1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

qmail SMTP logging?

Discussion in 'Plesk for Linux - 8.x and Older' started by twrs, Sep 29, 2005.

  1. twrs

    twrs Guest

    0
     
    I'd like to track how many messages sent from any user mailbox in any domains. I tried to install isoqlog but it doesn't seem to work properly. I use the following settings in isoqlog.conf:

    logtype = "qmail-syslog"
    logstore = "/usr/local/psa/var/log/maillog"

    The PSA maillog doesn't seem to record the SMTP AUTH users. Is this normal?

    Is there any way we can track outbound SMTP activity in qmail?

    Thanks for the help.
     
  2. cmaxwell

    cmaxwell Regular Pleskian

    25
    73%
    Joined:
    Aug 1, 2001
    Messages:
    150
    Likes Received:
    1
    Actually my opinion is that Plesk lacks hugely in the user logging department. It would be nice to have a clear cut way of seeing who did what and when, etc.

    Anyhow, you can view SMTP connections in the following file:

    /var/log/secure

    It shows the IP addresses which is helpful but that's about it unfortunately.

    - Chris
     
  3. twrs

    twrs Guest

    0
     
    Thanks, but /var/log/secure is not that helpful :(

    So do you think there's a patch for qmail to enable extra logging in /usr/local/psa/var/log/maillog?
     
  4. cmaxwell

    cmaxwell Regular Pleskian

    25
    73%
    Joined:
    Aug 1, 2001
    Messages:
    150
    Likes Received:
    1
    I think if there was a readily available patch for helpful logging, then it would already be provided with Plesk...

    This is where it lacks in my opinion because things like spam tracking are like finding a needle in a haystack.

    - Chris
     
  5. HopChop

    HopChop Guest

    0
     
    Sorry for maybe messing the topic up, but are there any good documentation about logging in general on a plesk server? I'm quite new using plesk and are a bit confused to not find good logfiles in /var/log, There must be some way to get more information in the logs.
     
  6. cmaxwell

    cmaxwell Regular Pleskian

    25
    73%
    Joined:
    Aug 1, 2001
    Messages:
    150
    Likes Received:
    1
    Well, the /usr/local/psa/var/log/maillog file shows Qmail activity for local mail deliveries (incoming) and outgoing redirections.

    The /var/log/secure file shows the IP addresses sending/relaying mail from your server.

    Other than that there is nothing which shows the user that is sending an email which is unfortunate.

    As I said, I feel this is where Plesk lacks.

    If we want to see better logging then we need to ask SWsoft for this request in future versions.

    I am not sure how high the demand for better activity logging is, however?
     
  7. twrs

    twrs Guest

    0
     
    Yeah, if SW-Soft can add a better activity logging for SMTP, that'd be great. It's easier to track spammers or users that abuse the mailservers.

    Another question, can you hard limit the mailing rate in qmail? Like 600 mails per hour or so?
     
  8. cmaxwell

    cmaxwell Regular Pleskian

    25
    73%
    Joined:
    Aug 1, 2001
    Messages:
    150
    Likes Received:
    1
    Technically speaking, as far as I am aware, Qmail doesn't have a setting for restricting the volume of mail by time.

    It does have the ability to restrict the number of concurrent SMTP connections - for instance, if you predict a remote mail delivery to take 1 second then you could restrict the number of simultaneous SMTP connections to just 1. At 1 SMTP connection with a delivery lasting 1 second, you could achieve 3600 deliveries an hour.

    You just need to edit the value in this file or create the file if it doesn't exist:

    /var/qmail/control/concurrencylocal

    All it needs to contain is the numeric value you want to set on a single line at the top of the file (nothing else). Then restart Qmail for the changes to take effect:

    /etc/rc.d/init.d/qmail restart

    I am not sure why you would want to restrict the number of messages per hour - if it is to prevent spammers then I would recommend fixing the problem rather than just toning it down.

    - Chris
     
  9. jamesyeeoc

    jamesyeeoc Guest

    0
     
    Note about logging...

    I do like the more detailed logging of ART's qmail-scanner package.

    It logs outbound SMTP in the form of:

    from='user@domain.tld', subj='blah', via SMTP from ip.ad.dr.ess
    (in it's /var/spool/qmailscan/qmail-queue.log), matching log entries in the normal /usr/local/psa/var/log/maillog occur, but are a bit less informative and harder to read/parse.
     
  10. cmaxwell

    cmaxwell Regular Pleskian

    25
    73%
    Joined:
    Aug 1, 2001
    Messages:
    150
    Likes Received:
    1
    Good point jamesyeeoc - do you think it would be good to ask SWsoft to implement some better logging in a future version?

    I suppose to a certain extent it isn't their responsibility as they don't make Qmail, however. Nevertheless it would be nice to see a log format which clearly shows the username of the user sending mail, etc.

    - Chris
     
  11. twrs

    twrs Guest

    0
     
    Thanks for the tips guys.

    jamesyeeoc, does ART's qmail-scanner log the original user account sending the mails?
     
  12. jamesyeeoc

    jamesyeeoc Guest

    0
     
    Here is a sample of what it shows when I send a test message from my laptop via Outlook thru my account on one of my test servers.
    Code:
    16:30:57 PDT:20533: return-path='me@mytestdomain.tld', recips='me@yahoo.com'
    Sun, 02 Oct 2005 16:30:57 PDT:20533: from='<me@mytestdomain.tld>', subj='test smtp logging', via SMTP from ip.add.re.ss
    Sun, 02 Oct 2005 16:31:11 PDT:20533: clamdscan: finished scan in 1.31725 secs
    Sun, 02 Oct 2005 16:31:12 PDT:20533: fprot: finished scan in 0.939011 secs
    
     
Loading...