[lug] sendmail and iptables
Harris, James
James_Harris at maxtor.com
Tue Apr 1 16:55:56 MST 2003
> Maybe. It's easy and much more informative to parse the mail
> logs using a
> tool like http://www.klake.org/sma/
>
To expand on that, parsing the logs is definitely the accurate way of doing
things. Although counting syn packets is a very clever way and might get
you fairly accurate counts, it's entirely dependent on the type of traffic
you get. If you _only_ care about raw in and out numbers (with breakdown of
transport) and you're using sendmail you might also use a simple script that
performs math or simplistic "reset and rotate" counts on the output of
mailstats. I would imagine that most of the major MTAs have programs like
mailstats.
SMTP allows for several messages to be transmitted in a single "session",
thus if server A has 5 messages for server B, it will initiate a session and
send all 5 with that single active session if everything keep transmitting
OK and no session timeouts are reached. During heavy mail periods at our
site, for example, I can see 10s or even 100s of messages going through a
single established session between our internal relays and our external
relays.
I've used a simple reset and rotate type script that breaks the output of
mailstats into a .csv on regular intervals so that I can perform trending.
You can take it even further and dumpt it to RRD or the like and get pretty
granular throughput information w/o having to parse logs, if throughput and
bandwidth is _all_ you care about.
Jim
More information about the LUG
mailing list