>Does anyone know of any tools/software/hacks that provide analysis of
>Imail logs? I'm looking for tools that provide (if possible) data similar
>to DOMLIST (from Declude) but also on a user basis. Incoming data size,
>outgoing data size, etc. Third party tools availble?
IMGate users have a PERL script, postfix log summarizer.
The report provides global totals:
Grand Totals
------------
messages
2747 received
2782 delivered
8 forwarded
19 deferred (89 deferrals)
5 bounced
48 rejected
53665k bytes received
59901k bytes delivered
705 senders
297 sending hosts/domains
414 recipients
154 recipient hosts/domains
and per hour traffic including sent, received, deferred, boucned, and
rejected per hour
Per-Hour Traffic Summary
time received delivered deferred bounced rejected
--------------------------------------------------------------------
0000-0100 240 221 6 0 2
0100-0200 158 142 3 0 1
0200-0300 174 172 4 0 3
0300-0400 111 108 5 0 3
0400-0500 104 108 5 0 8
0500-0600 89 85 2 0 2
0600-0700 116 115 3 0 4
0700-0800 116 123 5 0 1
0800-0900 144 137 16 0 3
0900-1000 153 167 11 0 3
1000-1100 142 166 2 1 4
1100-1200 178 183 7 0 1
1200-1300 126 138 3 0 0
1300-1400 151 153 5 0 2
1400-1500 176 183 2 3 1
1500-1600 178 182 5 1 0
1600-1700 224 234 3 0 8
Deliveries per domain with defers and delays:
Host/Domain Summary: Message Delivery (top 20)
sent cnt bytes defers avg dly max dly host/domain
-------- ------- ------- ------- ------- -----------
1417 6752k 0 1.0 m 5.8 m go2france.com
564 3146k 0 45.8 s 2.9 m meiway.com
195 17216k 0 1.5 m 4.1 m sergent-major.com
151 13950k 0 1.4 m 4.8 m baxifrance.com
57 2456k 3 3.5 m 36.0 m maf.or.ke
23 1306k 0 1.8 m 4.1 m accesskenya.com
23 822k 0 10.4 s 39.0 s wanadoo.fr
14 46098 0 3.3 m 4.3 m lcrkenya.com
12 240378 0 1.8 m 2.9 m triad.co.ke
11 387776 1 4.9 m 30.9 m dtdobie.co.ke
10 20023 0 9.5 s 53.0 s avrupavitrin.com
9 292144 0 3.9 s 12.0 s baxi.co.uk
9 75063 0 1.7 m 2.4 m antipest.co.ke
9 48269 0 1.5 m 1.7 m protec.co.ke
8 482495 0 1.7 m 2.7 m tradewinds.co.ke
8 178166 0 2.0 s 3.0 s ota.fr.socgen.com
7 579k 0 9.0 s 39.0 s hotmail.com
7 68599 0 33.4 s 1.2 m armandthiery.fr
6 1333k 0 5.2 s 18.0 s aol.com
6 595k 0 3.0 s 10.0 s club-internet.fr
Top x Mail From: by @senderdomain, by msgs and volume:
Host/Domain Summary: Messages Received (top 20)
msg cnt bytes host/domain
-------- ------- -----------
519 1499k lists.isp-lists.com
392 1322k freebsd.org
94 3770k sergent-major.com
87 310927 cygwin.com
76 4251k baxifrance.com
71 310468 lists.sourceforge.net
67 173830 squid-cache.org
66 172989 houseoffusion.com
62 196490 postfix.org
top x Mail From: by sender@, by msgs and volume:
top 20 Senders by message count
-------------------------------
226 [EMAIL PROTECTED]
138 [EMAIL PROTECTED]
132 [EMAIL PROTECTED]
66 [EMAIL PROTECTED]
62 [EMAIL PROTECTED]
60 from=<>
54 [EMAIL PROTECTED]
52 [EMAIL PROTECTED]
52 [EMAIL PROTECTED]
The preceding two sections are repeated for RCPT to:
recipient@recipientdomain.
and then all the detail sections for delivery problems:
message deferral detail
-----------------------
smtp
75 Operation timed out
6 212.49.94.100[212.49.94.100]: Operation timed out
2 mail.vei.net[207.244.8.40]: server dropped connection
1 m4.caramail.com[195.68.99.64]: Connection refused
1 tounes.tngw.tn[193.95.50.117]: Operation timed out
1 lost connection with smtp-gw-4.msn.com[207.46.181.13] while se...
1 4.3.1 Out of memory
message bounce detail (by relay)
--------------------------------
mx07.hotmail.com[64.4.42.7]
1 Requested action not taken: mailbox unavailable
mx1.mail.yahoo.com[64.157.4.83]
1 dd Sorry, your message to [EMAIL PROTECTED] cannot be
de...
mx14.hotmail.com[65.54.232.7]
1 Requested action not taken:user account inactive
none
1 Name service error for sida-info.fr: Host not found
smtp.wanadoo.fr[193.252.19.163]
1 RCPT <[EMAIL PROTECTED]> ERROR. Mailbox doesn't e...
message reject detail
---------------------
RCPT
Client host rejected: access denied
1 postmasterdirect.com
Recipient address rejected: unknown user
1 [EMAIL PROTECTED]
Sender address rejected: Domain not found
1 [EMAIL PROTECTED]
1 [EMAIL PROTECTED]
1 [EMAIL PROTECTED]
blocked using dialups.relays.osirusoft.com
1 van-bc60-124.netcom.ca
blocked using inputs.orbz.org
1 210.71.194.66
blocked using relays.ordb.org
4 mailgateway.sirnet.it
4 209.164.15.193
2 servecast.com
2 61.33.75.3
2 arakor.co.kr
2 meda.net
1 195.30.6.2
1 cnc.net
regex filtering report:
cleanup process
body
2 ?name="ChiracDance.exe"
1 name="GameSpy.exe"
1 ?name="psapi.dll"
1 ? name="DOCS.DOC.pif"
header
1 Subject: FW: VIRUS ALERT!!!!
1 From: =?GB2312?B?uN/P6A==?= <[EMAIL PROTECTED]>
Almost makes you want to run IMGate (free) just to get the pflogsumm
reports (free)!! :))
There is also an option to see how long IMGate stays in connection with
sending mail servers. I used this report to show the CoolFusion people
last summer that their iMS product was seriously broken, and they fixed it.
I should mention that FreeBSD has trafshow and Linux has iptraf that show
you in real-time the traffic by protocol and by sending/receiving hostname
through your IMGate box.
Because all Imail inbound/outbound goes through IMGate, we don't bother
with IMail stats anymore. About the only thing that would be interesting,
for us, would be the pop activity (don't do enough web mail to worry
about). But soon we will have Imail doing pop3 syslog-ging to IMGate (for
pop-before-smtp dynamic relay access control) so we'll have those stats, too.
Len
http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
