Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
RE: How to read anvil statistics
35 views
Skip to first unread message
robin.w...@ubs.com
Jan 19, 2015, 4:35:14 AM1/19/15
to
From what I can see in our logs, the transgressions that are logged only related to the worst offender in that time slot. If that is the case, is there a way to read the other offenders, i.e. to read a complete list of connection counts, etc. for other clients that are exceeding the limits.
Thanks, Robin
-----Original Message-----
From: owner-pos...@postfix.org [mailto:owner-pos...@postfix.org] On Behalf Of Wietse Venema
Sent: 15 January 2015 18:21
To: Postfix users
Subject: Re: How to read anvil statistics
robin.w...@ubs.com:
> Hi,
>
> Can any explain how to read the connection information that is
> stored by the anvil service. I would like to analyse the information
> so that I can raise alerts and/or send the messages from internal
> clients to the HOLD queue for subsequent deletion/release.
Transgressiona are logged by smtpd(8):
Message delivery request rate limit exceeded: %d from %s for service %s
Recipient address rate limit exceeded: %d from %s for service %s
New TLS session rate limit exceeded: %d from %s for service %s
Refusing STARTTLS request from %s for service %s
Connection concurrency limit exceeded: %d from %s for service %s
Connection rate limit exceeded: %d from %s for service %s
Where %d is a number, %s is hostname[address], and %s is service:client.
Statistics are logged by anvil:
Jan 15 00:06:48 spike postfix/anvil[75120]: statistics: max connection rate 4/60s for (smtpd:2604:8d00:0:1::7) at Jan 15 00:03:08
Jan 15 00:06:48 spike postfix/anvil[75120]: statistics: max connection count 3 for (smtpd:2604:8d00:0:1::7) at Jan 15 00:03:08
Jan 15 00:06:48 spike postfix/anvil[75120]: statistics: max recipient rate 4/60s for (smtpd:2604:8d00:0:1::7) at Jan 15 00:03:09
In the last 60 seconds there were 4 connections from 2604:8d00:0:1::7,
three connections from 2604:8d00:0:1::7, and 4 RCPT TO commands from
2604:8d00:0:1::7. This system does not rate limit messages, so it
keeps no statistics on those events.
Wietse
Thanks, Robin
-----Original Message-----
From: owner-pos...@postfix.org [mailto:owner-pos...@postfix.org] On Behalf Of Wietse Venema
Sent: 15 January 2015 18:21
To: Postfix users
Subject: Re: How to read anvil statistics
robin.w...@ubs.com:
> Hi,
>
> Can any explain how to read the connection information that is
> stored by the anvil service. I would like to analyse the information
> so that I can raise alerts and/or send the messages from internal
> clients to the HOLD queue for subsequent deletion/release.
Transgressiona are logged by smtpd(8):
Message delivery request rate limit exceeded: %d from %s for service %s
Recipient address rate limit exceeded: %d from %s for service %s
New TLS session rate limit exceeded: %d from %s for service %s
Refusing STARTTLS request from %s for service %s
Connection concurrency limit exceeded: %d from %s for service %s
Connection rate limit exceeded: %d from %s for service %s
Where %d is a number, %s is hostname[address], and %s is service:client.
Statistics are logged by anvil:
Jan 15 00:06:48 spike postfix/anvil[75120]: statistics: max connection rate 4/60s for (smtpd:2604:8d00:0:1::7) at Jan 15 00:03:08
Jan 15 00:06:48 spike postfix/anvil[75120]: statistics: max connection count 3 for (smtpd:2604:8d00:0:1::7) at Jan 15 00:03:08
Jan 15 00:06:48 spike postfix/anvil[75120]: statistics: max recipient rate 4/60s for (smtpd:2604:8d00:0:1::7) at Jan 15 00:03:09
In the last 60 seconds there were 4 connections from 2604:8d00:0:1::7,
three connections from 2604:8d00:0:1::7, and 4 RCPT TO commands from
2604:8d00:0:1::7. This system does not rate limit messages, so it
keeps no statistics on those events.
Wietse
Wietse Venema
Jan 19, 2015, 8:14:22 AM1/19/15
to
robin.w...@ubs.com:
is in violation.
Message delivery request rate limit exceeded: %d from %s for service %s
Recipient address rate limit exceeded: %d from %s for service %s
New TLS session rate limit exceeded: %d from %s for service %s
Refusing STARTTLS request from %s for service %s
Connection concurrency limit exceeded: %d from %s for service %s
Connection rate limit exceeded: %d from %s for service %s
Where %d is the number that you are looking for.
Wietse
> From what I can see in our logs, the transgressions that are logged
> only related to the worst offender in that time slot. If that is
> the case, is there a way to read the other offenders, i.e. to read
> a complete list of connection counts, etc. for other clients that
> are exceeding the limits.
Postfix already logs the transgressions along with the number that
> only related to the worst offender in that time slot. If that is
> the case, is there a way to read the other offenders, i.e. to read
> a complete list of connection counts, etc. for other clients that
> are exceeding the limits.
is in violation.
Message delivery request rate limit exceeded: %d from %s for service %s
Recipient address rate limit exceeded: %d from %s for service %s
New TLS session rate limit exceeded: %d from %s for service %s
Refusing STARTTLS request from %s for service %s
Connection concurrency limit exceeded: %d from %s for service %s
Connection rate limit exceeded: %d from %s for service %s
Wietse
0 new messages