Mail Traffic Calculation

(updated for H-Sphere 2.4.3 Patch 1 and up)
 

This document explains how H-Sphere collects and rotates mail traffic.

H-Sphere cron script responsible for analyzing mail traffic is Here, dd.mm.YYYY is current date timestamp.

dd.mm.YYYY.qml.txt log files contain lines of the following format:

|name|xFer(kB)|Hits_All|Hits_HTML|

where name is the domain name, xFer is the total traffic in kilobytes.

Then, H-Sphere TrafficLoader utility is launched by cron to collect mail traffic from the statistics directory and to store it into the system database. TrafficLoader also calls the /hsphere/shared/scripts/xfer_cat.pl script to move the already loaded mail statistics files to the /hsphere/local/var/statistic/loaded directory as dd.mm.YYYY.qml.txt.gz archives.

 

Qmail Traffic Log

Before H-Sphere 2.4.3 Patch 1, H-Sphere collected mail statistics from the /var/log/maillog qmail log file.

In H-Sphere 2.4.3 Patch 1 and up, qmail writes a more detailed mail traffic log to the /var/hsphere/mail/logs/stats file. Log records have the following format:

date host msg_type[pid]: timestamp|sender|recipient|bytes|status|attempts

Here:

  • host: mail server host, e.g., "mail.example.com"
  • msg_type: in for incoming thread, and out for outgoing thread
  • pid: PID of the process
  • timestamp: UNIX timestamp of the date when the message is sent, e.g., 1119280814
  • sender: message sender's e-mail address
  • recipient: message recipient's e-mail address. For multiple recipients each one a separate line in the log
  • bytes: message size
  • status: message status. It is different for incoming and outgoing mail
    Incoming mail:
    • success - message is received successfully
    • timeout - no response from the source host while receiving the message
    • rejclam - message is received completely but detected as infected
    • rejspam - message is received completely but detected as spam;
    • manyhops - message is looping
    • bytestooverflow - message exceeds size limit
    Outgoing mail:
    • success - message is sent successfully
    • timeout - no response from destination host while sending the message
    • partial - malformed incoming message
    • readerr - internal server problems
  • (HS 2.4.3 Patch 4+) attempts: number of data transfers per one SMTP session






Home   Products   Services   News
© Copyright. . PSOFT. All Rights Reserved. Terms | Site Map