Mail Reports

MAIL Server - Log Reports - pflogsumm

[root@mail ~]# yum -y install postfix-pflogsumm

dnf install postfix-perl-scripts -y ->Centos8

AmlaLinux

CentOS: yum install postfix-pflogsumm -y

Ubuntu: apt-get install pflogsumm -y

2. Use

# Email details are counted within 7 days: pflogsumm /var/log/maillog

# Count today's email messages: pflogsumm -d today /var/log/maillog

# Count yesterday's email messages: pflogsumm -d yesterday /var/log/maillog

# Count messages for specific dates: pflogsumm "Apr 7" /var/log/maillog

If the log content is too much, you can use the following command to filter out the summary content:

pflogsumm -d today /var/log/maillog | grep -m 1 -A 18 "messages"

You can also use the following command to export to a file and then download the file to a local view:

pflogsumm -d today /var/log/maillog > maillog.txt

Specific date (YYYY-MM-DD): pflogsumm -d 2025-04-13 /var/log/maillog
Specific date and time (YYYY-MM-DD:HH:MM): pflogsumm -d 2025-04-13:10:30 /var/log/maillog

Extract sender activity from postfix logs for auditing user

pflogrep infractor@example.com /var/log/maillog

Or you can feed the output to pflogsumm and get nice statistics:

pflogrep infractor@example.com /var/log/maillog | pflogsumm

# generate log summary for yesterday

[root@mail ~]# perl /usr/sbin/pflogsumm -d today /var/log/maillog

perl /usr/sbin/pflogsumm -d yesterday /var/log/maillog

# /usr/sbin/pflogsumm /var/log/maillog

TAR File

https://jimsun.linxnet.com/downloads/pflogsumm-1.1.5.tar.gz

https://jimsun.linxnet.com/downloads/pflogsumm-1.1.3.tar.gz

yum -y install perl-Date-Calc

cd /usr/local/

curl -O http://jimsun.linxnet.com/downloads/pflogsumm-1.1.3.tar.gz

tar -xzf pflogsumm-1.1.3.tar.gz

mv pflogsumm-1.1.3 pflogsumm

chmod +x pflogsumm/pflogsumm.pl

----------------X-------OR-----------X-------------

yum -y install perl-Date-Calc

cd /usr/local/

curl -O http://jimsun.linxnet.com/downloads/pflogsumm-1.1.5.tar.gz

tar -xzf pflogsumm-1.1.5.tar.gz

mv pflogsumm-1.1.5 pflogsumm

chmod +x pflogsumm/pflogsumm.pl

1 9 * * * /usr/local/pflogsumm/pflogsumm.pl -e -d yesterday /var/log/maillog | mail -s 'Logwatch ABCGroup-Mail' xyx@gmail.com abc@worldcm.net

/usr/local/pflogsumm/pflogsumm.pl -e -d yesterday /var/log/maillog | mail -s 'Logwatch-Mail ABC_Group' xyx@gmail.com abc@worldcm.net

perl /usr/sbin/pflogsumm -d today /var/log/maillog

mv pflogsumm.pl /usr/sbin/pflogsumm

Testing

Test the script by running the following command. Make sure you substitute /var/log/maillog with your actual Postfix log location.

# perl /usr/local/pflogsumm/pflogsumm.pl /var/log/maillog

# perl /usr/local/pflogsumm/pflogsumm.pl -d today /var/log/maillog

# perl /usr/local/pflogsumm/pflogsumm.pl -d yesterday /var/log/maillog

We are going the see the top five(5) senders and receivers of email by volume and size

/usr/local/pflogsumm/pflogsumm.pl -u 5 -h 5 --problems_first \ -d today /var/log/maillog

/usr/local/pflogsumm/pflogsumm.pl -u 5 -h 5 -d today /var/log/maillog

perl /usr/sbin/pflogsumm -u 5 -h 5 --problems_first \ -d today /var/log/maillog

perl /usr/sbin/pflogsumm -u 5 -h 5 -d today /var/log/maillog

Postfix is blocking my pflogsumm emails!!

### allow pflogsumm reports through postfix (body_checks file) ###

/^ {6,11}[[:digit:]]{1,6}[ km] / OK

Get pflogsumm setup and running

Step 1: To get started you first need to download the pflogsumm.pl perl script. Download pflogsumm.pl here.

Step 2: Extract the files from the tar ball and put _only_ the perl script pflogsumm.pl into /usr/local/bin/ . Make sure the permissions are 700 for security.

Step 3: Setup a cron job to mail out the report every day at 11:59pm (23:59).

----------------------------------------------

Sending Mail

[root@mail ~]# crontab -e

# send mail log summary at AM 1:00 everyday to root

#[yum install]

00 01 * * * perl /usr/sbin/pflogsumm -e -d yesterday /var/log/maillog | mail -s 'Mail Statistics' accesstel

1 8 * * * perl /usr/sbin/pflogsumm -e -d yesterday /var/log/maillog | mail -s 'Mail Statistics' xyx@gmail.com abc@worldcm.net

#[TAR install]

00 01 * * * /usr/local/pflogsumm/pflogsumm.pl -e -d yesterday /var/log/maillog | mail -s 'Logwatch for Postfix' root

00 01 * * * perl /usr/sbin/pflogsumm -d today /var/log/maillog | mail -s 'Mail Statistics' faruq@gmail.com

0 4 * * * /usr/sbin/pflogsumm -d yesterday /var/log/mail.log --problems-first --rej-add-from --verbose-msg-detail -q | mutt -s "Postfix log summary" your-email-address

crontab -e

------------------------------------------------------

Postfix is blocking my pflogsumm emails

### allow pflogsumm reports through postfix (body_checks file) ### /^ {6,11}[[:digit:]]{1,6}[ km] / OK

## Skip pflogsumm report lines

/^ {6,11}\d{1,6}[ km] / OK

/^[A-Za-z0-9+\/=]{4,76}$/ OK

/^ {4}blocked using / OK

#################################################################################################################

perl /usr/sbin/pflogsumm -d today /var/log/maillog --problems-first

perl /usr/sbin/pflogsumm -d today /var/log/maillog --rej-add-from

perl /usr/sbin/pflogsumm -d today /var/log/maillog --rej-add-from --verbose-msg-detail

crontab -e

0 4 * * * /usr/sbin/pflogsumm -d yesterday /var/log/mail.log --problems-first --rej-add-from --verbose-msg-detail -q | mutt -s "Postfix log summary" you@example.com

dnf install mutt -y

Postfix Log Report

Pflogsumm is a great tool to create a summary of Postfix logs. Install it on Ubuntu with:

sudo apt install pflogsumm

Use the following command to generate a report for today.

sudo pflogsumm -d today /var/log/mail.log

Generate a report for yesterday.

sudo pflogsumm -d yesterday /var/log/mail.log

If you like to generate a report for this week.

sudo pflogsumm /var/log/mail.log

To emit “problem” reports (bounces, defers, warnings, rejects) before “normal” stats, use --problems-first flag.

sudo pflogsumm -d today /var/log/mail.log --problems-first

To append the email from address to each listing in the reject report, use --rej-add-from flag.

sudo pflogsumm -d today /var/log/mail.log --rej-add-from

To show the full reason in reject summaries, use --verbose-msg-detail flag.

sudo pflogsumm -d today /var/log/mail.log --rej-add-from --verbose-msg-detail

You can add a cron job to make pflogsumm to send a report to your email address every day.

sudo crontab -e

Add the following line, which will generate a report every day at 4:00 AM.

0 4 * * * /usr/sbin/pflogsumm -d yesterday /var/log/mail.log --problems-first --rej-add-from --verbose-msg-detail -q

To receive the report via email, add the following line above all cron jobs.

MAILTO="your-email-address"

You should pay attention to the message reject detail section, where you can see for what reason those emails are rejected and if there’s any false positives. Greylisting rejections are safe to ignore.

If the MAILTO variable has already been set but you want Postfix log summary sent to a different email address, you can put the following line in your Cron job.

0 4 * * * /usr/sbin/pflogsumm -d yesterday /var/log/mail.log --problems-first --rej-add-from --verbose-msg-detail -q | mutt -s "Postfix log summary" your-email-address

------------------------------------------------------------------------------------------------------------------------------------------------

o install pflogsumm in your Ubuntu, open your terminal with CTRL+ALT+T and type as

sudo apt-get install pflogsumm

Configuration:

We want pflogsumm to be run by a cron job each day and send the report to postmaster@example.com. Therefore we must configure our system that it writes one mail log file for 24 hours, and afterwards starts the next mail log so that we can feed the old mail log to pflogsumm. Therefore we configure logrotate (that's the program that rotates our system's log files) like this: open /etc/logrotate.conf and append the following stanza to it, after the line # system-specific logs may be configured here:

in terminal do as

sudo -i nano /etc/logrotate.conf

then

/var/log/mail.log { missingok daily rotate 7 create compress start 0 }

There's a logrotate script in /etc/cron.daily. This script is called everyday between 06:00h and 07:00h. With the configuration we just made, it will copy the current Postfix log /var/log/mail.log to /var/log/mail.log.0 and compress it, and the compressed file will be /var/log/mail.log.0.gz. It will also create a new, empty /var/log/mail.log to which Postfix can log for the next 24 hours.

Now we create the script /usr/local/sbin/postfix_report.sh which invokes pflogsumm and makes it send the report to postmaster@example.com:

nano /usr/local/sbin/postfix_report.sh

script as

#!/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin gunzip /var/log/mail.log.0.gz pflogsumm /var/log/mail.log.0 | formail -c -I"Subject: Mail Statistics" -I"From: pflogsumm@localhost" -I"To: postmaster@example.com" -I"Received: from www.example.com ([192.168.0.100])" | sendmail postmaster@example.com gzip /var/log/mail.log.0 exit 0

We must make this script executable:

chmod 755 /usr/local/sbin/postfix_report.sh

Then we create a cron job which calls the script everyday at 07:00h:

crontab -e

then

0 7 * * * /usr/local/sbin/postfix_report.sh &> /dev/null

This will send the report to postmaster@example.com. It looks like this in an email client:

############################

3 pflogsumm

To install pflogsumm, we run

aptitude install pflogsumm

We want pflogsumm to be run by a cron job each day and send the report to postmaster@example.com. Therefore we must configure our system that it writes one mail log file for 24 hours, and afterwards starts the next mail log so that we can feed the old mail log to pflogsumm. Therefore we configure logrotate (that's the program that rotates our system's log files) like this: open /etc/logrotate.conf and append the following stanza to it, after the line # system-specific logs may be configured here:

vi /etc/logrotate.conf

[...] # system-specific logs may be configured here /var/log/mail.log { missingok daily rotate 7 create compress start 0 }

There's a logrotate script in /etc/cron.daily. This script is called every day between 06:00h and 07:00h. With the configuration we just made, it will copy the current Postfix log /var/log/mail.log to /var/log/mail.log.0 and compress it, and the compressed file will be /var/log/mail.log.0.gz. It will also create a new, empty /var/log/mail.log to which Postfix can log for the next 24 hours.

Now we create the script /usr/local/sbin/postfix_report.sh which invokes pflogsumm and makes it send the report to postmaster@example.com:

vi /usr/local/sbin/postfix_report.sh

#!/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin gunzip /var/log/mail.log.0.gz pflogsumm /var/log/mail.log.0 | formail -c -I"Subject: Mail Statistics" -I"From: pflogsumm@localhost" -I"To: postmaster@example.com" -I"Received: from www.example.com ([192.168.0.100])" | sendmail postmaster@example.com gzip /var/log/mail.log.0 exit 0

We must make this script executable:

chmod 755 /usr/local/sbin/postfix_report.sh

Then we create a cron job which calls the script everyday at 07:00h:

crontab -e

0 7 * * * /usr/local/sbin/postfix_report.sh &> /dev/null

This will send the report to postmaster@example.com. It looks like this in an email client:

4 Links

----