Skip to main content.

sendmail_stats

Current version: 0.9
Updated: 26 November 2002

sendmail_stats tries to analyze your sendmail logs and output an easy to understand and useful report. I have looked at around ten mail log analyzers; eximstats and pflogsumm are both good.

sendmail_stats reports:

  • Time/date of log beginning and end
  • Total bytes transferred and total MB transferred
  • Total bytes in and total MB in (locally delivered)
  • Number of messages sent out
  • Number of messages coming in
  • Messages per hour graph
  • Top 20 remote sending hosts
  • Total number of sending hosts and number of their attempted messages
  • Top 20 destination hosts
  • Total number of destination hosts and number of messages sent to them
  • Top 20 local deliveries
  • Total number of local accounts that received mail
  • Total number of messages delivered locally
  • Top 20 senders
  • Total number of senders and total number of messages sent

Here is an interesting (unattributed, used with no permission) testimonial:

Hey, just wanted to say I've been using your script for a month or two now, and it's great. We run open relays (don't ask) and the evidence provided by your script was great to stick in management's face and tell them that over 50% of our traffic is spam. It also showed the legitimate users of our relay, and just how few of them there actually were.

Sample outputs:
    version 0.07
    version 0.05
    version 0.03

The current version needs lots of work! It is far from complete plus I am sure that it will report a few inaccuracies and miss some information. I have used it for about six months on a mail server that handles over 24,000 messages and 700 MB of traffic daily. ... Now a couple years later, I found some problems that have been improved. I've been using it on a system than handles over 76.9 MB and 131,894 per week.

Tested with various versions of sendmail including 8.11.

Please let me know how this works for you.

Current version download:
    sendmail_stats-0.9.txt (26/Nov/2002)

Old versions:
    sendmail_stats-0.8.txt (07/Nov/2002)
    sendmail_stats.0.07.txt (23/Feb/2002)
    sendmail_stats.0.06.txt (22/Jun/2001)
    sendmail_stats.0.05.txt (31/Aug/2000)
    sendmail_stats.0.04.txt (31/May/2000)
    sendmail_stats.0.03.txt (10/Mar/2000)

To do:
- double check bytes transferred
- report errors
- audit the results
- properly distinguish between bounces, problems and successful mail
- add "relay" reporting

If you have any ideas or want to contribute, please email me at jeremy@reedmedia.net. Please note that I rarely use sendmail any more; I use Exim and Postfix. I have received a few patches for .0.06 and older versions.

For a daily report, just use your crontab like: 

30 5 * * *      nobody /usr/contrib/bin/gunzip -c /var/log/maillog.0.gz |\
 /usr/local/bin/sendmail_stats | /usr/bin/mail -s "sendmail stats" postmaster

To use:

  • download file as a file (not as a webpage) to preserve formatting;
  • make sure first line of file has correct path to your perl interpreter;
  • make the file an executable script: "chmod u+x sendmail_stats"
  • and edit the "$default_hostname = 'EDIT-THIS-default-domain.net';" line
  • test with "./sendmail_stats < /path/to/maillog | less"

History/Changes

Version 0.9 26/Nov/2002?
 Add option to show the total bytes received for each individual
 email address in the log (default is on).
 Add option to make email addresses all lower case (so it will be
 case-insensitive) (default is on).
Version 0.8 07/Nov/2002 
 Add debugging for testing, such as printing if log line is  not in
 expected format.
 Adjust for newer log format.
 Check "sm-mta" log entries.
 Check for "relay" mailer also.
 Only add default hostname if username doesn't have "@" at-sign.
22/Feb/2002
 Match null <> sender.
 Better regex (add spaces).
 If ctladdr (local address) use it instead of /path/to/file.
 Add more local delivery types (virtual and *file*).
 Fix hour count so it only counts for successfully relay or delivery.
 Report count of sending problems. 
 Recount the total local deliveries (for comparisons).
 Renamed $delivered_messages variable to $sent_messages.
22/Jun/2001
 Fixed regex where in some situations total bytes in, messages in and
 local deliveries was empty.
31/Aug/2000
 Added output in megabytes for total bytes transferred and received
 Added log start and end times needed for reference!
31/May/2000
 Fixed problem where it didn't find (match) all data
 also show stats for multi-users per "to=" and for programs (like procmail)
 Fix scaling for dots
10/Mar/2000
 Changed scale for dots
8/Mar/2000
 Fixed bug where the dots wrapped around screen
7/Mar/2000
 Fixed bug where only 10 am and later hours showed stats
For your information:

eximstats reports: 

  Grand total summary of Volume, Messages, Hosts, Delayed and Failed
   for received and delivered.
  Deliveries by transport showing volume and messages.
  Messages received per hour (with dots representing a group of
   messages)
  Deliveries per hour (each dot is "n" delivery)
  Time spent on the queue for all messages
  Time spent on the queue for messages with at least one remote delivery
  Relayed messages
  Top 50 sending hosts by message count
  Top 50 sending hosts by volume
  Top 50 local senders by message count
  Top 50 local senders by volume
  Top 50 destinations by message count
  Top 50 destinations by volume
  Top 50 local destinations by message count
  Top 50 local destinations by volume
  Errors encountered: 0

pflogsumm reports: 

  Grand totals of messages (received, delivered, forwarded, deferred,
   bounced and rejected)
  Host/Domain Summary: Messages Received showing message count, bytes and
   host/domain.
  Senders by message count
  Recipients by message count
  Senders by message size
  Recipients by message size
  message deferral detail
  message bounce detail (by relay)
  message reject detail
  Warnings
  Fatal Errors
  Master daemon messages