[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]

System Management Guide: Communications and Networks

Managing Mail Logging

The sendmail command logs mail system activity through the syslogd daemon. The syslogd daemon must be configured and running for logging to occur. Specifically, the /etc/syslog.conf file should contain the uncommented line:

mail.debug           /var/spool/mqueue/log

If it does not, use your favorite editor to make this change; be certain that the path name is correct. If you change the /etc/syslog.conf file while the syslogd daemon is running, refresh the syslogd daemon by typing the following command at a command line:

refresh -s syslogd

If the /var/spool/mqueue/log file does not exist, you must create it by typing the following command:

touch /var/spool/mqueue/log

Messages in the log file appear in the following format:

Each line in the system log consists of a time stamp, the name of the machine that generated it (for logging from several machines over the local area network), the word sendmail:, and a message. Most messages are a sequence of name=value pairs.

The two most common lines logged when a message is processed are the receipt line and the delivery attempt line. The receipt line logs the receipt of a message; there will be one of these per message. Some fields may be omitted. These message fields are:

from Specifies the envelope sender address.
size Specifies the size of the message in bytes.
class Indicates the class (numeric precedence) of the message.
pri Specifies the initial message priority (used for queue sorting).
nrcpts Indicates the number of envelope recipients for this message (after aliasing and forwarding).
proto Specifies the protocol used to receive the message, for example ESMTP or UNIX-to-UNIX Copy Program (UUCP).
relay Specifies the machine from which it was received.

The delivery attempt line is logged each time there is delivery attempt (so there can be several per message if delivery is deferred or there are multiple recipients). These fields are:

to Contains a comma-separated list of the recipients to this mailer.
ctladdr Specifies the controlling user, that is, the name of the user whose credentials are used for delivery.
delay Specifies the total delay between the time this message was received and the time it was delivered.
xdelay Specifies the amount of time needed in this delivery attempt.
mailer Specifies the name of the mailer used to deliver to this recipient.
relay Specifies the name of the host that actually accepted (or rejected) this recipient.
stat Specifies the delivery status.

Because such a large amount of information can be logged, the log file is arranged as a succession of levels. Beginning at level 1, the lowest level, only very unusual situations are logged. At the highest level, even the insignificant events are logged. As a convention, log levels ten and under the most useful information. Log levels above 64 are reserved for debugging purposes. Levels from 11-64 are reserved for verbose information.

The types of activities that the sendmail command puts into the log file are specified by the L option in the /etc/mail/sendmail.cf file. (For versions earlier than AIX 5.1, this file is /etc/sendmail.cf.)

Managing the Log

Because information is continually appended to the end of the log, the file can become very large. Also, error conditions can cause unexpected entries to the mail queue. To keep the mail queue and the log file from growing too large, run the /usr/lib/smdemon.cleanu shell script. This script forces the sendmail command to process the queue and maintains four progressively older copies of log files, named log.0, log.1, log.2, and log.3. Each time the script runs it moves:

Running this script allows logging to start over with a new file. Run this script either manually or at a specified interval with the cron daemon.

Logging Traffic

Many Simple Mail Transfer Protocols (SMTPs) implementations do not fully implement the protocol. For example, some personal computer-based SMTPs do not understand continuation lines in reply codes. These can be very hard to trace. If you suspect such a problem, you can set traffic logging by using the -X flag. For example:

/usr/sbin/sendmail -X /tmp/traffic -bd

This command logs all traffic in the /tmp/traffic file.

Because this command logs a lot of data very quickly, it should never be used during normal operations. After running the command, force the errant implementation to send a message to your host. All message traffic in and out of sendmail, including the incoming SMTP traffic, will be logged in this file.

Using sendmail, you can log a dump of the open files and the connection cache by sending it a SIGUSR1 signal. The results are logged at LOG_DEBUG priority.

Logging Mailer Statistics

The sendmail command tracks the volume of mail being handled by each of the mailer programs that interface with it. Those mailers are defined in the /etc/mail/sendmail.cf file. (For versions earlier than AIX 5.1, this file is /etc/sendmail.cf.)

Figure 2-1. Mailers Used by the Sendmail Command. This illustration is a type of top-down organizational chart with Mail and MH at the top. Branching from them are bellmail, BNU and SMTP. Underneath the previous level are local mailbox, UUCP link, and TCP/IP link respectively. Beneath UUCP link is remote mailbox and under TCP/IP link is remote mailbox.

Artwork for comma3

To start the accumulation of mailer statistics, create the /etc/mail/statistics file by typing the following:

touch /etc/mail/statistics

If the sendmail command encounters errors when trying to record statistics information, the command writes a message through the syslog subroutine. These errors do not affect other operations of the sendmail command.

The sendmail command updates the information in the file each time it processes mail. The size of the file does not grow, but the numbers in the file do. They represent the mail volume since the time you created or reset the /etc/mail/statistics file.

Note: In versions earlier than AIX 5.1, statistics were kept in the /var/tmp/sendmail.st file.

Displaying Mailer Information

The statistics kept in the /etc/mail/statistics file are in a database format that cannot be read as a text file. To display the mailer statistics, type the following at a command prompt:


This reads the information in the /etc/mail/statistics file, formats it, and writes it to standard output. For information on the output of the /usr/sbin/mailstats command, read its description in the AIX 5L Version 5.1 Commands Reference.

[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]