• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

qmail SMTP logging?

T

twrs

Guest
I'd like to track how many messages sent from any user mailbox in any domains. I tried to install isoqlog but it doesn't seem to work properly. I use the following settings in isoqlog.conf:

logtype = "qmail-syslog"
logstore = "/usr/local/psa/var/log/maillog"

The PSA maillog doesn't seem to record the SMTP AUTH users. Is this normal?

Is there any way we can track outbound SMTP activity in qmail?

Thanks for the help.
 
Actually my opinion is that Plesk lacks hugely in the user logging department. It would be nice to have a clear cut way of seeing who did what and when, etc.

Anyhow, you can view SMTP connections in the following file:

/var/log/secure

It shows the IP addresses which is helpful but that's about it unfortunately.

- Chris
 
Thanks, but /var/log/secure is not that helpful :(

So do you think there's a patch for qmail to enable extra logging in /usr/local/psa/var/log/maillog?
 
I think if there was a readily available patch for helpful logging, then it would already be provided with Plesk...

This is where it lacks in my opinion because things like spam tracking are like finding a needle in a haystack.

- Chris
 
Sorry for maybe messing the topic up, but are there any good documentation about logging in general on a plesk server? I'm quite new using plesk and are a bit confused to not find good logfiles in /var/log, There must be some way to get more information in the logs.
 
Well, the /usr/local/psa/var/log/maillog file shows Qmail activity for local mail deliveries (incoming) and outgoing redirections.

The /var/log/secure file shows the IP addresses sending/relaying mail from your server.

Other than that there is nothing which shows the user that is sending an email which is unfortunate.

As I said, I feel this is where Plesk lacks.

If we want to see better logging then we need to ask SWsoft for this request in future versions.

I am not sure how high the demand for better activity logging is, however?
 
Yeah, if SW-Soft can add a better activity logging for SMTP, that'd be great. It's easier to track spammers or users that abuse the mailservers.

Another question, can you hard limit the mailing rate in qmail? Like 600 mails per hour or so?
 
Technically speaking, as far as I am aware, Qmail doesn't have a setting for restricting the volume of mail by time.

It does have the ability to restrict the number of concurrent SMTP connections - for instance, if you predict a remote mail delivery to take 1 second then you could restrict the number of simultaneous SMTP connections to just 1. At 1 SMTP connection with a delivery lasting 1 second, you could achieve 3600 deliveries an hour.

You just need to edit the value in this file or create the file if it doesn't exist:

/var/qmail/control/concurrencylocal

All it needs to contain is the numeric value you want to set on a single line at the top of the file (nothing else). Then restart Qmail for the changes to take effect:

/etc/rc.d/init.d/qmail restart

I am not sure why you would want to restrict the number of messages per hour - if it is to prevent spammers then I would recommend fixing the problem rather than just toning it down.

- Chris
 
Note about logging...

I do like the more detailed logging of ART's qmail-scanner package.

It logs outbound SMTP in the form of:

from='[email protected]', subj='blah', via SMTP from ip.ad.dr.ess
(in it's /var/spool/qmailscan/qmail-queue.log), matching log entries in the normal /usr/local/psa/var/log/maillog occur, but are a bit less informative and harder to read/parse.
 
Good point jamesyeeoc - do you think it would be good to ask SWsoft to implement some better logging in a future version?

I suppose to a certain extent it isn't their responsibility as they don't make Qmail, however. Nevertheless it would be nice to see a log format which clearly shows the username of the user sending mail, etc.

- Chris
 
Thanks for the tips guys.

jamesyeeoc, does ART's qmail-scanner log the original user account sending the mails?
 
Here is a sample of what it shows when I send a test message from my laptop via Outlook thru my account on one of my test servers.
Code:
16:30:57 PDT:20533: return-path='[email protected]', recips='[email protected]'
Sun, 02 Oct 2005 16:30:57 PDT:20533: from='<[email protected]>', subj='test smtp logging', via SMTP from ip.add.re.ss
Sun, 02 Oct 2005 16:31:11 PDT:20533: clamdscan: finished scan in 1.31725 secs
Sun, 02 Oct 2005 16:31:12 PDT:20533: fprot: finished scan in 0.939011 secs
 
Back
Top