From Qmailwiki
(Difference between revisions)
Jump to: navigation, search
(SMTP Connections)
(SMTP Connections)
Line 53: Line 53:
Number of connections to smtp port 25. Green is max average. Blue is minimum average.
Green is total number of incoming connections. Blue is email rejected for any of the checks below. This machine easily accepts email for mailing lists and users. But see how many connections are rejected! Those are all from spammers or bulk mailers.
==SMTP Concurrency==
==SMTP Concurrency==

Revision as of 01:08, 30 November 2006



Home Page

This is the online documentation for version 4.4 and above.

How the Graphs are Generated

If you are looking at a qmailmrtg7 page you should see two columns of graphs. You can look at a live email servers qmailmrtg7 graphs here. As you can see we have instrumented the heck out of qmail.

These graphs are generated from log files and the MRTG.

Clicking on any of the graphs takes you to a new page that shows the daily, weekly, monthly and yearly graphs for that particular item.

Each of the graphs display one or two values plotted against time. The vertical axis is labled with whatever is being graphed. The horizontal axis is always time displayed in 2 hour increments in 24 hour notation. For a visual reference each graph has a vertical red line drawn at midnight zero hour. The last 29 hours are always displayed so if you can compare the values of the current 5 hours and 24 hours ago which helps in spotting trends.

In the bottom left corner of the graph is a tiny little red arrow head. This shows where the new values will appear so you can determine which way the graph is scrolling.

New values arrive at the left side of the graph and scroll to the right. So the current value right now is on the left side. Some people naturally think the graphs go the other way. The indicators are supposed to help.

The values plotted are averages sampled every five minutes. For ease of understanding some graphs display things like messages per hour. This can lead to the odd number of one message in five minutes displays as an average of 12 messages per hour. Think about it and it makes sense :)

Explaination of Graphs

Messages Per Hour


Number of messages that qmail processes through the queue for delivery. Spikes are due to open source mailing list activity hosted on this particular server. One post to a list generates a message to each subscriber, hence the spikes.

Queue Size


Number of emails stored on disk in the /var/qmail/queue directories. Values of 1,000 or less is normal since mail servers have to be able to try delivery more than once. Values over 1,000 (like 100,000 yikes!) mean your machine is in trouble and needs help.

SMTP Connections


Green is total number of incoming connections. Blue is email rejected for any of the checks below. This machine easily accepts email for mailing lists and users. But see how many connections are rejected! Those are all from spammers or bulk mailers.

SMTP Concurrency


Number of smtp connections open. Green is maximum per 5 minute sample period. Blue is minimum in sample period. Values larger than 25 or 50 indicate possible problems. Your incoming connections are maxed out if the graph "pegs" at a high value. Then customers will see noticable slow down and timeouts.

Reverse DNS SMTP Check


Green shows total number of smtp connections. Blue shows connections rejected for not having valid reverse dns. The rejection happens before the email contents are transmitted so your machine/network resources are significantly reduced. New for version 4.4

Remote Black Hole SMTP Check


Green is the total number of incoming smtp connections. Blue shows rejected connections from rblsmtpd lookups. This check is critical to blocking spam as you can see by graph. Note: this graph is a live snapshot of a real email server. Refresh the page to see the graphs update. Otherwise known as spammers sending from reported spammer IP addresses.

Recipient Check


Green is number of smtp connections that passed the reverse DNS and RBL checks. The blue line is email for a local account that is rejected for an invalid To in the envelope ( MAIL TO: smtp command), also known as, spammers sending to bad accounts.

Suspect Windows Virus BotNet Connections


Using a nifty trick called "passive fingerprinting" we can figure out if the sender is running windows without actively poking the remote machine with network scans. Many windows machines on the internet are infected with automated "bot" networks so they can be controlled by criminal spammers. Recently these machines have been responsible for a large majority of spam. By randomly deferring 75% of so of any windows connections we force the sender to support rejected retries. All legitimate mail including mail from Exchange servers will retry and get through. This check/rejection vastly helps reduce the load on the spam scanning daemon letting it (hopefully) be more efficent.

Customer Sent Mail




Disk Usage




Local/Remote Deliveries


Local/Remote Concurrency


Bits Transfered


Message Status


POP3 Connections


POP3 Concurrency


IMAP Connections


IMAP Concurrency


POP3 SSL Connections


POP3 SSL Concurrency


IMAP SSL Connections


IMAP SSL Concurrency


SMTP SSL Connections


SMTP SSL Concurrency


Tinydns Queries


Dnscache Queries


CPU Usage


System Load


Ethernet 0 Bits/Sec


Ethernet 0 Packets/Sec


Memory Usage


Swap Usage


Pin Pointing Problems By Spotting Trends

Future Development

Personal tools