[newbie] Logwatch + Postfix + Mailman

To: debian-user@lists.debian.org
Subject: [newbie] Logwatch + Postfix + Mailman
From: Stanisław Findeisen <sf181257@gmail.com>
Date: Thu, 22 Jul 2010 11:39:59 +0200
Message-id: <[🔎] 4C4811EF.3050608@gmail.com>
Reply-to: stf@eisenbits.homelinux.net

Hi

I have several simple questions regarding Logwatch reporting on Postfix
logs with Mailman involved, too.

(1) How does Logwatch work? Suppose an attacker manages to break into
the machine and deletes/changes parts of the logs. Will Logwatch get
tricked by this or not?
I guess Logwatch is just run periodically from cron, so the answer is yes...

(2) This is what appeared in my logwatch today:

>  ################### Logwatch 7.3.6+cvs20080702-debian (07/02/08) #################### 
>         Processing Initiated: Thu Jul 22 09:30:47 2010
>         Date Range Processed: yesterday
>                               ( 2010-Jul-21 )
>                               Period is day.
> [...]
>  --------------------- Postfix Begin ------------------------ 
> 
>         1   *Warning: Queue file size limit exceeded 
>  
>    16.730M  Bytes accepted                        17,542,489
>    29.163M  Bytes sent via SMTP                   30,579,186
>     8.382M  Bytes delivered                        8,788,693
>  ========   ================================================

I'd like to understand the numbers. :-)

First, the traffic yesterday was really low. With one exception: I have
a Mailman mailing list, and 1 subscriber (Ilona) sent to it an e-mail
with about 4 MB in size. So, the e-mail was delivered to:

1. a Mailman command
2. a local mailbox of list member (just 1)
3. 7 non-local mailing list members:
   3x gmail.com
   1x gazeta.pl relay=ASPMX.L.GOOGLE.COM
   3  other servers (all diferent).

The question is, how does this sum up to the Logwatch/Postfix numbers above.

* Does delivery to the mailman command and delivery to a local mailbox
(after mailman command execution) count each on its own, so there should
be ca. 4 MB + 4 MB? Or only the submission to the mailman command
counts, so there should be just 4 MB?

* Does 29 MB ("sent via SMTP") comes from 7 * 4 MB? As I said there are
3 Gmail members, so that would mean that they all add up. How many times
is e-mail body physically transmitted over the network in such a case?

* I have no idea where does 16.7 MB accepted comes from, though. However
before successful 4 MB submission by Ilona someone tried to send in an
e-mail that was too big:

> Jul 21 12:11:26 smtpd[31280]: connect from mail-ww0-f46.google.com[74.125.82.46]
> Jul 21 12:11:26 smtpd[31280]: 2E..36: client=mail-ww0-f46.google.com[74.125.82.46]
> Jul 21 12:11:26 cleanup[31284]: 2E..36: message-id=<AANLk...Ux@mail.gmail.com>
> Jul 21 12:11:34 smtpd[31280]: warning: 2E..36: queue file size limit exceeded
> Jul 21 12:11:39 smtpd[31280]: disconnect from mail-ww0-f46.google.com[74.125.82.46]

Does this failed submission count as "bytes accepted"??

What was its size??

Thank you!

STF

http://eisenbits.homelinux.net/~stf/
OpenPGP: DFD9 0146 3794 9CF6 17EA  D63F DBF5 8AA8 3B31 FE8A

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Prev by Date: debian based network appliance
Next by Date: Re: dosfslabel finds problem, e2fsck does not
Previous by thread: Re: debian based network appliance
Next by thread: Which disk is failing?
Index(es):
- Date
- Thread