Parallels H-Sphere Documentation System Administrator Guide

Mail Traffic Calculation

(updated for H-Sphere 2.4.3 Patch 1 and up)

Last modified: 27 Dec 2007

WARNING: This documentation covers Parallels H-Sphere versions up to 3.1. For the latest up-to-date Parallels H-Sphere documentation, please proceed to the official Parallels site.

This document explains how H-Sphere collects and rotates mail traffic.

H-Sphere cron script responsible for analyzing mail traffic is /hsphere/shared/scripts/cron/mail_anlz.sh. The script runs daily, processes the qmail traffic log file and collects mail statistics into the specially formatted dd.mm.YYYY.qml.txt log files in the H-Sphere statistics directory /hsphere/local/var/statistic. Here, dd.mm.YYYY is current date timestamp.

dd.mm.YYYY.qml.txt log files contain lines of the following format:

where name is the domain name, xFer is the total traffic in kilobytes.

Then, H-Sphere TrafficLoader utility is launched by cron to collect mail traffic from the statistics directory and to store it into the system database. TrafficLoader also calls the /hsphere/shared/scripts/xfer_cat.pl script to move the already loaded mail statistics files to the /hsphere/local/var/statistic/loaded directory as dd.mm.YYYY.qml.txt.gz archives.

Mail Traffic Log

Before H-Sphere 2.4.3 Patch 1, H-Sphere collected mail statistics from the /var/log/maillog qmail log file.

In H-Sphere 2.4.3 Patch 1 and up, qmail writes a more detailed mail traffic log to the /var/hsphere/mail/logs/stats file. To view detailed descriptive mail statistics from this file, run:

/var/qmail/bin/mailstatistics -v -f /var/hsphere/mail/logs/stats

The -v option provides a verbose mode.

Log records in the file have the following format:

Here:

date: date where the message is sent or received, e.g., "Jun 20 18:20:14"
host: mail server host, e.g., "mail.example.com"
msg_type: in for incoming thread, and out for outgoing thread
pid: PID of the process
timestamp: UNIX timestamp (in seconds since 1 Jan 1970) of the date when the message is sent, e.g., 1119280814
sender: message sender's e-mail address
recipient: message recipient's e-mail address. For multiple recipients each one a separate line in the log
bytes: message size
status: message status. It is different for incoming and outgoing mail
Incoming mail:
- success - message is received successfully
- timeout - no response from the source host while receiving the message
- rejclam - message is received completely but detected as infected when the proper mail resource is configured to remove virused message
- rejspam - message is received completely but detected as spam when: (1) the proper mail resource is configured to remove spam message or (2) when the score of the spam message exceeds the MaxScore parameter
- manyhops - message is looping
- mboxoverquota - over quota
- badmime - used bad mime type of the mail message
- bytestooverflow - message exceeds size limit
Outgoing mail:
- success - message is sent successfully
- timeout - no response from destination host while sending the message
- partial - malformed incoming message
- readerr - internal server problems
(HS 2.4.3 Patch 4+) attempts: number of data transfers per one SMTP session

Example:

POP3 and IMAP Traffic

To view detailed descriptive IMAP statistics, run:

cat /var/hsphere/mail/logs/stats|grep -i imap

POP3 statistics:

cat /var/hsphere/mail/logs/stats|grep -i pop3

POP3 and IMAP traffic have the same format as Qmail traffic, except the e-mail addresses there look like imap@<account> for POP3 and pop3@<account> for POP3.

Web Mailing List Traffic

To view detailed descriptive web mailing list statistics, run:

cat /var/hsphere/mail/logs/stats | grep maillist

Web mailing list traffic has the same format as Qmail traffic, except that in sender field it includes 'web@maillist' to identify its type.


	Home Products Documentation Forums Partners Support Contact Us