maillog question

Discussion in 'Plesk for Linux - 8.x and Older' started by areiseek, Nov 21, 2005.

  1. areiseek

    I have entries like the following in my maillog:

    Nov 21 05:58:06 XXXX pop3d: 1082684293.552948 LOGOUT, user=NAME, ip=[XX.XX.XX.XX], top=0, retr=12453, time=16, rcvd=41, sent=13423, maildir=/var/qmail/mailnames/DOMAIN.COM/NAME/Maildir

    I'm a complete newbie and I'm trying to get up to speed on things like this. Been googling all morning on the subject, but if this is what I think it is, I need to do something now. We host a small number of web sites that we design and maintain... The account above has been a customer for years and I know they're not up to anything but I need to know whats going on here. First of all, is the log entry really saying they sent 13423 messages?

    Second, is there a way to view the maillog file via the Plesk (7.5.2) interface? I'm using SSH but I'm struggling with it. (I will learn to use it properly, but in the meantime, I'd like an easy way to keep track of this problem)

    And finally, we just started hosting these sites on our own box where before we leased space from another company... since problems like this are mine now, any suggestions where to start to learn a little more on the subject... (I know... google is our friend)

  2. hardweb

    Those figures refer to bytes, not to the number of messages :)

    And there is no way to see in the Plesk panel these log messages.
  3. areiseek

    Thank you, that's a relief.

    I do have another question... when I look at the current server traffic, this same customer has about 200-250 MB of SMTP and POP traffic. That seems like too much but I have so few accounts to compare it to. It's 20-30 times what my own domain does.

    If this is something to be concerned about, how do I go about checking what's going on? If I review the maillog line by line, is there anything in particuar I should be looking for?

    Thanks so much for your help.
  4. ShadowMan@

    And just in case you didn't already know, this message just indicates that the client user's email program (Thunderbird, Outlook, etc) has logged in and grabbed their email message(s).

    250MB of traffic for SMTP is really not that much. We have some clients who do that much in a matter of minutes. It really depends on what they use their email for: passing around jokes and funny pictures, attaching AutoCad .dwg files to engineering firms, latest pictures of the baby to all the relatives, the list goes on and on ...

    Is that 250MB for an entire month, week, day, ? How many email users does the client have? What type of business do they run (engineering, online sales, real estate, etc)? Many things can affect a given company's email usage figures.
  5. areiseek

    I'm picking the "current traffic" icon from the client page, then looking at the domain detail to see a breakdown of http, smtp, etc. That's a month-to-date total as I understand.

    This is a small family business... husband and wife owners and two managers, so they have 4 mail users The business definitely does not require a lot of email but I bet you're right about the family pictures and such. I guess I'm just a little paranoid after reading a lot of the posts about offering mail.

    Thanks for the help.