|Line 124:||Line 124:|
Revision as of 02:19, 30 November 2006
This is the online documentation for version 4.4 and above.
How the Graphs are Generated
If you are looking at a qmailmrtg7 page you should see two columns of graphs. You can look at a live email servers qmailmrtg7 graphs here. As you can see we have instrumented the heck out of qmail.
These graphs are generated from log files and the MRTG.
Clicking on any of the graphs takes you to a new page that shows the daily, weekly, monthly and yearly graphs for that particular item.
Each of the graphs display one or two values plotted against time. The vertical axis is labled with whatever is being graphed. The horizontal axis is always time displayed in 2 hour increments in 24 hour notation. For a visual reference each graph has a vertical red line drawn at midnight zero hour. The last 29 hours are always displayed so if you can compare the values of the current 5 hours and 24 hours ago which helps in spotting trends.
In the bottom left corner of the graph is a tiny little red arrow head. This shows where the new values will appear so you can determine which way the graph is scrolling.
New values arrive at the left side of the graph and scroll to the right. So the current value right now is on the left side. Some people naturally think the graphs go the other way. The indicators are supposed to help.
The values plotted are averages sampled every five minutes. For ease of understanding some graphs display things like messages per hour. This can lead to the odd number of one message in five minutes displays as an average of 12 messages per hour. Think about it and it makes sense :)
Explaination of Graphs
Messages Per Hour
Number of messages that qmail processes through the queue for delivery. Spikes are due to open source mailing list activity hosted on this particular server. One post to a list generates a message to each subscriber, hence the spikes.
Number of emails stored on disk in the /var/qmail/queue directories. Values of 1,000 or less is normal since mail servers have to be able to try delivery more than once. Values over 1,000 (like 100,000 yikes!) mean your machine is in trouble and needs help.
Green is total number of incoming connections. Blue is email rejected for any of the checks below. This machine easily accepts email for mailing lists and users. But see how many connections are rejected! Those are all from spammers or bulk mailers.
Number of smtp connections open. Green is maximum per 5 minute sample period. Blue is minimum in sample period. Values larger than 25 or 50 indicate possible problems. Your incoming connections are maxed out if the graph "pegs" at a high value. Then customers will see noticable slow down and timeouts.
Reverse DNS SMTP Check
Green shows total number of smtp connections. Blue shows connections rejected for not having valid reverse dns. The rejection happens before the email contents are transmitted so your machine/network resources are significantly reduced. New for version 4.4
Remote Black Hole SMTP Check
Green is the total number of incoming smtp connections. Blue shows rejected connections from rblsmtpd lookups. This check is critical to blocking spam as you can see by graph. Note: this graph is a live snapshot of a real email server. Refresh the page to see the graphs update. Otherwise known as spammers sending from reported spammer IP addresses.
Green is number of smtp connections that passed the reverse DNS and RBL checks. The blue line is email for a local account that is rejected for an invalid To in the envelope ( MAIL TO: smtp command), also known as, spammers sending to bad accounts.
Suspect Windows Virus BotNet Connections
Using a nifty trick called "passive fingerprinting" we can figure out if the sender is running windows without actively poking the remote machine with network scans. Many windows machines on the internet are infected with automated "bot" networks so they can be controlled by criminal spammers. Recently these machines have been responsible for a large majority of spam. By randomly deferring 75% of so of any windows connections we force the sender to support rejected retries. All legitimate mail including mail from Exchange servers will retry and get through. This check/rejection vastly helps reduce the load on the spam scanning daemon letting it (hopefully) be more efficent.
Customer Sent Mail
Out of all the email processed by the server this is the number of emails sent by accounts hosted on the machine. Compare this to the number of smtp connections.
Green is email scanned by spam filters. Blue is spam found by the filters.
Green is disk space available and blue is disk space used by email accounts.
Green is viruses detected by virus scanner.
Green is total emails delivered. Blue are emails to other sites. This machine has spikes where all the email is to other sites due to mailing list activity.
Number of concurrent local (green qmail-local) and concurrent remote (blue qmail-remote) deliveries.
Bits transfered per second of email content. Compare to the ethernet graph to get an idea of how much of the total machine traffic is used for email.
Total successful (green) deliveries and failed (blue) deliveries per hour. If your failure is higher than just about nothing than you might have someone bulk mailing or spaming through your machine.