Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
There is a program called mailgratph what it does is graph stats based off the mailq and other queues, if i remember correctly (it has been a while) it will also graph different things like mail sent deferred and so on. it graphs to an html that can be accessed through a web browser. pretty nifty tool. also I am going to be wringing a script to output "cat /var/log/mail.log" to senders and receivers and to count. this is going to be done probably just using awk commands. let me know if this doesn't do the trick
There is a program called mailgratph what it does is graph stats based off the mailq and other queues, if i remember correctly (it has been a while) it will also graph different things like mail sent deferred and so on. it graphs to an html that can be accessed through a web browser. pretty nifty tool. also I am going to be wringing a script to output "cat /var/log/mail.log" to senders and receivers and to count. this is going to be done probably just using awk commands. let me know if this doesn't do the trick
Thanks, I have installed that already but it't too "summarized" , I would like more details. Especially per user.
Reviving a very old post. Just wanted to share a simple script I wrote for the purpose of monitoring failed logins in case it'd be helpful to anyone. https://github.com/ychaouche/mailcop
You can run mailcop to watch the logs in realtime or mailcop-mailer (in a cron) to give you daily stats.
Here's an example output of the mailer
Code:
Mailcop
=======
Statistiques des dernières attaques sur notre serveur de messagerie
Début : Aug 27 06:26:24
Fin : Aug 27 16:37:47
Top 10 des pays
---------------
10 Brazil
9 China
6 Mexico
5 Colombia
5 Chile
4 United States
3 Vietnam
3 Taiwan
3 South Africa
2 Turkey
Top 10 des addresses IP
-----------------------
192.168.100.82 96 IP Address not found
10.10.10.19 38 IP Address not found
52.169.26.62 6 US, United States
41.73.125.74 5 ML, Mali
93.149.107.116 4 IT, Italy
80.147.168.27 4 DE, Germany
59.100.16.223 4 AU, Australia
37.211.146.162 4 QA, Qatar
37.189.246.168 4 PT, Portugal
31.149.66.65 4 NL, Netherlands
Top 10 des logins utilisés
--------------------------
96 application@domain.tld
15 n.chabi@algrian-radio.dz
10 radiobahdja16@gmail.com
4 dafchaine1@algerien-radio.dz
3 test
3 postmaster
3 dafchaine1@eprs.dz
2 student
2 spam
2 sales
Dernières attaques
------------------
Aug 27 16:18:00 training 190.147.156.214:
Aug 27 16:21:25 application@domain.tld 192.168.100.82:
Aug 27 16:21:25 student 190.67.161.242:
Aug 27 16:24:28 ftpuser 86.35.227.122:
Aug 27 16:27:43 application@domain.tld 192.168.100.82:
Aug 27 16:27:56 webmaster 41.180.72.44:
Aug 27 16:31:28 audit 201.131.240.134:
Aug 27 16:34:01 application@domain.tld 192.168.100.82:
Aug 27 16:34:27 internet 52.174.4.62:
Aug 27 16:37:47 service 80.147.168.27:
Les 10 dernières addresses bloquées
-----------------------------------
pkts bytes target prot opt in out source destination
1 60 reject all -- * * 222.162.70.249 0.0.0.0/0
0 0 reject all -- * * 60.216.106.162 0.0.0.0/0
0 0 reject all -- * * 118.163.58.117 0.0.0.0/0
0 0 reject all -- * * 218.62.67.138 0.0.0.0/0
0 0 reject all -- * * 122.146.88.186 0.0.0.0/0
0 0 reject all -- * * 211.141.174.226 0.0.0.0/0
0 0 reject all -- * * 61.163.231.213 0.0.0.0/0
0 0 reject all -- * * 221.228.229.49 0.0.0.0/0
21 1064 reject all -- * * 200.49.145.161 0.0.0.0/0
And here's an example output of the live monitoring tool
Code:
root@messagerie[10.10.10.19] ~/SCRIPTS/MAIL # ./mailcop
Aug 22 18:06:02 a.chaouche@mydomain.tld 221.7.96.91:
Aug 22 18:06:07 adiomitidjann@mydomain.tld 58.20.55.71:
Aug 22 18:06:08 adioelbahdja@mydomain.tld 218.107.46.228:
Aug 22 18:06:24 a.chaouche 124.207.250.89:
Aug 22 18:06:30 adioelbahdja 63.227.77.160:
Aug 22 18:06:31 adiomitidjann 221.215.106.218:
Aug 22 18:07:08 jon 105.226.222.70:
Aug 22 18:07:21 aisonradio@mydomain.tld 111.1.89.230:
Aug 22 18:07:31 aine3@mydomain.tld 36.34.121.162:
Aug 22 18:07:44 aisonradio 222.137.252.18:
Aug 22 18:07:44 a.chaouche@mydomain.tld 183.234.60.38:
So over the time I wrote simple (often one liner) scripts to watch my mail server.
Take a look at this imgur album where I keep
one desktop to monitor my mail server activity.
I haven't taken the time to make the scripts generic enough to share for public usage,
but if there's interest I might spare some time for that.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Reviving again
