• How to get mail statistics from your postfix mail logs

    Overview :-

    Last few years  i am supporting postfix mail servers. I would like to share one nice log diagnosing tool that I have used more ” Postfix Log Entry Summarizer

    Its an amazing tool and will provide you the following details

    • Total number of:
      • Messages received, delivered, forwarded, deferred, bounced and rejected
      • Bytes in messages received and delivered
      • Sending and Recipient Hosts/Domains
      • Senders and Recipients
      • Optional SMTPD totals for number of connections, number of hosts/domains connecting, average connect time and total connect time
    • Per-Day Traffic Summary (for multi-day logs)
    • Per-Hour Traffic (daily average for multi-day logs)
    • Optional Per-Hour and Per-Day SMTPD connection summaries
    • Sorted in descending order:
      • Recipient Hosts/Domains by message count, including:
        • Number of messages sent to recipient host/domain
        • Number of bytes in messages
        • Number of defers
        • Average delivery delay
        • Maximum delivery delay
      • Sending Hosts/Domains by message and byte count
      • Optional Hosts/Domains SMTPD connection summary
      • Senders by message count
      • Recipients by message count
      • Senders by message size
      • Recipients by message size

      with an option to limit these reports to the top nn.

    • A Semi-Detailed Summary of:
      • Messages deferred
      • Messages bounced
      • Messages rejected
    • Summaries of warnings, fatal errors, and panics
    • Summary of master daemon messages

    Installation :-

    Installation is very simple , just download the package and unzip

    •  wget http://jimsun.linxnet.com/downloads/pflogsumm-1.1.1.tar.gz
    •  tar -zxf pflogsumm-1.1.1.tar.gz
    • chown root:root pflogsumm-1.1.1

     

    Generate the statistics  :-

    #  cat /var/log/maillog | ./pflogsumm.pl
    ( The above command will generate a detailed statistics as follows )

    Grand Totals
    ————
    messages

       1867   received
       3523   delivered
          0   forwarded
       707   deferred  (75  deferrals)
         35   bounced
        259  rejected (6%)
          0   reject warnings
          0   held
          0   discarded (0%)

      55528k  bytes received
      71732k  bytes delivered
         46   senders
         32   sending hosts/domains
        649   recipients
        350   recipient hosts/domains

    Per-Day Traffic Summary
        date          received  delivered   deferred    bounced     rejected
        ——————————————————————–
        Jul 17 2011       257       2003       7295          8
        Jul 18 2011       471        352         94          2        216
        Jul 19 2011       986       1000        145         23         33
        Jul 20 2011       153        168         55          2         10

    Per-Hour Traffic Daily Average
        time          received  delivered   deferred    bounced     rejected
        ——————————————————————–
        0000-0100           9          9          3          0          1
        0100-0200          11         10          4          1          4
        0200-0300          10         10          3          0          2
        0300-0400          11         13          3          0          2
        0400-0500          16         82        287          1          2

    I am sure this will be definitely helpful for somebody who is working with postfix mail servers.

  • Postfix commands

    For system admins who are using postfix as their mail server :-

    As my routine system administration I usually use some of the following commands frequently.

    View the postfix version :
    postconf  mail_version
    mail_version = 2.3.3

    Check the postfix installation :
    postfix check

    Show default postfix values :
    postconf -d

    To show non default postfix values :
    postconf -n

    To restart postfix mail server  :

    # postfix reload

    Flush the mail queue :
    postfix  flush
    Or you can use:
    postfix  -f

    To see mail queue :
    mailq
    ( in send mail sendmail -bp )
    mailq | wc -l
    (will give the total no of mails in queue )

    To remove all mail from the queue :
    postsuper -d ALL

    To remove all mails in the deferred queue :
    postsuper -d ALL deferred

    To see the mails in a tree structure :
    qshape


    View the mail content :
    postcat -q  AFD4A228 37C

    You will get the above id from mailq . Or you can view the mails from postfix mail spool. Usually postfix will store the mails in /var/spool/postfix/active/ from this location also you can view the mails .  We can change the queue directory from the postfix conf.

    Sort by from address :

     #  mailq | awk '/^[0-9,A-F]/ {print $7}' | sort | uniq -c | sort -n

    To remove all mails sent by user@adminlogs.info from the queue :

    mailq| grep '^[A-Z0-9]'|grep user@adminlogs.info|cut -f1 -d' ' |tr -d \*|postsuper -d -

    To remove all mails being sent using the From address “user@adminlogs.info” :

    mailq | awk '/^[0-9,A-F].*user@adminlogs.info / {print $1}' | cut -d '!' -f 1 | postsuper -d -

    To remove all mails sent by the domain adminlogs.info from the queue :

    mailq| grep '^[A-Z0-9]'|grep @adminlogs.info|cut -f1 -d' ' |tr -d \*|postsuper -d -

    Test your own Mailserver against attacks :
    telnet mail-abuse.org

    Please suggest your own changes and additions , I am happy to include those in this doc..

  • Postfix mail server configuration with mail sending restriction

    Scenario : –

    1)  Configure a local mail server in postfix
    2)  Configure fetch mail to download mails from remote server
    3) Apply sender restrictions to normal employees. They can send mails to adminlogs.info only.
    4) Allow management members to send and receive mails globally .

    #### Postfix conf for mail restrictions

    message_size_limit = 20601572
    mailbox_size_limit = 0
    transport_maps = hash:/etc/postfix/transport
    relayhost = mail.adminlogs.info:587
    virtual_mailbox_limit_override = yes
    virtual_mailbox_limit_maps = hash:/etc/postfix/vquota
    smtpd_restriction_classes = allowed_only
    allowed_only = check_recipient_access hash:/etc/postfix/allowed_domains, reject
    smtpd_recipient_restrictions =
    check_sender_access hash:/etc/postfix/restricted_senders
    permit_sasl_authenticated
    permit_mynetworks
    reject_unauth_destination
    check_relay_domains
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options = noanonymous

    ##### Sasl password settings. (created in  Remote server)
    $ cat /etc/postfix/sasl_passwd
    mail.adminlogs.info  auth@adminlogs.info:password

    #####Allowed domains setting , it will allow restricted senders to send mails to adminlogs.info
    cat /etc/postfix/allowed_domains
    adminlogs.info   OK

    #####Restricted senders

    $ /etc/postfix/restricted_senders

    user@adminlogs.info  allowed_only

    #####Fetchmail scrip to download mails from remote mail server

    poll remoteserverip with protocol pop3:
    no dns, aka adminlogs.info
    auth any
    user  catch@adminlogs.info is * here  ( Should create this id in remote server  )
    limit 25000
    fetchlimit  51
    password pass2
    smtphost localhost

    ###### To send mails to global e-mail id’s for restricted senders

    $ vi transport

    admin@adminlogs.info  smtp:remoteserver ip:587

    $ postmap transport

    $  postfix reload

    I have spent hours to setup this for a  production company and at last i completed the project successfully 🙂