Topic: sme7admin email alerts

[magwm]

Hello forum and fellow Sme enthousiasts,

I use sme7admin to my great pleasure for many months now, for a medium-sized office.

Now and then I receive alerts that there are more than 200 incoming mails or more than 20 outgoing mails per 5 minutes.

I made an ad-hoc log with

Code: [Select]

tail -F /var/log/qmail/current|tai64nlocal|grep --line-buffered 'to remote' |tee>>maillog.log &
which makes a nice list of outgoing e-mail addresses. however, when I look at the time of the alert, I do not see so many outgoing e-mails.

What is happening? am I looking at the wrong log?

The incoming e-mails have the same problems: many times sme7admin tells me there are more than 200 incoming mails, but when I look at the 'maillog' inbox (which receives a copy of all incoming mails) no 200 mails are there.

Does sme7admin include rejected e-mails ?

thanks for your input, keep the spice flowing,

Michel

[thomasch]

Now and then I receive alerts that there are more than 200 incoming mails or more than 20 outgoing mails per 5 minutes.

Mau be you are hit by this known sme7admin problem ?

http://wiki.contribs.org/Sme7admin#Known_Problems

thomas

[magwm]

Hello, Thomas

No I do not think so, tis is an example:

mails in revers time order (most recent first) :

mail 0

Code: [Select]

www.gadis.it :Sat Nov 15 20:55:06 2008
During the last 5 minutes, 37 outgoing e-mails were detected, you had set the alert limit to 20 outgoing e-mails.
(Possible reasons : do you send spam ? administrate a mailing-list ?)
If you have access to the server-manager, use this link to modify the limit :
https://www.gadis.it/server-manager/cgi-bin/sme7admin?state=conf_alert&alert=max_mail_out
mail 1

Code: [Select]

www.gadis.it :Sat Nov 15 12:25:06 2008
During the last 5 minutes, 48 outgoing e-mails were detected, you had set the alert limit to 20 outgoing e-mails.
(Possible reasons : do you send spam ? administrate a mailing-list ?)
If you have access to the server-manager, use this link to modify the limit :
https://www.gadis.it/server-manager/cgi-bin/sme7admin?state=conf_alert&alert=max_mail_out
mail 2

Code: [Select]

www.gadis.it :Sat Nov 15 12:05:07 2008
During the last 5 minutes, 96 outgoing e-mails were detected, you had set the alert limit to 20 outgoing e-mails.
(Possible reasons : do you send spam ? administrate a mailing-list ?)
If you have access to the server-manager, use this link to modify the limit :
https://www.gadis.it/server-manager/cgi-bin/sme7admin?state=conf_alert&alert=max_mail_out
mail 3

Code: [Select]

www.gadis.it :Fri Nov 14 16:35:07 2008
During the last 5 minutes, 57 outgoing e-mails were detected, you had set the alert limit to 20 outgoing e-mails.
(Possible reasons : do you send spam ? administrate a mailing-list ?)
If you have access to the server-manager, use this link to modify the limit :
https://www.gadis.it/server-manager/cgi-bin/sme7admin?state=conf_alert&alert=max_mail_out
How can I log the moment that mail log rotation takes place? so I could see if the moments coincide..

thanks, Michel

[thyrsted]

Hello, Thomas

No I do not think so, tis is an example:

mails in revers time order (most recent first) :

mail 0

Code: [Select]

www.gadis.it :Sat Nov 15 20:55:06 2008
<SNIP>
mail 1

Code: [Select]

www.gadis.it :Sat Nov 15 12:25:06 2008
<SNIP>mail 2

Code: [Select]

www.gadis.it :Sat Nov 15 12:05:07 2008
<SNIP>mail 3

Code: [Select]

www.gadis.it :Fri Nov 14 16:35:07 2008
<SNIP>How can I log the moment that mail log rotation takes place? so I could see if the moments coincide..

thanks, Michel

I don't think this is a log-rotation-problem.

I've been using sme7admin on my server for appx. 2 years now.
Within the last 6 months or so i've seen that behaviour too.
sme7admin is sporadically reporting more than 5 mails outgoing.
sniffing/tracing on external interface reveals NO outgoing mails within +/- 20 mins of the time where sme7admin reported.

I suspected internal forwarding between various mailadresses, but now i don't know what to think.

At one time (shortly before a harsh reinstall) one XP behind the SME (server&Gateway) started to send spam.
sme7admin didn't report anything, allthough the outgoing mail queue was several kilometers long. (Thanks, qmHandle)
Spam was sent through the smtp-proxy , and i expect that sme7admin is counting outgoing mails somewhere deeper in the "SME-engine".

Not very helpful, but at least now You know that this behaviour is seen elsewhere.

Regards

Kenn

[uniqsys]

If it is any comfort, I too have been getting similar behaviour for months.  At one time sme7admin notified me that I had sent out 2930+ emails 2 or 3 days in a row, but I hadn't.  I have been waiting for the bug fix mentioned above hoping that might solve the problem.  Til then, ignore and  "delete notice" is all I do.  I admit though that this does hinder the usefulness of the notices if they are false positives.

[thomasch]

Hi,
Not to refrain you from posting your situation in this forum or bugtracker, but :
1. the place for the problem is in the bugtracker http://bugs.contribs.org/
2. Second, do not hope too much for any update/bugfix soon because sme7admin contribs author is having difficulties in finding spare time to read this forum and update sme7admin.

thomas