Stats on smtp method used by clients (with pflogsumm or not)

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Stats on smtp method used by clients (with pflogsumm or not)

Nikolaos Milas
Hi,

Is there a solution to display stats on how many of the incoming smtp
connections were using port 25 and how many of them 587 (or other
custom)? (We are still allowing client connections to port 25.)

We are using pflogsumm (with --smtpd_stats options), but smtp stats
don't differentiate between smtp method.

pflogsumm customization to support this would probably be the best
solution. Anyone has something on it?

Ideally, pflogsumm could list total No. of connections per port (smtp,
submission, other).

Or any other suggestions?

Quick and dirty way (at least on linux) to display totals (example,
assuming -o syslog_name=postfix/submission for the submission daemon):

# grep -c -E 'postfix/submission/smtpd\[[0123456789]+\]: connect'
/var/log/maillog
# grep -c -E 'postfix/smtpd\[[0123456789]+\]: connect' /var/log/maillog

and we can isolate clients with smtp connections, excluding our mail
gateway, as follows:

# grep -E 'postfix/smtpd\[[0123456789]+\]: connect' /var/log/maillog |
grep -v 'mailgw' | awk '{ print $8 }' | sort | uniq

Thanks,
Nick
Reply | Threaded
Open this post in threaded view
|

Re: Stats on smtp method used by clients (with pflogsumm or not)

Wietse Venema
Nikolaos Milas:
> Hi,
>
> Is there a solution to display stats on how many of the incoming smtp
> connections were using port 25 and how many of them 587 (or other
> custom)? (We are still allowing client connections to port 25.)

You can make this visible in logging. In master.cf, add the port name:

submission inet n       -       n       -       -       smtpd
    -o syslog_name=postfix/submission
    ...
smtps     inet  n       -       n       -       -       smtpd
    -o syslog_name=postfix/smtps
    ...

In the logging you will see postfix/smtps/smtpd, postfix/submission/smtpd
and postfix/smtpd.

> We are using pflogsumm (with --smtpd_stats options), but smtp stats

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Stats on smtp method used by clients (with pflogsumm or not)

Jim Seymour-2
On Fri, 20 Jan 2012 08:15:35 -0500 (EST)
Wietse Venema <[hidden email]> wrote:

[snip]
>
> In the logging you will see postfix/smtps/smtpd,
> postfix/submission/smtpd and postfix/smtpd.
[snip]

Two things (addressed to the OP and other readers):

    1. This will break Pflogsumm.  It expects to see "postfix/smtpd"
    2. (1) is easily-fixed, but you still wouldn't see plain smtp,
       smtps and submission broken-out, as Pflogsumm currently has no
       code to provide for this.

If there's sufficiently wide demand for that feature, I can add it.

Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
Reply | Threaded
Open this post in threaded view
|

Re: Stats on smtp method used by clients (with pflogsumm or not)

Wietse Venema
James Seymour:
> On Fri, 20 Jan 2012 08:15:35 -0500 (EST)
> Wietse Venema <[hidden email]> wrote:
>
> [snip]
> >
> > In the logging you will see postfix/smtps/smtpd,
> > postfix/submission/smtpd and postfix/smtpd.
> [snip]

BTW this is the default setting as of Postfix 2.9, so it may
show up on distros in a year or so.

        Wietse

> Two things (addressed to the OP and other readers):
>
>     1. This will break Pflogsumm.  It expects to see "postfix/smtpd"
>     2. (1) is easily-fixed, but you still wouldn't see plain smtp,
>        smtps and submission broken-out, as Pflogsumm currently has no
>        code to provide for this.
>
> If there's sufficiently wide demand for that feature, I can add it.
>
> Regards,
> Jim
> --
> Note: My mail server employs *very* aggressive anti-spam
> filtering.  If you reply to this email and your email is
> rejected, please accept my apologies and let me know via my
> web form at <http://jimsun.LinxNet.com/contact/scform.php>.
>
Reply | Threaded
Open this post in threaded view
|

Re: Stats on smtp method used by clients (with pflogsumm or not)

Nikolaos Milas
In reply to this post by Jim Seymour-2
On 20/1/2012 4:47 μμ, James Seymour wrote:

> [snip]
>> In the logging you will see postfix/smtps/smtpd,
>> postfix/submission/smtpd and postfix/smtpd.
> [snip]
>
> Two things (addressed to the OP and other readers):
>
>      1. This will break Pflogsumm.  It expects to see "postfix/smtpd"
>      2. (1) is easily-fixed, but you still wouldn't see plain smtp,
>         smtps and submission broken-out, as Pflogsumm currently has no
>         code to provide for this.
>
> If there's sufficiently wide demand for that feature, I can add it.

Thanks Jim,

Can you please at least provide directions on how to do the fix when
logging as "postfix/submission/smtpd"??

We are doing this already, so, I guess pflogsumm-generated reports
should not be valid? (I understand that processing ignores log entries
tagged as "postfix/submission/smtpd".)

Whether smtp-type break out is of wide demand, I can't tell, but for us
it would be very nice. :-)

Thanks,
Nick
Reply | Threaded
Open this post in threaded view
|

Re: Stats on smtp method used by clients (with pflogsumm or not)

Jim Seymour-2
In reply to this post by Wietse Venema
On Fri, 20 Jan 2012 09:52:21 -0500 (EST)
Wietse Venema <[hidden email]> wrote:

> James Seymour:
> > On Fri, 20 Jan 2012 08:15:35 -0500 (EST)
> > Wietse Venema <[hidden email]> wrote:
> >
> > [snip]
> > >
> > > In the logging you will see postfix/smtps/smtpd,
> > > postfix/submission/smtpd and postfix/smtpd.
> > [snip]
>
> BTW this is the default setting as of Postfix 2.9, so it may
> show up on distros in a year or so.
[snip]

Well, then, I guess I best at least fix Pflogsumm so it doesn't break
with that.  Thanks for the heads up.

Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
Reply | Threaded
Open this post in threaded view
|

Re: Stats on smtp method used by clients (with pflogsumm or not)

Simon Brereton-2
In reply to this post by Jim Seymour-2
On 20 January 2012 09:47, James Seymour <[hidden email]> wrote:

> On Fri, 20 Jan 2012 08:15:35 -0500 (EST)
> Wietse Venema <[hidden email]> wrote:
>
> [snip]
>>
>> In the logging you will see postfix/smtps/smtpd,
>> postfix/submission/smtpd and postfix/smtpd.
> [snip]
>
> Two things (addressed to the OP and other readers):
>
>    1. This will break Pflogsumm.  It expects to see "postfix/smtpd"
>    2. (1) is easily-fixed, but you still wouldn't see plain smtp,
>       smtps and submission broken-out, as Pflogsumm currently has no
>       code to provide for this.
>
> If there's sufficiently wide demand for that feature, I can add it.

Consider this demand :)
Reply | Threaded
Open this post in threaded view
|

Re: Stats on smtp method used by clients (with pflogsumm or not)

Jim Seymour-2
In reply to this post by Nikolaos Milas
On Fri, 20 Jan 2012 17:00:14 +0200
Nikolaos Milas <[hidden email]> wrote:

[snip]
>
> Can you please at least provide directions on how to do the fix when
> logging as "postfix/submission/smtpd"??

Quick fix is attached as "pflogsumm_quickfix.txt."  There's no line
numbers, as I'm working from the next rev, which hasn't been released
yet, but the necessary edit should be fairly clear.

All this does is un-break Pflogsumm for the new sub-strings. It won't
break-out smtp, smtps and submission in the report.

>
[snip]
>
> Whether smtp-type break out is of wide demand, I can't tell, but for
> us it would be very nice. :-)

I suppose it might be fairly easy to do something like

    Grand Totals
    ------------
    ...

    smtpd

           9   connections (smtp: 4, smtps: 3, submission: 2)
           1   hosts/domains
           4   avg. connect time (seconds)
      0:00:38  total connect time

Or the like.  I'll look into it.  If it's easy, it'll make it into
1.1.4.  If not: It won't.  But the fix for the additional sub-strings
will be in there, regardless.

>
> Thanks,

You're welcome,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.

pflogsumm_quickfix.txt (326 bytes) Download Attachment