](https://gagor.pro/2011/09/pflogsumm-mail-statistics-for-postfix/images/cover.webp)
If you administer even a small mail server, you are surely aware that you cannot monitor logs in real-time. It is difficult to catch, for instance, a problem in communication with a certain domain. It is also hard to estimate the scale of traffic on the server in terms of both the number and volume of emails. It’s challenging to choose the domains for which it would be worthwhile to disable greylisting, etc…
Fortunately, there is a tool called pflogsumm1 that can generate quite comprehensive statistics from Postfix logs. This is very useful for the daily review of the “health status” of the mail server.
An example snippet of statistics from a small server looks like this:
Postfix log summaries for Jul 4
Grand Totals
------------
messages
1158 received
1261 delivered
0 forwarded
5 deferred (50 deferrals)
2 bounced
392 rejected (23%)
0 reject warnings
0 held
0 discarded (0%)
164898k bytes received
242985k bytes delivered
201 senders
77 sending hosts/domains
354 recipients
51 recipient hosts/domains
Per-Hour Traffic Summary
time received delivered deferred bounced rejected
--------------------------------------------------------------------
0000-0100 26 28 2 0 7
0100-0200 14 18 3 0 10
0200-0300 4 4 1 0 8
0300-0400 6 6 1 0 8
0400-0500 4 4 0 0 8
0500-0600 2 2 1 0 9
0600-0700 8 8 1 0 9
0700-0800 16 18 1 0 10
0800-0900 58 60 1 0 8
0900-1000 104 110 5 0 17
1000-1100 132 152 2 0 18
1100-1200 106 106 1 0 31
1200-1300 64 70 2 0 9
1300-1400 112 132 2 0 14
1400-1500 98 106 1 0 78
1500-1600 86 88 2 0 32
1600-1700 56 56 3 0 23
1700-1800 58 77 5 2 19
1800-1900 36 36 3 0 16
1900-2000 26 26 2 0 24
2000-2100 48 50 3 0 9
2100-2200 32 42 2 0 10
2200-2300 34 34 3 0 10
2300-2400 28 28 3 0 5
...
Host/Domain Summary: Message Delivery
sent cnt bytes defers avg dly max dly host/domain
-------- ------- ------- ------- ------- -----------
132 5688k 0 1.7 s 11.0 s gmail.com
104 2633k 0 4.6 s 2.8 m wp.pl
68 1525k 0 1.3 s 9.4 s interia.pl
42 744k 21 1.1 s 83.6 h o2.pl
30 89891 0 0.7 s 2.6 s op.pl
29 6677k 1 16.1 s 7.4 m poczta.onet.pl
26 540k 0 1.9 s 6.7 s poczta.fm
...
Host/Domain Summary: Messages Received
msg cnt bytes host/domain
-------- ------- -----------
50 4142k gmail.com
46 491259 facebookmail.com
38 1446k wp.pl
22 13520k interia.pl
14 675k o2.pl
10 105377 poczta.fm
10 57713 hotmail.com
... and many more ...
Installation on Debian:
apt-get install pflogsumm
For testing purposes, you can run the command as follows:
sudo pflogsumm -i -d yesterday /var/log/mail.log /var/log/mail.log.1
In my case, I rotate the logs daily at around 2:00 AM, so I specify two log file paths (the current and the previous day’s logs) so those two hours don’t slip by 😉
The above command will output the statistics in the form of nicely formatted text tables to the standard output. It’s worth looking into the other command parameters - you can use them to exclude statistics that do not interest you or change the default order.
Now, it’s worth setting up periodic reporting. Edit cron:
sudo crontab -e
To generate statistics, it’s best to choose a time when the server is less loaded (@daily means midnight), because the process of preparing them will significantly burden the CPU. Enter the command along with the parameters of interest:
@daily /usr/sbin/pflogsumm -i --problems_first --no_bounce_detail \
--no_deferral_detail -d yesterday \
/var/log/mail.log /var/log/mail.log.1 | \
mail -e -s "Mail Statistics at `uname -n`" postmaster
The next day, we will receive our statistics.
Enjoyed?
