Monitoring mail server network traffic and bandwidth usage

Below you can see some useful commands which will assist you for troubleshooting and monitoring traffic on your mail server.

Say for example, that you have a case where you want to find out how much traffic your POP3 server is consuming. You can get this information from your mail server's log file.

If we assume a postfix/dovecot mail server, the log file format, is like this:

Jun 30 04:05:58 li151-159 postfix/local[1142]: A6D4FC122: to=, orig_to=, relay=local, delay=7.5, delays=0.32/0/0/7.2, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Jun 30 04:05:58 li151-159 postfix/qmgr[3488]: A6D4FC122: removed
Jun 30 04:05:59 li151-159 dovecot: pop3-login: Login: user=, method=PLAIN, rip=::ffff:78.87.52.164, lip=::ffff:109.74.204.159
Jun 30 04:06:00 li151-159 dovecot: POP3(aaaa): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jun 30 04:06:48 li151-159 postfix/smtpd[1178]: connect from mail-ea0-f173.google.com[xxx]

We are actually interested only on those entries which report the POP3 size traffic:

Jun 30 16:03:05 li151-159 dovecot: POP3(user1@example.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=2395021
Jun 30 16:03:27 li151-159 dovecot: POP3(user2@example.com): Disconnected: Logged out top=0/0, retr=3/58101, del=0/1, size=19347
Jun 30 16:05:06 li151-159 dovecot: POP3(user3@example.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0

You could however modify the suggested scripts according to the log format of your own mail server.

First check that your pattern matching is correct:
cat /var/log/maillog|grep POP3|awk '/size=/ { print $13 }'

You should get something like this:
size=2395021
size=19347
size=0

Then, calculate the total sum of bytes in MB (megabytes):
cat /var/log/maillog|grep POP3|awk '/size=/{ split($13,a,"=") ; SUM += a[2] } END { print SUM/1048576.0 }'

which will give us the total POP3 bytes (in MB) downloaded from all mail clients during the period that the specific maillog covers.

No comments:

Post a Comment