where is pflogsum????
----- Original Message ----- From: "Len Conrad" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, January 09, 2002 11:56 AM Subject: Re: [IMail Forum] Imail Analysis Tools? > > >Does anyone know of any tools/software/hacks that provide analysis of > >Imail logs? I'm looking for tools that provide (if possible) data similar > >to DOMLIST (from Declude) but also on a user basis. Incoming data size, > >outgoing data size, etc. Third party tools availble? > > IMGate users have a PERL script, postfix log summarizer. > > The report provides global totals: > > Grand Totals > ------------ > messages > > 2747 received > 2782 delivered > 8 forwarded > 19 deferred (89 deferrals) > 5 bounced > 48 rejected > > 53665k bytes received > 59901k bytes delivered > 705 senders > 297 sending hosts/domains > 414 recipients > 154 recipient hosts/domains > > > and per hour traffic including sent, received, deferred, boucned, and > rejected per hour > > Per-Hour Traffic Summary > time received delivered deferred bounced rejected > -------------------------------------------------------------------- > 0000-0100 240 221 6 0 2 > 0100-0200 158 142 3 0 1 > 0200-0300 174 172 4 0 3 > 0300-0400 111 108 5 0 3 > 0400-0500 104 108 5 0 8 > 0500-0600 89 85 2 0 2 > 0600-0700 116 115 3 0 4 > 0700-0800 116 123 5 0 1 > 0800-0900 144 137 16 0 3 > 0900-1000 153 167 11 0 3 > 1000-1100 142 166 2 1 4 > 1100-1200 178 183 7 0 1 > 1200-1300 126 138 3 0 0 > 1300-1400 151 153 5 0 2 > 1400-1500 176 183 2 3 1 > 1500-1600 178 182 5 1 0 > 1600-1700 224 234 3 0 8 > > Deliveries per domain with defers and delays: > > Host/Domain Summary: Message Delivery (top 20) > sent cnt bytes defers avg dly max dly host/domain > -------- ------- ------- ------- ------- ----------- > 1417 6752k 0 1.0 m 5.8 m go2france.com > 564 3146k 0 45.8 s 2.9 m meiway.com > 195 17216k 0 1.5 m 4.1 m sergent-major.com > 151 13950k 0 1.4 m 4.8 m baxifrance.com > 57 2456k 3 3.5 m 36.0 m maf.or.ke > 23 1306k 0 1.8 m 4.1 m accesskenya.com > 23 822k 0 10.4 s 39.0 s wanadoo.fr > 14 46098 0 3.3 m 4.3 m lcrkenya.com > 12 240378 0 1.8 m 2.9 m triad.co.ke > 11 387776 1 4.9 m 30.9 m dtdobie.co.ke > 10 20023 0 9.5 s 53.0 s avrupavitrin.com > 9 292144 0 3.9 s 12.0 s baxi.co.uk > 9 75063 0 1.7 m 2.4 m antipest.co.ke > 9 48269 0 1.5 m 1.7 m protec.co.ke > 8 482495 0 1.7 m 2.7 m tradewinds.co.ke > 8 178166 0 2.0 s 3.0 s ota.fr.socgen.com > 7 579k 0 9.0 s 39.0 s hotmail.com > 7 68599 0 33.4 s 1.2 m armandthiery.fr > 6 1333k 0 5.2 s 18.0 s aol.com > 6 595k 0 3.0 s 10.0 s club-internet.fr > > Top x Mail From: by @senderdomain, by msgs and volume: > > Host/Domain Summary: Messages Received (top 20) > msg cnt bytes host/domain > -------- ------- ----------- > 519 1499k lists.isp-lists.com > 392 1322k freebsd.org > 94 3770k sergent-major.com > 87 310927 cygwin.com > 76 4251k baxifrance.com > 71 310468 lists.sourceforge.net > 67 173830 squid-cache.org > 66 172989 houseoffusion.com > 62 196490 postfix.org > > > top x Mail From: by sender@, by msgs and volume: > > top 20 Senders by message count > ------------------------------- > 226 [EMAIL PROTECTED] > 138 [EMAIL PROTECTED] > 132 [EMAIL PROTECTED] > 66 [EMAIL PROTECTED] > 62 [EMAIL PROTECTED] > 60 from=<> > 54 [EMAIL PROTECTED] > 52 [EMAIL PROTECTED] > 52 [EMAIL PROTECTED] > > > The preceding two sections are repeated for RCPT to: > recipient@recipientdomain. > > and then all the detail sections for delivery problems: > > message deferral detail > ----------------------- > smtp > 75 Operation timed out > 6 212.49.94.100[212.49.94.100]: Operation timed out > 2 mail.vei.net[207.244.8.40]: server dropped connection > 1 m4.caramail.com[195.68.99.64]: Connection refused > 1 tounes.tngw.tn[193.95.50.117]: Operation timed out > 1 lost connection with smtp-gw-4.msn.com[207.46.181.13] while se... > 1 4.3.1 Out of memory > > message bounce detail (by relay) > -------------------------------- > mx07.hotmail.com[64.4.42.7] > 1 Requested action not taken: mailbox unavailable > mx1.mail.yahoo.com[64.157.4.83] > 1 dd Sorry, your message to [EMAIL PROTECTED] cannot be > de... > mx14.hotmail.com[65.54.232.7] > 1 Requested action not taken:user account inactive > none > 1 Name service error for sida-info.fr: Host not found > smtp.wanadoo.fr[193.252.19.163] > 1 RCPT <[EMAIL PROTECTED]> ERROR. Mailbox doesn't e... > > message reject detail > --------------------- > RCPT > Client host rejected: access denied > 1 postmasterdirect.com > Recipient address rejected: unknown user > 1 [EMAIL PROTECTED] > Sender address rejected: Domain not found > 1 [EMAIL PROTECTED] > 1 [EMAIL PROTECTED] > 1 [EMAIL PROTECTED] > blocked using dialups.relays.osirusoft.com > 1 van-bc60-124.netcom.ca > blocked using inputs.orbz.org > 1 210.71.194.66 > blocked using relays.ordb.org > 4 mailgateway.sirnet.it > 4 209.164.15.193 > 2 servecast.com > 2 61.33.75.3 > 2 arakor.co.kr > 2 meda.net > 1 195.30.6.2 > 1 cnc.net > > regex filtering report: > > cleanup process > > body > 2 ?name="ChiracDance.exe" > 1 name="GameSpy.exe" > 1 ?name="psapi.dll" > 1 ? name="DOCS.DOC.pif" > > header > 1 Subject: FW: VIRUS ALERT!!!! > 1 From: =?GB2312?B?uN/P6A==?= <[EMAIL PROTECTED]> > > Almost makes you want to run IMGate (free) just to get the pflogsumm > reports (free)!! :)) > > There is also an option to see how long IMGate stays in connection with > sending mail servers. I used this report to show the CoolFusion people > last summer that their iMS product was seriously broken, and they fixed it. > > I should mention that FreeBSD has trafshow and Linux has iptraf that show > you in real-time the traffic by protocol and by sending/receiving hostname > through your IMGate box. > > Because all Imail inbound/outbound goes through IMGate, we don't bother > with IMail stats anymore. About the only thing that would be interesting, > for us, would be the pop activity (don't do enough web mail to worry > about). But soon we will have Imail doing pop3 syslog-ging to IMGate (for > pop-before-smtp dynamic relay access control) so we'll have those stats, too. > > Len > > > http://MenAndMice.com/DNS-training > http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K > http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways > > > Please visit http://www.ipswitch.com/support/mailing-lists.html > to be removed from this list. > > An Archive of this list is available at: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
