Loading ...
Sorry, an error occurred while loading the content.
 

some postscreen(8) stats

Expand Messages
  • Sahil Tandon
    Before enabling DNSBL blocklists on one site, I was tasked with gathering some postscreen(8) statistics. I liked the information display in a previous
    Message 1 of 3 , Mar 31, 2012
      Before enabling DNSBL blocklists on one site, I was tasked with
      gathering some postscreen(8) statistics. I liked the information
      display in a previous thread[1], but did not require the geoIP and
      mapping features in Julien Vehent's script. So, I cobbled together a
      smaller log parser[2] to produce only the data I need; just sharing in
      case the information or script could be useful to others in the
      community.

      Example output, on a day earlier this week, aftering populating
      'postscreen_dnsbl_sites', but leaving the default action as 'ignore':

      UNIQ/TOTAL EVENT
      127/494 COMMAND COUNT LIMIT
      60/104 COMMAND PIPELINING
      355/492 COMMAND TIME LIMIT
      35823/634743 CONNECT
      31504/65612 DISCONNECT
      24259/323664 DNSBL
      22464/51380 HANGUP
      54/90 NON-SMTP
      8840/9300 PASS NEW
      11394/292608 PASS OLD
      4324/30342 PREGREET
      2/1447 WHITELISTED
      25760/32960 reject (450)
      4193/20639 reject (550)
      44/230 reject (all server ports busy)
      5/868 reject (too many connections)

      ... and for DNSBL clients only:

      UNIQ/TOTAL EVENT
      102/326 COMMAND COUNT LIMIT
      54/81 COMMAND PIPELINING
      299/408 COMMAND TIME LIMIT
      24259/389632 CONNECT
      23061/51893 DISCONNECT
      24259/323664 DNSBL
      19137/44210 HANGUP
      49/85 NON-SMTP
      1722/1787 PASS NEW
      2716/62660 PASS OLD
      3889/27267 PREGREET
      18643/24811 reject (450)
      3783/16010 reject (550)
      35/220 reject (all server ports busy)
      3/374 reject (too many connections)

      [1] http://article.gmane.org/gmane.mail.postfix.user/224979
      [2] http://people.freebsd.org/~sahil/scripts/mailstats.py.txt

      --
      Sahil Tandon
    • Julien Vehent
      ... The default usage of Postscreen_stats gives you the same thing, without the geoip/map information: $ ./postscreen_stats.py -f /var/log/mail.log === unique
      Message 2 of 3 , Apr 21, 2012
        On 2012-04-01 1:11, Sahil Tandon wrote:
        > Before enabling DNSBL blocklists on one site, I was tasked with
        > gathering some postscreen(8) statistics. I liked the information
        > display in a previous thread[1], but did not require the geoIP and
        > mapping features in Julien Vehent's script. So, I cobbled together a
        > smaller log parser[2] to produce only the data I need; just sharing in
        > case the information or script could be useful to others in the
        > community.
        >

        The default usage of Postscreen_stats gives you the same thing, without the
        geoip/map information:


        $ ./postscreen_stats.py -f /var/log/mail.log

        === unique clients/total postscreen actions ===
        2131/11010 CONNECT
        1/1 BARE NEWLINE
        30/33 COMMAND COUNT LIMIT
        13/16 COMMAND PIPELINING
        6/6 COMMAND TIME LIMIT
        463/536 DNSBL
        305/503 HANGUP
        12/15 NON-SMTP COMMAND
        1884/2258 NOQUEUE 450 deep protocol test reconnection
        1/42 NOQUEUE too many connections
        1577/1600 PASS NEW
        866/8391 PASS OLD
        181/239 PREGREET
        5/84 WHITELISTED


        And for DNSBL only:


        $ ./postscreen_stats.py -f /var/log/mail.log -a "DNSBL"

        === unique clients/total postscreen actions ===
        463/567 CONNECT
        11/14 COMMAND COUNT LIMIT
        12/15 COMMAND PIPELINING
        463/536 DNSBL
        147/160 HANGUP
        11/14 NON-SMTP COMMAND
        308/362 NOQUEUE 450 deep protocol test reconnection
        17/17 PASS NEW
        3/4 PASS OLD
        161/170 PREGREET



        Cheers,
        Julien
      • Sahil Tandon
        ... Indeed, but it is slower[1] (15.91s vs. 9.80s as per time(1) on a recent maillog), and seemingly inaccurate, e.g.: % ./postscreen_stats.py maillog ===
        Message 3 of 3 , Apr 22, 2012
          On Sat, 2012-04-21 at 11:24:26 -0400, Julien Vehent wrote:

          > On 2012-04-01 1:11, Sahil Tandon wrote:
          > >Before enabling DNSBL blocklists on one site, I was tasked with
          > >gathering some postscreen(8) statistics. I liked the information
          > >display in a previous thread[1], but did not require the geoIP and
          > >mapping features in Julien Vehent's script. So, I cobbled together a
          > >smaller log parser[2] to produce only the data I need; just sharing
          > >in case the information or script could be useful to others in the
          > >community.
          >
          > The default usage of Postscreen_stats gives you the same thing,
          > without the geoip/map information:
          > ...

          Indeed, but it is slower[1] (15.91s vs. 9.80s as per time(1) on a recent
          maillog), and seemingly inaccurate, e.g.:

          % ./postscreen_stats.py maillog
          === unique clients/total postscreen actions ===
          [ .. ]
          16215/48869 DNSBL
          12778/35372 HANGUP
          [ .. ]

          % grep ': DNSBL' maillog | wc -l
          48872

          % grep ': HANGUP' maillog | wc -l
          35374

          If you have any follow up questions, we can take this off-list given the
          OT nature of the discussion.

          [1] This may seem insignifcant, but makes an appreciable difference when
          creating reports across several log files.

          --
          Sahil Tandon
        Your message has been successfully submitted and would be delivered to recipients shortly.