1 (edited by gaudec 2015-01-11 18:52:32)

Topic: Logwatch shows too many e-mails sent by Postfix

======== Required information ====
- iRedMail version: 0.9.0
- Store mail accounts in MySQL
- Linux/BSD distribution name and version: Ubuntu 12.04
- Related log if you're reporting an issue:
====

Hi. I'm wondering why logwatch says 97 e-mails accepted, and 74 sent via smtp. During this period I only sent about 14 e-mails and received 10. Maybe I just don't understand what these mean. Or is someone sending e-mails using my server? Can I configure the server so only I can send e-mail? Or is that not possible / unpolite, as my server should be part of global e-mail distribution?

--------------------- Postfix Begin ------------------------ 

 ****** Summary *************************************************************************************
 
       26   Miscellaneous warnings  
 
    1.392M  Bytes accepted                           1,459,941
  989.154K  Bytes sent via SMTP                      1,012,894
  454.319K  Bytes delivered                            465,223
    7.838K  Bytes forwarded                              8,026
 ========   ==================================================
 
       97   Accepted                                    78.86%
       26   Rejected                                    21.14%
 --------   --------------------------------------------------
      123   Total                                      100.00%
 ========   ==================================================
 
       17   5xx Reject HELO/EHLO                        65.38%
        3   5xx Reject unknown user                     11.54%
        6   5xx Reject sender address                   23.08%
 --------   --------------------------------------------------
       26   Total 5xx Rejects                          100.00%
 ========   ==================================================
 
       62   4xx Reject recipient address               100.00%
 --------   --------------------------------------------------
       62   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
      183   Connections             
       39   Connections lost (inbound) 
      183   Disconnections          
       99   Removed from queue      
       29   Delivered               
       74   Sent via SMTP           
        2   Forwarded               
 
        2   SMTP dialog errors      
       16   SASL authenticated messages 

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 (edited by gaudec 2015-01-11 18:44:52)

Re: Logwatch shows too many e-mails sent by Postfix

I noticed two things:

- Sent e-mails seem to be counted twice. If I sent 1 e-mail to a specific domain, in "Sent via SMTP" it counts as 2. If I sent 2 e-mails, it counts as 4. But not always because in one case there's a 37, in another case a 5. Those are odd numbers, can't be always N*2.
- One of the sent e-mails was CCd to 6 people, so that probably counts as a few extra e-mails.

3

Re: Logwatch shows too many e-mails sent by Postfix

Please check postfix log file (/var/log/mail.log) to find more details about sent/received mails.

4

Re: Logwatch shows too many e-mails sent by Postfix

Thank you. I had tried, but the log is so verbose that it was hard to know what I was looking for.

By doing

sudo cat mail.log | grep "Jan 10" | grep Passed

I see 50 known e-mails that were sent and received.

I've read online that e-mails can be counted twice "(because Postfix delivers emails to amavisd which then - after successful scanning - delivers the mails back to Postfix)". That would explain the higher number I guess.

(sorry for the noob questions smile

5

Re: Logwatch shows too many e-mails sent by Postfix

Verbose log is useful for troubleshooting, i suggest you try to read them line by line, and try to understand what it means. smile