sendmail_stats
Current version: 0.9Updated: 26 November 2002
sendmail_stats tries to analyze your sendmail logs and output an easy to understand and useful report. I have looked at around ten mail log analyzers; eximstats and pflogsumm are both good.
sendmail_stats reports:
- Time/date of log beginning and end
- Total bytes transferred and total MB transferred
- Total bytes in and total MB in (locally delivered)
- Number of messages sent out
- Number of messages coming in
- Messages per hour graph
- Top 20 remote sending hosts
- Total number of sending hosts and number of their attempted messages
- Top 20 destination hosts
- Total number of destination hosts and number of messages sent to them
- Top 20 local deliveries
- Total number of local accounts that received mail
- Total number of messages delivered locally
- Top 20 senders
- Total number of senders and total number of messages sent
Here is an interesting (unattributed, used with no permission) testimonial:
Hey, just wanted to say I've been using your script for a month or two now, and it's great. We run open relays (don't ask) and the evidence provided by your script was great to stick in management's face and tell them that over 50% of our traffic is spam. It also showed the legitimate users of our relay, and just how few of them there actually were.
Sample outputs:
version 0.07
version 0.05
version 0.03
The current version needs lots of work! It is far from complete plus I am sure that it will report a few inaccuracies and miss some information. I have used it for about six months on a mail server that handles over 24,000 messages and 700 MB of traffic daily. ... Now a couple years later, I found some problems that have been improved. I've been using it on a system than handles over 76.9 MB and 131,894 per week.
Tested with various versions of sendmail including 8.11.
Please let me know how this works for you.
Current version download:
sendmail_stats-0.9.txt (26/Nov/2002)
Old versions:
sendmail_stats-0.8.txt (07/Nov/2002)
sendmail_stats.0.07.txt (23/Feb/2002)
sendmail_stats.0.06.txt (22/Jun/2001)
sendmail_stats.0.05.txt (31/Aug/2000)
sendmail_stats.0.04.txt (31/May/2000)
sendmail_stats.0.03.txt (10/Mar/2000)
To do:
- double check bytes transferred
- report errors
- audit the results
- properly distinguish between bounces, problems and successful mail
- add "relay" reporting
If you have any ideas or want to contribute, please email me at jeremy@reedmedia.net. Please note that I rarely use sendmail any more; I use Exim and Postfix. I have received a few patches for .0.06 and older versions.
For a daily report, just use your crontab like:
30 5 * * * nobody /usr/contrib/bin/gunzip -c /var/log/maillog.0.gz |\ /usr/local/bin/sendmail_stats | /usr/bin/mail -s "sendmail stats" postmaster
To use:
- download file as a file (not as a webpage) to preserve formatting;
- make sure first line of file has correct path to your perl interpreter;
- make the file an executable script: "chmod u+x sendmail_stats"
- and edit the "$default_hostname = 'EDIT-THIS-default-domain.net';" line
- test with "./sendmail_stats < /path/to/maillog | less"
History/Changes
Version 0.9 26/Nov/2002? Add option to show the total bytes received for each individual email address in the log (default is on). Add option to make email addresses all lower case (so it will be case-insensitive) (default is on). Version 0.8 07/Nov/2002 Add debugging for testing, such as printing if log line is not in expected format. Adjust for newer log format. Check "sm-mta" log entries. Check for "relay" mailer also. Only add default hostname if username doesn't have "@" at-sign. 22/Feb/2002 Match null <> sender. Better regex (add spaces). If ctladdr (local address) use it instead of /path/to/file. Add more local delivery types (virtual and *file*). Fix hour count so it only counts for successfully relay or delivery. Report count of sending problems. Recount the total local deliveries (for comparisons). Renamed $delivered_messages variable to $sent_messages. 22/Jun/2001 Fixed regex where in some situations total bytes in, messages in and local deliveries was empty. 31/Aug/2000 Added output in megabytes for total bytes transferred and received Added log start and end times needed for reference! 31/May/2000 Fixed problem where it didn't find (match) all data also show stats for multi-users per "to=" and for programs (like procmail) Fix scaling for dots 10/Mar/2000 Changed scale for dots 8/Mar/2000 Fixed bug where the dots wrapped around screen 7/Mar/2000 Fixed bug where only 10 am and later hours showed stats
For your information:
eximstats reports:
Grand total summary of Volume, Messages, Hosts, Delayed and Failed for received and delivered. Deliveries by transport showing volume and messages. Messages received per hour (with dots representing a group of messages) Deliveries per hour (each dot is "n" delivery) Time spent on the queue for all messages Time spent on the queue for messages with at least one remote delivery Relayed messages Top 50 sending hosts by message count Top 50 sending hosts by volume Top 50 local senders by message count Top 50 local senders by volume Top 50 destinations by message count Top 50 destinations by volume Top 50 local destinations by message count Top 50 local destinations by volume Errors encountered: 0
pflogsumm reports:
Grand totals of messages (received, delivered, forwarded, deferred, bounced and rejected) Host/Domain Summary: Messages Received showing message count, bytes and host/domain. Senders by message count Recipients by message count Senders by message size Recipients by message size message deferral detail message bounce detail (by relay) message reject detail Warnings Fatal Errors Master daemon messages