Qmailmrtg7

From Qmailwiki
(Difference between revisions)
Jump to: navigation, search
(SMTP Connections)
(Customer Sent Mail)
Line 87: Line 87:
 
==Customer Sent Mail==
 
==Customer Sent Mail==
 
http://mail.inter7.com/qmailmrtg/rc-day.png
 
http://mail.inter7.com/qmailmrtg/rc-day.png
 +
 +
Out of all the email processed by the server this is the number of emails sent by accounts hosted on the machine. Compare this to the number of smtp connections.
 +
 
==Spam==
 
==Spam==
 
http://mail.inter7.com/qmailmrtg/spamd-day.png
 
http://mail.inter7.com/qmailmrtg/spamd-day.png

Revision as of 01:10, 30 November 2006

Contents

QmailMrtg7

Home Page

This is the online documentation for version 4.4 and above.

How the Graphs are Generated

If you are looking at a qmailmrtg7 page you should see two columns of graphs. You can look at a live email servers qmailmrtg7 graphs here. As you can see we have instrumented the heck out of qmail.

These graphs are generated from log files and the MRTG.

Clicking on any of the graphs takes you to a new page that shows the daily, weekly, monthly and yearly graphs for that particular item.

Each of the graphs display one or two values plotted against time. The vertical axis is labled with whatever is being graphed. The horizontal axis is always time displayed in 2 hour increments in 24 hour notation. For a visual reference each graph has a vertical red line drawn at midnight zero hour. The last 29 hours are always displayed so if you can compare the values of the current 5 hours and 24 hours ago which helps in spotting trends.

In the bottom left corner of the graph is a tiny little red arrow head. This shows where the new values will appear so you can determine which way the graph is scrolling.

New values arrive at the left side of the graph and scroll to the right. So the current value right now is on the left side. Some people naturally think the graphs go the other way. The indicators are supposed to help.

The values plotted are averages sampled every five minutes. For ease of understanding some graphs display things like messages per hour. This can lead to the odd number of one message in five minutes displays as an average of 12 messages per hour. Think about it and it makes sense :)

Explaination of Graphs

Messages Per Hour

http://mail.inter7.com/qmailmrtg/msg-day.png

Number of messages that qmail processes through the queue for delivery. Spikes are due to open source mailing list activity hosted on this particular server. One post to a list generates a message to each subscriber, hence the spikes.

Queue Size

http://mail.inter7.com/qmailmrtg/queue-size-day.png

Number of emails stored on disk in the /var/qmail/queue directories. Values of 1,000 or less is normal since mail servers have to be able to try delivery more than once. Values over 1,000 (like 100,000 yikes!) mean your machine is in trouble and needs help.

SMTP Connections

http://mail.inter7.com/qmailmrtg/smtpad-day.png

Green is total number of incoming connections. Blue is email rejected for any of the checks below. This machine easily accepts email for mailing lists and users. But see how many connections are rejected! Those are all from spammers or bulk mailers.

SMTP Concurrency

http://mail.inter7.com/qmailmrtg/smtp-day.png

Number of smtp connections open. Green is maximum per 5 minute sample period. Blue is minimum in sample period. Values larger than 25 or 50 indicate possible problems. Your incoming connections are maxed out if the graph "pegs" at a high value. Then customers will see noticable slow down and timeouts.

Reverse DNS SMTP Check

http://mail.inter7.com/qmailmrtg/rdns-day.png

Green shows total number of smtp connections. Blue shows connections rejected for not having valid reverse dns. The rejection happens before the email contents are transmitted so your machine/network resources are significantly reduced. New for version 4.4

Remote Black Hole SMTP Check

http://mail.inter7.com/qmailmrtg/rbl-day.png

Green is the total number of incoming smtp connections. Blue shows rejected connections from rblsmtpd lookups. This check is critical to blocking spam as you can see by graph. Note: this graph is a live snapshot of a real email server. Refresh the page to see the graphs update. Otherwise known as spammers sending from reported spammer IP addresses.

Recipient Check

http://mail.inter7.com/qmailmrtg/chkuser-day.png

Green is number of smtp connections that passed the reverse DNS and RBL checks. The blue line is email for a local account that is rejected for an invalid To in the envelope ( MAIL TO: smtp command), also known as, spammers sending to bad accounts.

Suspect Windows Virus BotNet Connections

http://mail.inter7.com/qmailmrtg/clamd-day.png

Using a nifty trick called "passive fingerprinting" we can figure out if the sender is running windows without actively poking the remote machine with network scans. Many windows machines on the internet are infected with automated "bot" networks so they can be controlled by criminal spammers. Recently these machines have been responsible for a large majority of spam. By randomly deferring 75% of so of any windows connections we force the sender to support rejected retries. All legitimate mail including mail from Exchange servers will retry and get through. This check/rejection vastly helps reduce the load on the spam scanning daemon letting it (hopefully) be more efficent.

Customer Sent Mail

http://mail.inter7.com/qmailmrtg/rc-day.png

Out of all the email processed by the server this is the number of emails sent by accounts hosted on the machine. Compare this to the number of smtp connections.

Spam

http://mail.inter7.com/qmailmrtg/spamd-day.png

Disk Usage

http://mail.inter7.com/qmailmrtg/disk-day.png

Viruses

http://mail.inter7.com/qmailmrtg/clamd-day.png

Local/Remote Deliveries

http://mail.inter7.com/qmailmrtg/lr-day.png

Local/Remote Concurrency

http://mail.inter7.com/qmailmrtg/concurrency-day.png

Bits Transfered

http://mail.inter7.com/qmailmrtg/bits-day.png

Message Status

http://mail.inter7.com/qmailmrtg/messstatus-day.png

POP3 Connections

http://mail.inter7.com/qmailmrtg/pop3ad-day.png

POP3 Concurrency

http://mail.inter7.com/qmailmrtg/pop3-day.png

IMAP Connections

http://mail.inter7.com/qmailmrtg/imapad-day.png

IMAP Concurrency

http://mail.inter7.com/qmailmrtg/imap-day.png

POP3 SSL Connections

http://mail.inter7.com/qmailmrtg/pop3sad-day.png

POP3 SSL Concurrency

http://mail.inter7.com/qmailmrtg/pop3s-day.png

IMAP SSL Connections

http://mail.inter7.com/qmailmrtg/imapsad-day.png

IMAP SSL Concurrency

http://mail.inter7.com/qmailmrtg/imaps-day.png

SMTP SSL Connections

http://mail.inter7.com/qmailmrtg/smtps-day.png

SMTP SSL Concurrency

http://mail.inter7.com/qmailmrtg/smtps-day.png

Tinydns Queries

http://mail.inter7.com/qmailmrtg/tinydns-day.png

Dnscache Queries

http://mail.inter7.com/qmailmrtg/dnscache-day.png

CPU Usage

http://mail.inter7.com/qmailmrtg/cpu0-day.png

System Load

http://mail.inter7.com/qmailmrtg/load-day.png

Ethernet 0 Bits/Sec

http://mail.inter7.com/qmailmrtg/eth0-day.png

Ethernet 0 Packets/Sec

http://mail.inter7.com/qmailmrtg/eth0p-day.png

Memory Usage

http://mail.inter7.com/qmailmrtg/mem-day.png

Swap Usage

http://mail.inter7.com/qmailmrtg/swap-day.png

Pin Pointing Problems By Spotting Trends

Future Development

Personal tools