[ Previous | Next | Contents | Glossary | Home | Search ]
AIX Version 4.3 System Management Guide: Communications and Networks

Managing Mail Logging

The sendmail command logs mail system activity through the syslogd daemon. The syslogd daemon must be configured and running for logging to occur. Specifically, the /etc/syslog.conf file may contain the uncommented line:

mail.debug           /var/spool/mqueue/log

If it does not, use your favorite editor to make this change; be certain that the path name is correct. If you change the /etc/syslog.conf file while the syslogd daemon is running, refresh the syslogd daemon by entering the command:

refresh -s syslogd

If the /var/spool/mqueue/log file does not exist, you must create it by entering the command:

touch /var/spool/mqueue/log

Messages in the log file appear in the following format:

Each line in the system log consists of a time stamp, the name of the machine that generated it (for logging from several machines over the local area network), the word "sendmail:," and a message. Most messages are a sequence of name=value pairs.

The two most common lines are logged when a message is processed. The first logs the receipt of a message; there will be one of these per message. Some fields may be omitted. These message fields are:

from Specifies the envelope sender address.
size Specifies the size of the message in bytes.
class Indicates the class (numeric precedence) of the message.
pri Specifies the initial message priority (used for queue sorting).
nrcpts Indicates the number of envelope recipients for this message (after aliasing and forwarding).
proto Specifies the protocol used to receive the message, for example Ethernet Simple Mail Transfer Protocol (SMTP) or UNIX-to-UNIX Copy Program (UUCP).
relay Specifies the machine from which it was received.

There is also one line logged per delivery attempt (so there can be several per message if delivery is deferred or there are multiple recipients). These fields are:

to Contains a comma-separated list of the recipients to this mailer.
ctladdr Specifies the "controlling user," that is, the name of the user whose credentials are used for delivery.
delay Specifies the total delay between the time this message was received and the time it was delivered.
xdelay Specifies the amount of time needed in this delivery attempt.
mailer Specifies the name of the mailer used to deliver to this recipient.
relay Specifies the name of the host that actually accepted (or rejected) this recipient.
stat Specifies the delivery status.

There is a large amount of information that can be logged. The log is arranged as a succession of levels. At the lowest level, only very unusual situations are logged. At the highest level, even the insignificant events are logged. As a convention, log levels under ten are considered "useful." Log levels above 64 are reserved for debugging purposes. Levels from 11-64 are reserved for verbose information.

The types of activities that the sendmail command puts into the log file are specified by the L option in the /etc/sendmail.cf file.

Managing the Log

Because information is continually appended to the end of the log file, it can become very large. Also, error conditions can cause unexpected entries to the mail queue. To keep the mail queue and log from growing too large, execute the /usr/lib/smdemon.cleanu shell script. This script forces the sendmail command to process the queue and maintains four progressively older copies of log files, named log.0, log.1, log.2, and log.3. Each time the script runs it moves:

This allows logging to start over with a new file. Run this script either manually or at a specified interval with the cron daemon.

Logging Traffic

Many SMTP implementations do not fully implement the protocol. For example, some personal computer-based Simple Mail Transfer Protocols (SMTPs) do not understand continuation lines in reply codes. These can be very hard to trace. If you suspect such a problem, you can set traffic logging using the -X flag. For example:

/usr/sbin/sendmail -X /tmp/traffic -bd

Using this command logs all traffic in the /tmp/traffic file.

This logs a lot of data very quickly and should never be used during normal operations. After starting such a daemon, force the errant implementation to send a message to your host. All message traffic in and out of sendmail, including the incoming SMTP traffic, will be logged in this file.

Using sendmail, you can log a dump of the open files and the connection cache by send it a SIGUSR1 signal. The results are logged at LOG_DEBUG priority.

Logging Mailer Statistics

The sendmail command tracks the volume of mail being handled by each of the mailer programs that interface with it (those mailers defined in the /etc/sendmail.cf file).

To start the accumulation of mailer statistics, create the /etc/sendmail.st file by entering:

touch /etc/sendmail.st

If the sendmail command encounters errors when trying to record statistics information, the command writes a message through the syslog subroutine. These errors do not affect other operations of the sendmail command.

The sendmail command updates the information in the file each time it processes mail. The size of the file does not grow, but the numbers in the file do. They represent the mail volume since the time you created or reset the /etc/sendmail.st file.

Displaying Mailer Information

The statistics kept in the /etc/sendmail.st file are in a database format that cannot be read as a text file. To display the mailer statistics, enter the command:

/usr/sbin/mailstats

This reads the information in the /etc/sendmail.st file, formats it, and writes it to standard output in the following format:

msgs_from bytes_from      msgs_to         bytes_to      Mailer 
        1         2             1              201      local

The fields in the report have the following meanings:

msgs_from Contains the number of messages received by the local machine from the indicated mailer.
bytes_from Contains the number of bytes in the messages received by the local machine from the indicated mailer.
msgs_to Contains the number of messages sent from the local machine using the indicated mailer.
bytes_to Contains the number of bytes in the messages sent from the local machine using the indicated mailer.

If the sendmail command transmits mail directly to a file, such as the $HOME/dead.letter file or an alias target, the message and byte counts are credited to the prog mailer.


[ Previous | Next | Contents | Glossary | Home | Search ]