[Gllug] GUI for postfix mail logs

Jan Henkins jan at henkins.za.net
Tue Sep 28 16:04:57 UTC 2010 

  Hello Narender,


On 28/09/10 09:36, Dave Lambley wrote:
> If you don't mind paying for software, Splunk is a very good GUI for
> logs generally.


Splunk [0] has a free, limited version (limited to a specific number of 
log instances) that can show you how it works.  You either love it or 
hate it, but it's a very powerful tool. If your site gets a reasonable 
amount of mail, the free version of Splunk will quickly reach it's 
limit. If real-time log analysis is important to you, Splunk is going to 
be your friend. Worth paying for IMHO.


> Dave
>
> On 28/09/2010, Narender<narender.hooda at gmail.com>  wrote:
>> Hi All
>>
>> we want to migrate our current production exchange server with
>> postfix. The only problem we are getting is a mail logs parser GUI.
>>
>> If anyone aware about any tool, please do advise. i am tried many
>> search with google but did not find any such tool.

If all you want is a text-based digest of your Postfix server logs, give 
pflogsumm [1] a try. It creates a simple text file you can use in 
reports. I have two instances running, one giving me an end-of-day 
report at the end of each day, and another one that runs hourly. The 
statistics it gives is quite useful, even if it's very high-level. If 
you need to be more specific, the logfile itself is easy enough to 
understand, even if you find it a tad intimidating at the moment.

OK, if you have already decided what you want and where you are going 
with your Postfix server (apart from the logs), feel free to stop 
reading now, since I'm about to start waffling on a bit about my mail 
system (hopefully somebody finds it useful).

I use Postfix teamed up with MailScanner [2], ClamAV [3] and Mailwatch 
[4] to protect my Exchange server. In your case you will most likely use 
your Postfix machine as the mailbox server as well, so in that case you 
will need a POP3 or IMAP4 service. If you haven't decided which one to 
use, Dovecot would be a good choice (it does POP3 and IMAP, as well as 
the secure variants), and I won't include a link for that since it 
should be pre-packaged for all the major Linux and BSD distros.

I use MailScanner to scan incoming mail for mal-ware, and it can be 
configured to use quite a number of different scanners to do the 
antivirus bit. In my case, I only use ClamAV. MailScanner can also use 
Spamassassin to do antispam checks in the background. As a means to give 
a team of helpdesk agents a friendly face to the mail quarantine 
(non-technical people needs to be able to release quarantined messages 
if needs be), I have Mailwatch as a web-based frontend to MailScanner. 
It also gives me a lot of nice information regarding spam and virus 
counts, all with pretty graphs to help to impress your boss.

A last word re MailScanner - it is a large and complex package, and it 
can easily kill an old slow server. I'm running it on a P4 2.8GHz 
machine with 2Gb or RAM, does mail for two email domains, and handles on 
average 120,000 of messages per day. This is not a huge amount of mail, 
but you can see the service spike up to 80% usage for brief periods of 
time. If this server had to deal with approx 250 users doing IMAP as 
well, I would have been in trouble. Depending on your anticipated mail 
and user load, ensure you have plenty of iron available to handle your 
mail. Still, it's a very feature-rich system that is seriously worth 
looking at. Alternatives to MailScanner would be something like Amavis 
[5] (a lot lighter on resources than MailScanner), coupled with 
Spamassassin [6].

Yet another possible route - why don't you look at a system that 
includes a packaged, already integrated setup? There are a number of 
solutions available.  The two ones I have encountered before are called 
SME server [7] (based on CentOS), and Zentyal [8] (based on Ubuntu 
server). These have web-based tools available to look at things like 
logs, and makes it easy for you to administer mailboxes and the like.

Links:

[0] Splunk website: http://www.splunk.com/
[1] pflogsumm: http://jimsun.linxnet.com/postfix_contrib.html
[2] MailScanner: http://mailscanner.info/
[3] ClamAV: http://www.clamav.net/
[4] Mailwatch: http://mailwatch.sourceforge.net
[5] Amavis: http://www.amavis.org/
[6] Spamassassin: http://spamassassin.apache.org/
[7] SME server: http://wiki.contribs.org/Main_Page
[8] Zentyal (previously called eBox): http://www.zentyal.org/

-- 
Regards,
Jan Henkins

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list