Dies ist eine alte Version des Dokuments!
Mailserver - Logfileauswertungen unter CentOS 7.x
Oft werden vom Management hübsche bunte Auswertungsgraphiken gewünscht, um sich so mehr oder weniger ein Bild davon zu machen, ob und wie der/die Mailserver mit der anfallenden Menge an elektronischer Post umgehen können. Auch als Postmaster und Admin können wir uns so einen kurzen Überblick verschaffen, ob alles im grünen Bereich ist, ohne dazu extra langwierig im Logfile unseres Mailservers herumzusuchen. Hierzu stehen uns mehrere Hilfsprogramme zur Verfügung.
Im Detail wollen wir uns nun drei der Varianten genauer ansehen.
pflogsumm
Mit Hilfe dieses kleinen Perlscriptes können wir uns einen täglichen Statusbericht unseres Mailservers erstellen lassen und wissen so das was unserem MX widerfahren ist. 
Das Perlscript pflogsumm wertet hierzu das Logfile /var/log/maillog unseres Mailservers aus.
Installation
Das Perlscript pflogsumm befindet sich unter CentOS 7.x im Paket postfix-perl-scripts. Die Installation dieses Paketes gestaltet sich im gewohnten Maße sehr einfach mit Hilfe von YUM. Falls das Paket noch nicht installiert wurde, holen wir einfach diesen Schritt kurzer Hand nach.
# yum install postfix-perl-scripts -y
Was uns bei der Installation dieses Paketes alles mitgebracht wurde, zeigt uns folgender Aufruf.
# rpm -qil postfix-perl-scripts
Name : postfix-perl-scripts Epoch : 2 Version : 2.11.3 Release : 1.el7.centos Architecture: x86_64 Install Date: Thu 30 Oct 2014 01:35:54 PM CET Group : Applications/System Size : 111466 License : IBM and GPLv2+ Signature : RSA/SHA1, Thu 30 Oct 2014 01:23:00 PM CET, Key ID 60ecfb9e8195aea0 Source RPM : postfix-2.11.3-1.el7.centos.src.rpm Build Date : Thu 30 Oct 2014 12:57:01 PM CET Build Host : vml000200.dmz.nausch.org Relocations : (not relocatable) Packager : Django <django@mailserver.guru> Vendor : Django URL : http://www.postfix.org Summary : Postfix utilities written in perl Description : This package contains perl scripts pflogsumm and qshape. Pflogsumm is a log analyzer/summarizer for the Postfix MTA. It is designed to provide an over-view of Postfix activity. Pflogsumm generates summaries and, in some cases, detailed reports of mail server traffic volumes, rejected and bounced email, and server warnings, errors and panics. qshape prints Postfix queue domain and age distribution. /usr/sbin/pflogsumm /usr/sbin/qshape /usr/share/doc/postfix-2.11.3/pflogsumm-faq.txt /usr/share/man/man1/pflogsumm.1.gz /usr/share/man/man1/qshape.1.gz
Optionen beim Programmaufruf
Hinweise zur Konfiguration oder besser gesagt über die Optionen beim Aufruf des Programms zeigt ein Blick in die Manpage von pflogsumm.
# man pflogsumm
PFLOGSUMM(1) User Contributed Perl Documentation PFLOGSUMM(1)
NAME
pflogsumm.pl - Produce Postfix MTA logfile summary
Copyright (C) 1998-2010 by James S. Seymour, Release 1.1.3.
SYNOPSIS
pflogsumm.pl -[eq] [-d <today|yesterday>] [--detail <cnt>]
[--bounce_detail <cnt>] [--deferral_detail <cnt>]
[-h <cnt>] [-i|--ignore_case] [--iso_date_time] [--mailq]
[-m|--uucp_mung] [--no_bounce_detail] [--no_deferral_detail]
[--no_no_msg_size] [--no_reject_detail] [--no_smtpd_warnings]
[--problems_first] [--rej_add_from] [--reject_detail <cnt>]
[--smtp_detail <cnt>] [--smtpd_stats]
[--smtpd_warning_detail <cnt>] [--syslog_name=string]
[-u <cnt>] [--verbose_msg_detail] [--verp_mung[=<n>]]
[--zero_fill] [file1 [filen]]
pflogsumm.pl -[help|version]
If no file(s) specified, reads from stdin. Output is to stdout.
DESCRIPTION
Pflogsumm is a log analyzer/summarizer for the Postfix MTA. It is
designed to provide an over-view of Postfix activity, with just enough
detail to give the administrator a "heads up" for potential trouble
spots.
Pflogsumm generates summaries and, in some cases, detailed reports of
mail server traffic volumes, rejected and bounced email, and server
warnings, errors and panics.
OPTIONS
--bounce_detail <cnt>
Limit detailed bounce reports to the top <cnt>. 0
to suppress entirely.
-d today generate report for just today
-d yesterday generate report for just "yesterday"
--deferral_detail <cnt>
Limit detailed deferral reports to the top <cnt>. 0
to suppress entirely.
--detail <cnt>
Sets all --*_detail, -h and -u to <cnt>. Is
over-ridden by individual settings. --detail 0
suppresses *all* detail.
-e extended (extreme? excessive?) detail
Emit detailed reports. At present, this includes
only a per-message report, sorted by sender domain,
then user-in-domain, then by queue i.d.
WARNING: the data built to generate this report can
quickly consume very large amounts of memory if a
lot of log entries are processed!
-h <cnt> top <cnt> to display in host/domain reports.
0 = none.
See also: "-u" and "--*_detail" options for further
report-limiting options.
--help Emit short usage message and bail out.
(By happy coincidence, "-h" alone does much the same,
being as it requires a numeric argument :-). Yeah, I
know: lame.)
-i
--ignore_case Handle complete email address in a case-insensitive
manner.
Normally pflogsumm lower-cases only the host and
domain parts, leaving the user part alone. This
option causes the entire email address to be lower-
cased.
--iso_date_time
For summaries that contain date or time information,
use ISO 8601 standard formats (CCYY-MM-DD and HH:MM),
rather than "Mon DD CCYY" and "HHMM".
-m modify (mung?) UUCP-style bang-paths
--uucp_mung
This is for use when you have a mix of Internet-style
domain addresses and UUCP-style bang-paths in the log.
Upstream UUCP feeds sometimes mung Internet domain
style address into bang-paths. This option can
sometimes undo the "damage". For example:
"somehost.dom!username@foo" (where "foo" is the next
host upstream and "somehost.dom" was whence the email
originated) will get converted to
"foo!username@somehost.dom". This also affects the
extended detail report (-e), to help ensure that by-
domain-by-name sorting is more accurate.
--mailq Run "mailq" command at end of report.
Merely a convenience feature. (Assumes that "mailq"
is in $PATH. See "$mailqCmd" variable to path thisi
if desired.)
--no_bounce_detail
--no_deferral_detail
--no_reject_detail
These switches are depreciated in favour of
--bounce_detail, --deferral_detail and
--reject_detail, respectively.
Suppresses the printing of the following detailed
reports, respectively:
message bounce detail (by relay)
message deferral detail
message reject detail
See also: "-u" and "-h" for further report-limiting
options.
--no_no_msg_size
Do not emit report on "Messages with no size data".
Message size is reported only by the queue manager.
The message may be delivered long-enough after the
(last) qmgr log entry that the information is not in
the log(s) processed by a particular run of
pflogsumm.pl. This throws off "Recipients by message
size" and the total for "bytes delivered." These are
normally reported by pflogsumm as "Messages with no
size data."
--no_smtpd_warnings
This switch is depreciated in favour of
smtpd_warning_detail
On a busy mail server, say at an ISP, SMTPD warnings
can result in a rather sizeable report. This option
turns reporting them off.
--problems_first
Emit "problems" reports (bounces, defers, warnings,
etc.) before "normal" stats.
--rej_add_from
For those reject reports that list IP addresses or
host/domain names: append the email from address to
each listing. (Does not apply to "Improper use of
SMTP command pipelining" report.)
-q quiet - don't print headings for empty reports
note: headings for warning, fatal, and "master"
messages will always be printed.
--reject_detail <cnt>
Limit detailed smtpd reject, warn, hold and discard
reports to the top <cnt>. 0 to suppress entirely.
--smtp_detail <cnt>
Limit detailed smtp delivery reports to the top <cnt>.
0 to suppress entirely.
--smtpd_stats
Generate smtpd connection statistics.
The "per-day" report is not generated for single-day
reports. For multiple-day reports: "per-hour" numbers
are daily averages (reflected in the report heading).
--smtpd_warning_detail <cnt>
Limit detailed smtpd warnings reports to the top <cnt>.
0 to suppress entirely.
--syslog_name=name
Set syslog_name to look for for Postfix log entries.
By default, pflogsumm looks for entries in logfiles
with a syslog name of "postfix," the default.
If you've set a non-default "syslog_name" parameter
in your Postfix configuration, use this option to
tell pflogsumm what that is.
See the discussion about the use of this option under
"NOTES," below.
-u <cnt> top <cnt> to display in user reports. 0 == none.
See also: "-h" and "--*_detail" options for further
report-limiting options.
--verbose_msg_detail
For the message deferral, bounce and reject summaries:
display the full "reason", rather than a truncated one.
Note: this can result in quite long lines in the report.
--verp_mung do "VERP" generated address (?) munging. Convert
--verp_mung=2 sender addresses of the form
"list-return-NN-someuser=some.dom@host.sender.dom"
to
"list-return-ID-someuser=some.dom@host.sender.dom"
In other words: replace the numeric value with "ID".
By specifying the optional "=2" (second form), the
munging is more "aggressive", converting the address
to something like:
"list-return@host.sender.dom"
Actually: specifying anything less than 2 does the
"simple" munging and anything greater than 1 results
in the more "aggressive" hack being applied.
See "NOTES" regarding this option.
--version Print program name and version and bail out.
--zero_fill "Zero-fill" certain arrays so reports come out with
data in columns that that might otherwise be blank.
RETURN VALUE
Pflogsumm doesn't return anything of interest to the shell.
ERRORS
Error messages are emitted to stderr.
EXAMPLES
Produce a report of previous day's activities:
pflogsumm.pl -d yesterday /var/log/maillog
A report of prior week's activities (after logs rotated):
pflogsumm.pl /var/log/maillog.0
What's happened so far today:
pflogsumm.pl -d today /var/log/maillog
Crontab entry to generate a report of the previous day's activity
at 10 minutes after midnight.
10 0 * * * /usr/local/sbin/pflogsumm -d yesterday /var/log/maillog
2>&1 |/usr/bin/mailx -s "`uname -n` daily mail stats" postmaster
Crontab entry to generate a report for the prior week's activity.
(This example assumes one rotates ones mail logs weekly, some time
before 4:10 a.m. on Sunday.)
10 4 * * 0 /usr/local/sbin/pflogsumm /var/log/maillog.0
2>&1 |/usr/bin/mailx -s "`uname -n` weekly mail stats" postmaster
The two crontab examples, above, must actually be a single line
each. They're broken-up into two-or-more lines due to page
formatting issues.
SEE ALSO
The pflogsumm FAQ: pflogsumm-faq.txt.
NOTES
Pflogsumm makes no attempt to catch/parse non-Postfix log
entries. Unless it has "postfix/" in the log entry, it will be
ignored.
It's important that the logs are presented to pflogsumm in
chronological order so that message sizes are available when
needed.
For display purposes: integer values are munged into "kilo" and
"mega" notation as they exceed certain values. I chose the
admittedly arbitrary boundaries of 512k and 512m as the points at
which to do this--my thinking being 512x was the largest number
(of digits) that most folks can comfortably grok at-a-glance.
These are "computer" "k" and "m", not 1000 and 1,000,000. You
can easily change all of this with some constants near the
beginning of the program.
"Items-per-day" reports are not generated for single-day
reports. For multiple-day reports: "Items-per-hour" numbers are
daily averages (reflected in the report headings).
Message rejects, reject warnings, holds and discards are all
reported under the "rejects" column for the Per-Hour and Per-Day
traffic summaries.
Verp munging may not always result in correct address and
address-count reduction.
Verp munging is always in a state of experimentation. The use
of this option may result in inaccurate statistics with regards
to the "senders" count.
UUCP-style bang-path handling needs more work. Particularly if
Postfix is not being run with "swap_bangpath = yes" and/or *is* being
run with "append_dot_mydomain = yes", the detailed by-message report
may not be sorted correctly by-domain-by-user. (Also depends on
upstream MTA, I suspect.)
The "percent rejected" and "percent discarded" figures are only
approximations. They are calculated as follows (example is for
"percent rejected"):
percent rejected =
(rejected / (delivered + rejected + discarded)) * 100
There are some issues with the use of --syslog_name. The problem is
that, even with $syslog_name set, Postfix will sometimes still log
things with "postfix" as the syslog_name. This is noted in
/etc/postfix/sample-misc.cf:
# Beware: a non-default syslog_name setting takes effect only
# after process initialization. Some initialization errors will be
# logged with the default name, especially errors while parsing
# the command line and errors while accessing the Postfix main.cf
# configuration file.
As a consequence, pflogsumm must always look for "postfix," in logs,
as well as whatever is supplied for syslog_name.
Where this becomes an issue is where people are running two or more
instances of Postfix, logging to the same file. In such a case:
. Neither instance may use the default "postfix" syslog name
and...
. Log entries that fall victim to what's described in
sample-misc.cf will be reported under "postfix", so that if
you're running pflogsumm twice, once for each syslog_name, such
log entries will show up in each report.
The Pflogsumm Home Page is at:
http://jimsun.LinxNet.com/postfix_contrib.html
REQUIREMENTS
For certain options (e.g.: --smtpd_stats), Pflogsumm requires the
Date::Calc module, which can be obtained from CPAN at
http://www.perl.com.
Pflogsumm is currently written and tested under Perl 5.8.3.
As of version 19990413-02, pflogsumm worked with Perl 5.003, but
future compatibility is not guaranteed.
LICENSE
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You may have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
USA.
An on-line copy of the GNU General Public License can be found
http://www.fsf.org/copyleft/gpl.html.
1.1.3 2010-03-20 PFLOGSUMM(1)
Mit der Option -help werden die entsprechenden Optionen ebenfalls in Kurzform angezeigt.
# pflogsumm -help
usage: pflogsumm.pl -[eq] [-d <today|yesterday>] [--detail <cnt>]
[--bounce_detail <cnt>] [--deferral_detail <cnt>]
[-h <cnt>] [-i|--ignore_case] [--iso_date_time] [--mailq]
[-m|--uucp_mung] [--no_bounce_detail] [--no_deferral_detail]
[--no_no_msg_size] [--no_reject_detail] [--no_smtpd_warnings]
[--problems_first] [--rej_add_from] [--reject_detail <cnt>]
[--smtp_detail <cnt>] [--smtpd_stats]
[--smtpd_warning_detail <cnt>] [--syslog_name=string]
[-u <cnt>] [--verbose_msg_detail] [--verp_mung[=<n>]]
[--zero_fill] [file1 [filen]]
pflogsumm.pl --[version|help]
manueller Programmaufruf
Wollen wir uns einen Bericht des heutigen Tages ansehen, so generieren wir diesen on-the-fly mit:
# /usr/sbin/pflogsumm -d today /var/log/maillog
Interessiert uns was gestern los war, so lautet der Aufgruf ganz einfach:
# /usr/sbin/pflogsumm -d yesterday /var/log/maillog
automatischer Programmaufruf
Für die tägliche Erstellung unserer Mailserverstatistik bemühen wir nun ganz einfach unseres cron-deamon.
Hierzu legen wir mit dem Editor unserer Wahl eine betreffende Konfigurationsdatei an, bzw. ergänzen die bereits vorhandene Datei.
# vim /etc/crontab
# Django : 2015-01-30 #täglicher Statusbericht unseres Mailservers postfix 10 0 * * * root /usr/sbin/pflogsumm -d yesterday /var/log/maillog 2>&1 | /bin/mailx -s "mx-test.dmz.nausch.org daily mail stats" postmaster@nausch.org
Täglich um 00:10 Uhr wird die Statistik des letzten Tages erstellt und mittels mailx als eMail an den postmaster verschickt. Das Paket mailx muss dazu natürlich installiert sein, falls (noch) nicht, holen wir dies kurz noch nach.
# yum install mailx -y
Date: Mon, 13 Oct 2008 00:10:03 +0200 (CEST)
From: root <root@nausch.org>
To: postmaster@nausch.org
Subject: mx-test.dmz.nausch.org daily mail stats
Postfix log summaries for Feb 01
Grand Totals
------------
messages
31 received
27 delivered
0 forwarded
0 deferred
0 bounced
339 rejected (92%)
0 reject warnings
0 held
0 discarded (0%)
353252 bytes received
353252 bytes delivered
16 senders
16 sending hosts/domains
4 recipients
1 recipient hosts/domains
Per-Hour Traffic Summary
time received delivered deferred bounced rejected
--------------------------------------------------------------------
0000-0100 0 0 0 0 0
0100-0200 0 0 0 0 0
0200-0300 0 0 0 0 0
0300-0400 0 0 0 0 0
0400-0500 1 0 0 0 3
0500-0600 1 1 0 0 24
0600-0700 0 0 0 0 10
0700-0800 0 0 0 0 2
0800-0900 4 3 0 0 7
0900-1000 3 3 0 0 18
1000-1100 3 2 0 0 18
1100-1200 2 2 0 0 29
1200-1300 2 2 0 0 25
1300-1400 2 1 0 0 20
1400-1500 0 0 0 0 37
1500-1600 0 0 0 0 22
1600-1700 0 0 0 0 24
1700-1800 2 2 0 0 31
1800-1900 3 3 0 0 12
1900-2000 3 3 0 0 10
2000-2100 4 4 0 0 19
2100-2200 1 1 0 0 2
2200-2300 0 0 0 0 19
2300-2400 0 0 0 0 7
Host/Domain Summary: Message Delivery
sent cnt bytes defers avg dly max dly host/domain
-------- ------- ------- ------- ------- -----------
872 6405k 0 2.1 s 2.4 m nausch.org
...
...
Fatal Errors: none
Panics: none
Master daemon messages
----------------------
1 reload configuration /etc/postfix
mailgraph
Eine ansprechende graphische Übersicht kann mittels Mailgraph erstellt werden. Das passende Paket mailgraph installieren wir aus dem Repository mailserver.guru.
Mailgraph besteht im wesentlichen aus zwei Teilen. Das eine perl-Script ist zuständig für das Durchsuchen und Analysieren des Mailserver-Logdatei. Die gewonnenen Daten werden in rrd-Datendateien geschrieben. Ein zweites Perl cgi-Script generiert dann beim Aufrufen der zugehörigen Webseite Graphiken mit den Daten der rrd-Dateien.
Installation
Mit Hilfe von yum holen wir uns als erstes das benötigte Paket auf unser System.
# yum install mailgraph -y
Den Inhalt des Paketes inspizieren wir bei Bedarf mit folgendem Aufruf.
# rpm -qil mailgraph
Name : mailgraph Version : 1.14 Release : 1.el7.centos Architecture: noarch Install Date: Fri 30 Jan 2015 03:21:39 PM CET Group : System Environment/Daemons Size : 66890 License : GPL+ Signature : RSA/SHA1, Fri 30 Jan 2015 09:57:54 AM CET, Key ID 60ecfb9e8195aea0 Source RPM : mailgraph-1.14-1.el7.centos.src.rpm Build Date : Fri 30 Jan 2015 09:57:42 AM CET Build Host : vml000200.dmz.nausch.org Relocations : (not relocatable) Packager : Django <django@mailserver.guru> URL : http://mailgraph.schweikert.ch/ Summary : A RRDtool frontend for Mail statistics Description : Mailgraph is a very simple mail statistics RRDtool frontend for Postfix and Sendmail that produces daily, weekly, monthly and yearly graphs of received/sent and bounced/rejected mail. /etc/httpd/conf.d/mailgraph.conf /etc/sysconfig/mailgraph /usr/lib/systemd/system/mailgraph.service /usr/sbin/mailgraph /usr/share/doc/mailgraph-1.14 /usr/share/doc/mailgraph-1.14/CHANGES /usr/share/doc/mailgraph-1.14/COPYING /usr/share/doc/mailgraph-1.14/README /usr/share/mailgraph /usr/share/mailgraph/mailgraph.cgi /usr/share/mailgraph/mailgraph.css /var/cache/mailgraph /var/lib/mailgraph
Konfiguration
Die Konfiguration von mailgraph selbst gestaltet sich sehr einfach. Über die Konfigurationsdatei /etc/sysconfig/mailgraph können wir angeben, wo das Logfile unseres Mailservers zu finden ist. Unter CentOS ist dies /var/log/maillog. Mit der Option –ignore-localhost können wir mailgraph anweisen, Nachrichten von localhost nicht in die Statistik aufzunehmen, die Mails also nicht „doppelt“ zu zählen, wenn z.B. Postfix _und_ AMaViS auf dem gleichen Host laufen.
# vim /etc/sysconfig/mailgraph
- /etc/sysconfig/mailgraph
MAILLOG=/var/log/maillog PRIORITY=-19 OPTIONS=--ignore-localhost
Will man die Sprache bei der Webseite, oder die Farben der Grafiken anpassen, schreibt man einfach seine Änderungen direkt in das übersichtliche CGI-Script.
# vim cat /usr/share/mailgraph/mailgraph.cgi
- cat /usr/share/mailgraph/mailgraph.cgi
#!/usr/bin/perl -w # mailgraph -- postfix mail traffic statistics # copyright (c) 2000-2007 ETH Zurich # copyright (c) 2000-2007 David Schweikert <david@schweikert.ch> # released under the GNU General Public License use RRDs; use POSIX qw(uname); my $VERSION = "1.14"; my $host = (POSIX::uname())[1]; my $scriptname = 'mailgraph.cgi'; my $xpoints = 540; my $points_per_sample = 3; my $ypoints = 160; my $ypoints_err = 96; my $rrd = '/var/lib/mailgraph/mailgraph.rrd'; # path to where the RRD database is my $rrd_virus = '/var/lib/mailgraph/mailgraph_virus.rrd'; # path to where the Virus RRD database is my $tmp_dir = '/var/cache/mailgraph'; # temporary directory where to store the images my @graphs = ( { title => 'Last Day', seconds => 3600*24, }, { title => 'Last Week', seconds => 3600*24*7, }, { title => 'Last Month', seconds => 3600*24*31, }, { title => 'Last Year', seconds => 3600*24*365, }, ); my %color = ( sent => '000099', # rrggbb in hex received => '009900', rejected => 'AA0000', bounced => '000000', virus => 'DDBB00', spam => '999999', ); sub rrd_graph(@) { my ($range, $file, $ypoints, @rrdargs) = @_; my $step = $range*$points_per_sample/$xpoints; # choose carefully the end otherwise rrd will maybe pick the wrong RRA: my $end = time; $end -= $end % $step; my $date = localtime(time); $date =~ s|:|\\:|g unless $RRDs::VERSION < 1.199908; my ($graphret,$xs,$ys) = RRDs::graph($file, '--imgformat', 'PNG', '--width', $xpoints, '--height', $ypoints, '--start', "-$range", '--end', $end, '--vertical-label', 'msgs/min', '--lower-limit', 0, '--units-exponent', 0, # don't show milli-messages/s '--lazy', '--color', 'SHADEA#ffffff', '--color', 'SHADEB#ffffff', '--color', 'BACK#ffffff', $RRDs::VERSION < 1.2002 ? () : ( '--slope-mode'), @rrdargs, 'COMMENT:['.$date.']\r', ); my $ERR=RRDs::error; die "ERROR: $ERR\n" if $ERR; } sub graph($$) { my ($range, $file) = @_; my $step = $range*$points_per_sample/$xpoints; rrd_graph($range, $file, $ypoints, "DEF:sent=$rrd:sent:AVERAGE", "DEF:msent=$rrd:sent:MAX", "CDEF:rsent=sent,60,*", "CDEF:rmsent=msent,60,*", "CDEF:dsent=sent,UN,0,sent,IF,$step,*", "CDEF:ssent=PREV,UN,dsent,PREV,IF,dsent,+", "AREA:rsent#$color{sent}:Sent ", 'GPRINT:ssent:MAX:total\: %8.0lf msgs', 'GPRINT:rsent:AVERAGE:avg\: %5.2lf msgs/min', 'GPRINT:rmsent:MAX:max\: %4.0lf msgs/min\l', "DEF:recv=$rrd:recv:AVERAGE", "DEF:mrecv=$rrd:recv:MAX", "CDEF:rrecv=recv,60,*", "CDEF:rmrecv=mrecv,60,*", "CDEF:drecv=recv,UN,0,recv,IF,$step,*", "CDEF:srecv=PREV,UN,drecv,PREV,IF,drecv,+", "LINE2:rrecv#$color{received}:Received", 'GPRINT:srecv:MAX:total\: %8.0lf msgs', 'GPRINT:rrecv:AVERAGE:avg\: %5.2lf msgs/min', 'GPRINT:rmrecv:MAX:max\: %4.0lf msgs/min\l', ); } sub graph_err($$) { my ($range, $file) = @_; my $step = $range*$points_per_sample/$xpoints; rrd_graph($range, $file, $ypoints_err, "DEF:bounced=$rrd:bounced:AVERAGE", "DEF:mbounced=$rrd:bounced:MAX", "CDEF:rbounced=bounced,60,*", "CDEF:dbounced=bounced,UN,0,bounced,IF,$step,*", "CDEF:sbounced=PREV,UN,dbounced,PREV,IF,dbounced,+", "CDEF:rmbounced=mbounced,60,*", "AREA:rbounced#$color{bounced}:Bounced ", 'GPRINT:sbounced:MAX:total\: %8.0lf msgs', 'GPRINT:rbounced:AVERAGE:avg\: %5.2lf msgs/min', 'GPRINT:rmbounced:MAX:max\: %4.0lf msgs/min\l', "DEF:virus=$rrd_virus:virus:AVERAGE", "DEF:mvirus=$rrd_virus:virus:MAX", "CDEF:rvirus=virus,60,*", "CDEF:dvirus=virus,UN,0,virus,IF,$step,*", "CDEF:svirus=PREV,UN,dvirus,PREV,IF,dvirus,+", "CDEF:rmvirus=mvirus,60,*", "STACK:rvirus#$color{virus}:Viruses ", 'GPRINT:svirus:MAX:total\: %8.0lf msgs', 'GPRINT:rvirus:AVERAGE:avg\: %5.2lf msgs/min', 'GPRINT:rmvirus:MAX:max\: %4.0lf msgs/min\l', "DEF:spam=$rrd_virus:spam:AVERAGE", "DEF:mspam=$rrd_virus:spam:MAX", "CDEF:rspam=spam,60,*", "CDEF:dspam=spam,UN,0,spam,IF,$step,*", "CDEF:sspam=PREV,UN,dspam,PREV,IF,dspam,+", "CDEF:rmspam=mspam,60,*", "STACK:rspam#$color{spam}:Spam ", 'GPRINT:sspam:MAX:total\: %8.0lf msgs', 'GPRINT:rspam:AVERAGE:avg\: %5.2lf msgs/min', 'GPRINT:rmspam:MAX:max\: %4.0lf msgs/min\l', "DEF:rejected=$rrd:rejected:AVERAGE", "DEF:mrejected=$rrd:rejected:MAX", "CDEF:rrejected=rejected,60,*", "CDEF:drejected=rejected,UN,0,rejected,IF,$step,*", "CDEF:srejected=PREV,UN,drejected,PREV,IF,drejected,+", "CDEF:rmrejected=mrejected,60,*", "LINE2:rrejected#$color{rejected}:Rejected", 'GPRINT:srejected:MAX:total\: %8.0lf msgs', 'GPRINT:rrejected:AVERAGE:avg\: %5.2lf msgs/min', 'GPRINT:rmrejected:MAX:max\: %4.0lf msgs/min\l', ); } sub print_html() { print "Content-Type: text/html\n\n"; print <<HEADER; <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Mail statistics for $host</title> <meta http-equiv="Refresh" content="300" /> <meta http-equiv="Pragma" content="no-cache" /> <link rel="stylesheet" href="mailgraph.css" type="text/css" /> </head> <body> HEADER print "<h1>Mail statistics for $host</h1>\n"; print "<ul id=\"jump\">\n"; for my $n (0..$#graphs) { print " <li><a href=\"#G$n\">$graphs[$n]{title}</a> </li>\n"; } print "</ul>\n"; for my $n (0..$#graphs) { print "<h2 id=\"G$n\">$graphs[$n]{title}</h2>\n"; print "<p><img src=\"$scriptname?${n}-n\" alt=\"mailgraph\"/><br/>\n"; print "<img src=\"$scriptname?${n}-e\" alt=\"mailgraph\"/></p>\n"; } print <<FOOTER; <hr/> <table><tr><td> <a href="http://mailgraph.schweikert.ch/">Mailgraph</a> $VERSION by <a href="http://david.schweikert.ch/">David Schweikert</a></td> <td align="right"> <a href="http://oss.oetiker.ch/rrdtool/"><img src="http://oss.oetiker.ch/rrdtool/.pics/rrdtool.gif" alt="" width="120" height="34"/></a> </td></tr></table> </body></html> FOOTER } sub send_image($) { my ($file)= @_; -r $file or do { print "Content-type: text/plain\n\nERROR: can't find $file\n"; exit 1; }; print "Content-type: image/png\n"; print "Content-length: ".((stat($file))[7])."\n"; print "\n"; open(IMG, $file) or die; my $data; print $data while read(IMG, $data, 16384)>0; } sub main() { my $uri = $ENV{REQUEST_URI} || ''; $uri =~ s/\/[^\/]+$//; $uri =~ s/\//,/g; $uri =~ s/(\~|\%7E)/tilde,/g; mkdir $tmp_dir, 0777 unless -d $tmp_dir; mkdir "$tmp_dir/$uri", 0777 unless -d "$tmp_dir/$uri"; my $img = $ENV{QUERY_STRING}; if(defined $img and $img =~ /\S/) { if($img =~ /^(\d+)-n$/) { my $file = "$tmp_dir/$uri/mailgraph_$1.png"; graph($graphs[$1]{seconds}, $file); send_image($file); } elsif($img =~ /^(\d+)-e$/) { my $file = "$tmp_dir/$uri/mailgraph_$1_err.png"; graph_err($graphs[$1]{seconds}, $file); send_image($file); } else { die "ERROR: invalid argument\n"; } } else { print_html; } } main;
Apache VHost anlegen
Damit wir bequem von unserem Browser aus, die aktuellen Graphiken abfragen können, bearbeiten wir entweder die aus dem RPM stammende Konfigurationsdatei oder legen wir nun einen passenden VHost an.
# vim /etc/httpd/conf.d/vhosts.conf
- /etc/httpd/conf.d/vhosts.conf
# # mailgraph.nausch.org # <VirtualHost *:80> ServerAdmin webmaster@nausch.org ServerName mailgraph.nausch.org ServerAlias www.mailgraph.nausch.org ServerPath / DocumentRoot "/usr/share/mailgraph" AddHandler cgi-script .cgi <Directory "/usr/share/mailgraph"> AllowOverride None Options +ExecCGI DirectoryIndex mailgraph.cgi Order deny,allow require IP 10.0. </Directory> ErrorLog logs/mailgraph_error.log CustomLog logs/mailgraph_access.log combined </VirtualHost>
Bevor wir bei unserem Webserver eine Reload der Konfiguration vornehmen, testen wir unsere neue Konfigurationsdatei auf syntaktische Fehler.
# apachectl -t
Syntax OK
Da keine Fehler aufgetreten sind, aktivieren wir die neue Konfiguration durch einen Reload des Webserver-Daemon.
# systemctl reload postfix
NGiNX VHost anlegen
Nutzen wir als Webserver NGiNX können wir auch hier schnell und einfach einen passenden vHOST anlegen.
# vim /etc/nginx/conf.d/vhosts.conf
- /etc/nginx/conf.d/vhosts.conf
server { listen 80; server_name mailgraph.nausch.org; access_log /var/log/nginx/mailgraph_access.log; error_log /var/log/nginx/mailgraph_errors.log; root /usr/share/mailgraph/; index mailgraph.cgi; location ~ \.php { fastcgi_split_path_info ^(.+\.cgi)(/.+)$; fastcgi_index mailgraph.cgi; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
Den Parameter fastcgi_pass setzen wir im übrigen auf den Wert aus der Konfigurationsdatei /etc/php-fpm.d/www.conf des PHP FastCGI Process Manager-Daemon php-fpm.
Haben wir die Konfigurationsdatei vervollständigt, prüfen wir diese noch auf syntaktische Fehler.
# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
Somit können wir unsere Konfiguration nun noch aktivieren.
# systemctl reload nginx
Programmaufruf
erster manueller Start des Dämon
Damit das Mail-Logfile forlaufend ausgelesen wird, starten wir nun noch den Dämon mit Hilfe des mitgelieferten systemd-Start-Scriptes /usr/lib/systemd/system/mailgraph.service.
# systemctl start mailgraph
Im syslog wurde der Start des Daemon entsprechend dokumentiert.
# tail -n2 /var/log/messages
Feb 2 21:17:36 vml000097 systemd: Starting mailgraph mail log file analyzer... Feb 2 21:17:37 vml000097 systemd: Started mailgraph mail log file analyzer.
Ebenso kann man den Status des Webservers mit Hilfe des Befehls systemctl abfragen.
# systemctl status mailgraph
mailgraph.service - mailgraph mail log file analyzer
Loaded: loaded (/usr/lib/systemd/system/mailgraph.service; disabled)
Active: active (running) since Mon 2015-02-02 21:17:37 CET; 2min 48s ago
Process: 2362 ExecStart=/usr/sbin/mailgraph -d -l $MAILLOG --daemon-rrd=/var/lib/mailgraph $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 2367 (mailgraph)
CGroup: /system.slice/mailgraph.service
└─2367 /usr/bin/perl -w /usr/sbin/mailgraph -d -l /var/log/maillog --daemon-rrd=/var/lib/mail...
Feb 02 21:17:37 vml000097.dmz.nausch.org systemd[1]: Started mailgraph mail log file analyzer.
automatischer Start beim Systemstart
Wollen wir den Daemon beim Hochfahren des Systems automatisch starten, greifen wir auf den Befehl systemctl zurück.
# systemctl enable mailgraph.service
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
Möchten wir uns vergewissern, ob der Daemon beim Systemstart gestartet wird oder nicht, erfahren wir ebenfalls mit dem Befehl systemctl.
# systemctl is-enabled mailgraph.service
enabled
Startet der Server nicht automatisch, wird uns ein „disabled“ zurückgemeldet.
Webaufruf
Über unseren vHOST erhalten wir nun optisch schön ansprechende Übersichten über den Mailverkehr unseres MX.
queuegraph
Möchte man einen graphischen Überblick über die Queues haben, so liefert uns das gerade vorgestellte und installierte Mailgraph leider keine grafischen werte. Hierzu greifen wir auf das Programm Queuegraph von Ralf Hildebrandt zurück.
Das passende Programmpaket queuegraph installieren am einfachsten aus dem Repository mailserver.guru.
Installation
Mit Hilfe von yum holen wir uns als erstes das benötigte Paket auf unser System.
# yum install queuegraph -y
Den Inhalt des Paketes inspizieren wir bei Bedarf mit folgendem Aufruf.
# rpm -qil queuegraph
Name : queuegraph Version : 1.1 Release : 1.el7.centos Architecture: noarch Install Date: Mon 02 Feb 2015 09:29:25 PM CET Group : System Environment/Daemons Size : 6271 License : GPL+ Signature : RSA/SHA1, Fri 30 Jan 2015 09:21:58 PM CET, Key ID 60ecfb9e8195aea0 Source RPM : queuegraph-1.1-1.el7.centos.src.rpm Build Date : Fri 30 Jan 2015 09:21:46 PM CET Build Host : vml000200.dmz.nausch.org Relocations : (not relocatable) Packager : Django <django@mailserver.guru> URL : http://www.arschkrebs.de/postfix/queuegraph/ Summary : A RRDtool frontend for Mail statistics Description : Queuegraph is a very simple mail statistics RRDtool frontend for Postfix that produces daily, weekly, monthly and yearly graphs of Postfix's active, deferred, incoming and bounce queues. /etc/cron.d/queuegraph /etc/httpd/conf.d/queuegraph.conf /usr/sbin/queuegraph-rrd.sh /usr/share/doc/queuegraph-1.1 /usr/share/doc/queuegraph-1.1/README /usr/share/queuegraph /usr/share/queuegraph/queuegraph.cgi /var/cache/queuegraph /var/lib/queuegraph
Konfiguration
Die Konfiguration von queuegraph selbst gestaltet sich sehr einfach, da es gar nichts großartrig zu konfigurieren gibt!
Will man die Sprache bei der Webseite, oder die Farben anpassen, so nimmt man die Änderungen direkt im CGI-Script vor.
# vim /usr/share/queuegraph/queuegraph.cgi
- /usr/share/queuegraph/queuegraph.cgi
#!/usr/bin/perl -w # queuegraph -- a postfix queue statistics rrdtool frontend # based on mailgraph, which is # copyright (c) 2000-2002 David Schweikert <dws@ee.ethz.ch> # released under the GNU General Public License use RRDs; use POSIX qw(uname); my $VERSION = "1.1"; my $host = (POSIX::uname())[1]; my $scriptname = 'queuegraph.cgi'; my $xpoints = 800; my $points_per_sample = 3; my $ypoints = 160; my $ypoints_err = 80; my $rrd = '/var/lib/queuegraph/mailqueues.rrd'; # path to where the RRD database is my $tmp_dir = '/var/cache/queuegraph'; # temporary directory where to store the images my $rrdtool_1_0 = ($RRDs::VERSION < 1.199908); my @graphs = ( { title => 'Day Graph', seconds => 3600*24, }, { title => 'Week Graph', seconds => 3600*24*7, }, { title => 'Month Graph', seconds => 3600*24*31, }, { title => 'Year Graph', seconds => 3600*24*365, }, ); my %color = ( sent => '000099', # rrggbb in hex received => '00FF00', rejected => '999999', bounced => '993399', virus => 'FFFF00', spam => 'FF0000', ); sub graph($$$) { my $range = shift; my $file = shift; my $title = shift; my $step = $range*$points_per_sample/$xpoints; my $date = localtime(time); $date =~ s|:|\\:|g unless $rrdtool_1_0; my ($graphret,$xs,$ys) = RRDs::graph($file, '--imgformat', 'PNG', '--width', $xpoints, '--height', $ypoints, '--start', "-$range", '--end', "-".int($range*0.01), '--vertical-label', 'queuefiles', '--title', $title, '--lazy', $rrdtool_1_0 ? () : ( '--slope-mode' ), "DEF:active=$rrd:active:AVERAGE", "DEF:deferred=$rrd:deferred:AVERAGE", 'LINE2:active#00ff00:Active+Incoming+Maildrop\:', 'GPRINT:active:MAX:Maximum\: %0.0lf ', 'GPRINT:active:AVERAGE:Average\: %0.0lf/min\n', 'LINE1:deferred#0000ff:Deferred\:', 'GPRINT:deferred:MAX:Maximum\: %0.0lf ', 'GPRINT:deferred:AVERAGE:Average\: %0.0lf/min\l', 'HRULE:0#000000', 'COMMENT:\n', 'COMMENT:['.$date.']\r', ); my $ERR=RRDs::error; die "ERROR: $ERR\n" if $ERR; } sub print_html() { print "Content-Type: text/html\n\n"; print <<HEADER; <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> <HTML> <HEAD> <TITLE>Queue Statistics for $host</TITLE> </HEAD> <BODY BGCOLOR="#FFFFFF"> HEADER print "<H1>Postfix Queue Statistics for $host</H1>\n"; for my $n (0..$#graphs) { print "<H2>$graphs[$n]{title}</H2>\n"; print "<P><IMG BORDER=\"0\" SRC=\"$scriptname/queuegraph_${n}.png\" ALT=\"queuegraph\">\n"; } print <<FOOTER; <table border="0" width="400"><tr><td align="left"> <A href="http://www.arschkrebs.de/postfix/queuegraph">queuegraph</A> $VERSION by <A href="http://www.arschkrebs.de/">Ralf Hildebrandt</A>, based on <A href="http://mailgraph.schweikert.ch/">mailgraph</A> by <A href="http://david.schweikert.ch/">David Schweikert</A></td> <td ALIGN="right"> <a HREF="http://oss.oetiker.ch/rrdtool/"><img border="0" src="http://tobi.oetiker.ch/webtools/rrdtool/.pics/rrdtool.gif" alt="rrdtool" width="120" height="34"></a> </td></tr></table> </BODY> FOOTER } sub send_image($) { my $file = shift; -r $file or do { print "Content-Type: text/plain\n\nERROR: can't find $file\n"; exit 1; }; print "Content-Type: image/png\n"; print "Content-Length: ".((stat($file))[7])."\n"; print "\n"; open(IMG, $file) or die; my $data; print $data while read IMG, $data, 1; } sub main() { if($ENV{PATH_INFO}) { my $uri = $ENV{REQUEST_URI}; $uri =~ s/\/[^\/]+$//; $uri =~ s/\//,/g; $uri =~ s/\~/tilde,/g; mkdir "$tmp_dir/$uri", 0777 unless -d "$tmp_dir/$uri"; my $file = "$tmp_dir/$uri$ENV{PATH_INFO}"; if($ENV{PATH_INFO} =~ /^\/queuegraph_(\d+)\.png$/) { graph($graphs[$1]{seconds}, $file, $graphs[$1]{title}); } else { print "Content-Type: text/plain\n\nERROR: unknown image $ENV{PATH_INFO}\n"; exit 1; } send_image($file); } else { print_html; } } main;
Optionen beim Programmaufruf
Hinweise zur Konfiguration oder besser gesagt über die Optionen beim Aufruf des Programms zeigt ein Blick in die Datei /usr/share/doc/queuegraph-1.1/README.
# cat /usr/share/doc/queuegraph-1.1/README
- /usr/share/doc/queuegraph-1.1/README
README for queuegraph Dependencies: rrdtools, librrds-perl To install, adjust the path to your rrdtools binaries in queuegraph-rrd.sh Create a cronjob that runs queuegraph-rrd.sh every minute -- this populates the *.rrd database: * * * * * /usr/local/bin/queuegraph-rrd.sh Now put queuegraph.cgi into the cgi-bin directory of your webserver. chmod 755 queuegraph.cgi
Apache VHost anlegen
Damit wir bequem von unserem Browser aus, die aktuellen Graphiken abfragen können, bearbeiten wir entweder die aus dem RPM stammende Konfigurationsdatei oder legen wir nun einen passenden VHost an.
# vim /etc/httpd/conf.d/vhosts.conf
- /etc/httpd/conf.d/vhosts.conf
# # queuegraph.nausch.org # <VirtualHost *:80> ServerAdmin webmaster@nausch.org ServerName queue.nausch.org ServerAlias www.queue.nausch.org ServerPath / DocumentRoot "/usr/share/queuegraph" AddHandler cgi-script .cgi <Directory "/usr/share/queuegraph"> AllowOverride None Options +ExecCGI DirectoryIndex queuegraph.cgi Order deny,allow require IP 10.0. </Directory> ErrorLog logs/queuegraph_error.log CustomLog logs/queuegraph_access.log combined </VirtualHost>
Bevor wir bei unserem Webserver eine Reload der Konfiguration vornehmen, testen wir unsere neue Konfigurationsdatei auf syntaktische Fehler.
# apachectl -t
Syntax OK
Da keine Fehler aufgetreten sind, aktivieren wir die neue Konfiguration durch einen Reload des Webserver-Daemon.
# systemctl reload postfix
NGiNX VHost anlegen
Nutzen wir als Webserver NGiNX können wir auch hier schnell und einfach einen passenden vHOST anlegen.
# vim /etc/nginx/conf.d/vhosts.conf
- /etc/nginx/conf.d/vhosts.conf
server { listen 80; server_name queuegraph.nausch.org; access_log /var/log/nginx/queuegraph_access.log; error_log /var/log/nginx/queuegraph_errors.log; root /usr/share/queuegraph/; index queuegraph.cgi; location ~ \.php { fastcgi_split_path_info ^(.+\.cgi)(/.+)$; fastcgi_index queuegraph.cgi; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
Den Parameter fastcgi_pass setzen wir im übrigen auf den Wert aus der Konfigurationsdatei /etc/php-fpm.d/www.conf des PHP FastCGI Process Manager-Daemon php-fpm.
Haben wir die Konfigurationsdatei vervollständigt, prüfen wir diese noch auf syntaktische Fehler.
# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
Somit können wir unsere Konfiguration nun noch aktivieren.
# systemctl reload nginx
Programmaufruf
Die automatische Befüllung der rrd-files übernimmt ein cronjob, der jede Minute das Script queuegraph-rrd.sh startet.
# cat /etc/cron.d/queuegraph
- /etc/cron.d/queuegraph
# Runs the queuegraph update program # # This will run every one minute * * * * * root /usr/sbin/queuegraph-rrd.sh &> /dev/null
# less /usr/sbin/queuegraph-rrd.sh
- /usr/sbin/queuegraph-rrd.sh
#!/bin/sh # output the number of messages in the incoming, active, and deferred # queues of postfix one per line suitable for use with snmpd/cricket/rrdtool # # 2003/01/24 Mike Saunders <method at method DOT cx> # mailqsize was originally written by Vivek Khera. All I did was # make it update an rrd. # 2003/04/14 Ralf Hildebrandt <ralf.hildebrandt at charite DOT de> # I bundled this with a modified mailgraph # 2007/07/28 Ralf Hildebrandt <ralf.hildebrandt at charite DOT de> # find rrdtool using "which" # change this to the location of rrdtool RRDTOOL=`which rrdtool` # change this to the location you want to store the rrd RRDFILE=/var/lib/queuegraph/mailqueues.rrd if test ! -x $RRDTOOL ; then echo "ERROR: $RRDTOOL does not exist or is not executable" exit fi if test ! -f $RRDFILE ; then echo "Creating RRD file $RRDFILE" $RRDTOOL create $RRDFILE --step 60 \ DS:active:GAUGE:900:0:U \ DS:deferred:GAUGE:900:0:U \ RRA:AVERAGE:0.5:1:1440 \ RRA:AVERAGE:0.5:30:2016 \ RRA:AVERAGE:0.5:60:105120 \ RRA:MAX:0.5:1:1440 \ RRA:MAX:0.5:30:2016 \ RRA:MAX:0.5:60:105120 fi #set -x qdir=`/usr/sbin/postconf -h queue_directory` active=`find $qdir/incoming $qdir/active $qdir/maildrop -type f -print | wc -l | awk '{print $1}'` deferred=`find $qdir/deferred -type f -print | wc -l | awk '{print $1}'` #printf "active: %d\ndeferred: %d\n" $active $deferred $RRDTOOL update $RRDFILE "N:$active:$deferred"
Webaufruf
Über unseren Vhost erhalten wir nun optisch schön ansprechende Übersichten über die Mail-Queues unseres MX.
Mailgraph NextGeneration
Wem all die vorgenannten graphischen Aufbereitungen noch nicht ausführlich genug sind, dem bietet der Fork von David Schweikert's Mailgraph zusätzliche Übersichten:
- Mail Ein und -Ausgang
- geblockte Nachrichten
- Greylisting Übersicht
- Greylisting Detailansicht
- Postscreen Übersicht
- Postscreen Detailansicht
- Übersicht Mail-Queues
- DANE / TLSA Verbindungen
- Sender policy Framework - SPF-Prüfungen
- DomainKeys Identified Mail - DKIM-Prüfungen
- Domain-based Message Authentication, Reporting & Conformance - DMARC-Prüfungen
Das Ganze ist aber zugegebener Maßen keine großartige Neuprogrammierung, sondern setzt auf bekannte Programm(pakete) auf.
Besonderer Dank geht daher an:
- David Schweikert für das Programm Mailgraph
- Ralf Hildebrandt für das Programm Queuegraph
- Markus Neubauer für das Programm Greygraph und zu guter Letzt an
- Sebastian van de Meer für die beiden Mailgraph-Patche mailgraph Graphen um SPF, DMARC und DKIM erweitern und mailgraph Graphen um DANE erweitern
Doch genug der Vorrede, einen Blick auf die Ausgabe des Webfrontends von Mailgraph-ng sagt mehr als 1.000 Worte. Die Ausgabe zeigt exemplarisch alle möglichen Graphen an, die auf einem Testsystem generiert wurden.
Im Realbetrieb wird man entweder Greylisting oder Postscreen einsetzen, somit werden sicher zwei der gezeigten Graphen wegfallen. Wie das geht, wird hier gezeigt.
Installation
Bei der Installation der NextGeneration Version von Mailgraph gibt es mehrere Möglichkeiten.
- RPM-basiert
- Update mit Hilfe eines tar.gz-Archives
- manuelle Installation/Update
Auf die einzelnen Installationsarten gehen wir nun entsprechend ein.
RPM-Installation
Die wohl einfachste Art ist die der RPM-basierten Installation. Das passende Paket mailgraph installieren wir aus dem Repository mailserver.guru. Aktuell wird vom Paketmaintainer die Version 1.15 bereitgestellt. Haben wir das Repository mailserver.guru installiert, reicht der folgende Aufruf.
# yum install mailgraph
Das abhängige Paket Queuegraph von Ralf Hildebrandt, welches zum Erstellen und Aktualisieren des Queuegraph rrd-Datenbankdatei verwendet wird, wird automatisch mit installiert.
Will man die beiden Pakete „nur lokal“ installieren verwendet man folgenden Aufruf.
# yum localinstall http://repo.mailserver.guru/7/x86_64/mailgraph-1.15.2-1.el7.centos.noarch.rpm \
http://repo.mailserver.guru/7/x86_64/queuegraph-1.1-1.el7.centos.noarch.rpm
manuelle Installation
Hat man bereits Mailgraph in einer früheren Version (manuell) installiert und möchte diese Installation erweitern, so kann man natürlich Mailgraph auch manuell installieren.
Hierzu laden wir uns erst einmal das betreffende Paket auf unseren Server. Zuerst wechseln wir in unseren lokalen Paketspeicher.
# cd /usr/local/src/packages
# wget http://repository.nausch.org/public/var/mailgraph-1.15.2.tar.gz
Anschließend entpacken wir das Archiv.
# tar xzfv mailgraph-1.15.2.tar.gz -C /tmp/
Dann erstellen wir, falls noch nicht im System vorhanden, die einzelnen Zielordner.
- RRD-Speicherverzeichnis
# mkdir -p /var/lib/mailgraph
- Cachingverzeichnis für die Graphen
mkdir -p /var/cache/mailgraph
- WEB Root Verzeichnis für die Webseite
mkdir -p /usr/share/mailgraph
Anschließend passen wir noch die Gruppenrechte an dem Ordner an.
# chgrp apache /usr/share/mailgraph
# chmod g+w /usr/share/mailgraph
Nun kopieren wir die Dateien aus unserem temporären Verzeichnis an die richtige Stelle im System.
# cp /tmp/mailgraph-1.15.2/mailgraph.c* /usr/share/mailgraph/ -y
Das Script zur Datengenerierung kopieren wir dann noch in das Verzeichnis /usr/sbin/. Vorher halten wir ggf. einen bereits laufenden mailgraph-Daemon an!
# systemctl stop mailgraph
# cp /tmp/mailgraph-1.15.2/mailgraph /usr/sbin/ -y
Konfiguration
Die Konfiguration von mailgraph selbst gestaltet sich sehr einfach. Über die Konfigurationsdatei /etc/sysconfig/mailgraph können wir angeben, wo das Logfile unseres Mailservers zu finden ist. Unter CentOS ist dies /var/log/maillog. Mit der Option –ignore-localhost können wir mailgraph anweisen, Nachrichten von localhost nicht in die Statistik aufzunehmen, die Mails also nicht „doppelt“ zu zählen, wenn z.B. Postfix _und_ AMaViS auf dem gleichen Host laufen.
# vim /etc/sysconfig/mailgraph
- /etc/sysconfig/mailgraph
MAILLOG=/var/log/maillog PRIORITY=-19 OPTIONS=--ignore-localhost
Will man die Sprache bei der Webseite, oder die Farben der Grafiken anpassen, schreibt man einfach seine Änderungen direkt in das übersichtliche CGI-Script.
# vim /usr/share/mailgraph/mailgraph.cgi
… do geds weida …