd timer is active:

  sudo systemctl status mb-guardian.timer
  

3. High Resource Usage #

• Review Guardian’s health check logs to identify resource bottlenecks.
• Adjust resource usage thresholds in the configuration file.

Conclusion #

The Mailborder Guardian service is essential for maintaining a stable and efficient Mailborder email gateway. It proactively monitors and manages the health of all critical services, particularly SpamAssassin or Rspamd, ClamAV, and Eval (SPF, RBL, and Geolocation checks), ensuring continuous email processing with minimal intervention. Regularly checking Guardian logs and configurations will help maintain optimal performance and security.