About / News Features Download Documentation Installation Admin guide Configuration License Support Contact ScreenShots Help support SendmailAnalyzer!	The Sendmail/Postfix log analyzer SendmailAnalyzer as is name suggest is a free Sendmail/Postfix log analyzer. It process maillog files and generate dynamic statistics in HTML and graphical output. The reports are generated in real time so that it let you know at any moment what is going on your mail servers. It use time (hour, day, month and year views) and cross-linked navigation for easy use. SendmailAnalyzer is easy to install and highly configurable to match the dozen of Sendmail possible configurations. It also support report for all the major milter or sendmail filters like SpamAssassin, MailScanner, Clamav, Amavis, RBL check, J-ChkMail, etc. SendmailAnalyzer is really helpful for IT reporting. Collected data are stored in flat files that are automatically archived or delete to keep disk space. All reports before the current day are cached to save system resources and are displayed in less than 1 second. SendmailAnalyzer can be run on a home dedicated mail server, on multiple enterprise mail servers and on ISP mail servers for free. A single instance of SendmailAnalyzer can be used to monitor multiple sendmail server throught rsyslog. Since version 6.2 multiple rsyslog host report can be merge in a single report. This is the most advanced and complete statistics tool dedicated to the great Sendmail MTA. It's goal is not to support any kind of MTA or other log format but only being a full featured tool for Sendmail users and administrators. If you're searching something more general and not free take a look at SawMill, it's not so bad :-) News Version 9.4 - Wednesday August 12 2020 This release fix several issues reported by users during the last year, it also adds some new features and configuration directives. * Add support for dockerization based on the httpd apache2 docker image with sa_cache cron support built in. It also comes with a docker-compose example file. * Add configuration directive POSTSCREEN_DNSBL_THRESHOLD to set the threshold to detect case where postscreen reject an ip address. By default reject: RCPT from ... are not logged by postfix, we mark message as DNSBL rejected when DNSBL rank value is upper or equal. Default: 3. For a complete list of changes and credits see https://github.com/darold/sendmailanalyzer/releases/tag/v9.4 Version 9.3 - Wednesday August 08 2019 This release fixes some bugs reported since last release and adds several additional milters and useful features. New features: - Add support to Eset Mail Security reporting Virus and Spam detection. - Add report of sender relay for RBL Check detailed report. - parse amavisd-new spam detail and autolearn - Add support to MimeDefang filter_check_header that discard message following mail header score. - Add report of all recipients addresses for spam with multiple recipients as when messages are discarded they all have the same ID. This was resulting in the right count of senders but wrong count of recipients. Note that in this case the spam received counter is still related to senders count as they are not sent. Thanks to Hans Mayer for the report. - Add parsing of SPF/DKIM log entries. - Added database lookup of virtual domains, so sendmailanalyzer is not limited to the LOCAL_DOMAIN configuration directive. This is useful for mail servers which have virtual users and domains in their database and therefor no static configuration. - Change pie graph to bar graph for top senders and recipient. - Allow file path as value for LOCAL_DOMAIN configuration directive. New configuration directives: - Add new configuration directive RELAY_IP_ONLY to only store recipient or sender relay as Ip addresses. Actually when possible sendmailanalyzer extract the fqdn part of the relay not the Ip address. Enable this directive if you just want Ip addresses. - Add three new configuration directives to the sendmailanalyzer configuration file: - VIRTUAL_DOMAIN_DB DBI:mysql:database=mailserver:host=localhost Leave this unconfigured if you don't have virtual domains in a database set up or set the value to a valid Perl DBI DSN (data source name). Here this is a connection to a MySQL database so it require that Perl module DBI and DBD::MySQL are installed on your system. - VIRTUAL_DOMAIN_DB_USER and VIRTUAL_DOMAIN_DB_PASS The user and password to use to connect to the database. - VIRTUAL_DOMAIN_DB_QUERY SELECT name FROM virtual_domains The SQL query to use to retrieve the list of virtual domain that will be appended to the LOCAL_DOMAIN array. See LOCAL_DOMAIN for more information. - Add EXCLUDE_LINE configuration directive to exclude all lines matching a regexp from being parsed. Character # in the regex need to be escaped with a backslash. Use it to prevent unwanted line to be reported in Rejection reports. - Add NO_HOST_DOMAIN configuration directive. When activated, remove domain part of the syslog hostname. Some programme use FQDN instead of the single hostname. Set it to 1 if you have two report for the same hostname but one with the domain part. - On some MTA, message delivery is done outside and only queuing is logged, this mean that messages are counted as incoming but not delivered. Enable new directive NO_QUEUE_EXCLUSION to force sendmailanalyzer to take them as sent. For a complete list of changes and credits see https://github.com/darold/sendmailanalyzer/releases/tag/v9.3 Version 9.2 - Sunday January 17 2016 This release fixes some bugs reported since last release and adds several additional milters and useful features. * All column in detailed views are now sortable. * Add support to systemd journalctl with the JOURNALCTL_CMD configuration directive or the -j command line option. * Allow parsing of log files coming from multiple host. * Add support to postfix clamsmtpd virus and spampd detection. * Add report of subject in detailed view when available in log file. * Add date before hour in the detailed report. * Add explanation about how to rebuild reports in documentation. There's also new command line parameters or configuration directive: * Add -j \| --journalctl command line option to specify the journalctl command * Add -F \| --force command line option to be used instead of -f \| --full to parse full log file without taking care of the history file LAST_PARSED. This is useful if you always have log files with fresh entries and log files coming from multiple host. Before that you had to remove the history file before parsing a new log. For a complete list of changes and credits see https://github.com/darold/sendmailanalyzer/releases/tag/v9.2 Version 9.1 - Sunday April 19 2015 This release fixes one year of reported issues, adds several additional milters and useful features. * Add CSV export of top senders and recipients as well as search results. * Add STARTLS status report in the Status report. * More translation file: Russian and Italian. * Add DSN report for postfix log. * Add support to Exim log file. * Add support to milter-limit reported in Top Rejection & Events report with status starting with "has exceeded ...". * Improve incremental mode by seeking directly to last parser position in the logfile after last run. It will also auto detect file rotation and fall back to the start of the file when the file has changed. * Add postfix warning into SysErr reports. * Add support to spampd spam detection. * Add information about settings for sendmailanalyzer into systemd service. * Add ruleset=check_relay with reject=550 5.7.1 to the spam reports. There's also new command line parameters or configuration directive: * --duplicate command line option to use to fix a bad Postfix behavior which use different MTA id per recipient for a single message. Note that when enabled, you will not see messages with multiple recipient. * Add new configuration directives EXCLUDE_FROM, EXCLUDE_RELAY and EXCLUDE_TO to not report emails from/to the specified list of senders/recipients or from senders relay. * Add WEEKLY_FREE_SPACE configuration directive to force sa_cache to archive or remove data file each weeks instead of default per month. UPGRADE: You need to reinstall all file and rebuild your configuration file from the new default configuration file. Data files do not need to be remove, backward compatibility is preserved. For a complete list of changes and credits see https://github.com/darold/sendmailanalyzer/releases/tag/v9.1 Version 9.0 - Saturday March 15 2014 This is a major release with lot of major enhancements and a full year of bugs fixes. There is a complete remove of dependency to libgd and GD::Graph* Perl modules, graphs are now drawn using the flotr2 javascript library. It adds support to ipv6 addresses, a new week view in the calendar menu. It also restores reports on postgrey and adds support to policyd-weight, sqlgrey and maiad plugins. A new directive EXCLUDE_TO to be able to exclude some destination addresses from reports and new Brazilian Portuguese translation file pt_BR. UPGRADE: You need to reinstall all file and rebuild your configuration file from the new default configuration file. Data files may not need to be remove, backward compatibility should be preserved. For a complete list of changes and credits see https://github.com/darold/sendmailanalyzer/releases/tag/v9.0

About / News
Features
Download
Documentation

Help support
SendmailAnalyzer!

The Sendmail/Postfix log analyzer

SendmailAnalyzer as is name suggest is a free Sendmail/Postfix log analyzer. It process maillog files and generate dynamic statistics in HTML and graphical output. The reports are generated in real time so that it let you know at any moment what is going on your mail servers. It use time (hour, day, month and year views) and cross-linked navigation for easy use.

SendmailAnalyzer is easy to install and highly configurable to match the dozen of Sendmail possible configurations. It also support report for all the major milter or sendmail filters like SpamAssassin, MailScanner, Clamav, Amavis, RBL check, J-ChkMail, etc. SendmailAnalyzer is really helpful for IT reporting.

Collected data are stored in flat files that are automatically archived or delete to keep disk space. All reports before the current day are cached to save system resources and are displayed in less than 1 second.

SendmailAnalyzer can be run on a home dedicated mail server, on multiple enterprise mail servers and on ISP mail servers for free. A single instance of SendmailAnalyzer can be used to monitor multiple sendmail server throught rsyslog. Since version 6.2 multiple rsyslog host report can be merge in a single report.

This is the most advanced and complete statistics tool dedicated to the great Sendmail MTA. It's goal is not to support any kind of MTA or other log format but only being a full featured tool for Sendmail users and administrators. If you're searching something more general and not free take a look at SawMill, it's not so bad :-)

News

Version 9.4 - Wednesday August 12 2020

This release fix several issues reported by users during the last year, it also adds some new features and configuration directives.

  * Add support for dockerization based on the httpd apache2
    docker image with sa_cache cron support built in.
    It also comes with a docker-compose example file.

  * Add configuration directive POSTSCREEN_DNSBL_THRESHOLD to set the
    threshold to detect case where postscreen reject an ip address. By
    default  reject: RCPT from ... are not logged by postfix, we mark
    message as DNSBL rejected when DNSBL rank value is upper or equal.
    Default: 3.

For a complete list of changes and credits see https://github.com/darold/sendmailanalyzer/releases/tag/v9.4

Version 9.3 - Wednesday August 08 2019

This release fixes some bugs reported since last release and adds several additional milters and useful features.

New features:

  - Add support to Eset Mail Security reporting Virus and Spam detection.
  - Add report of sender relay for RBL Check detailed report.
  - parse amavisd-new spam detail and autolearn
  - Add support to MimeDefang filter_check_header that discard message
    following mail header score.
  - Add report of all recipients addresses for spam with multiple recipients
    as when messages are discarded they all have the same ID. This was
    resulting in the right count of senders but wrong count of recipients.
    Note that in this case the spam received counter is still related to
    senders count as they are not sent. Thanks to Hans Mayer for the report.
  - Add parsing of SPF/DKIM log entries.
  - Added database lookup of virtual domains, so sendmailanalyzer is not
    limited to the LOCAL_DOMAIN configuration directive. This is useful
    for mail servers which have virtual users and domains in their database
    and therefor no static configuration.
  - Change pie graph to bar graph for top senders and recipient.
  - Allow file path as value for LOCAL_DOMAIN configuration directive.

New configuration directives:

  - Add new configuration directive RELAY_IP_ONLY to only store recipient or
    sender relay as Ip addresses. Actually when possible sendmailanalyzer
    extract the fqdn part of the relay not the Ip address. Enable this
    directive if you just want Ip addresses.
  - Add three new configuration directives to the sendmailanalyzer configuration
    file:
    
      - VIRTUAL_DOMAIN_DB   DBI:mysql:database=mailserver:host=localhost
    
    Leave this unconfigured if you don't have virtual domains in a database
    set up or set the value to a valid Perl DBI DSN (data source name). Here
    this is a connection to a MySQL database so it require that Perl module
    DBI and DBD::MySQL are installed on your system.
    
      - VIRTUAL_DOMAIN_DB_USER and VIRTUAL_DOMAIN_DB_PASS
    
    The user and password to use to connect to the database.
    
      - VIRTUAL_DOMAIN_DB_QUERY     SELECT name FROM virtual_domains
    
    The SQL query to use to retrieve the list of virtual domain that will
    be appended to the LOCAL_DOMAIN array. See LOCAL_DOMAIN for more
    information.
  - Add EXCLUDE_LINE configuration directive to exclude all lines matching a
    regexp from being parsed. Character # in the regex need to be escaped with
    a backslash. Use it to prevent unwanted line to be reported in Rejection reports.
  - Add NO_HOST_DOMAIN configuration directive. When activated, remove domain part
    of the syslog hostname. Some programme use FQDN instead of the single hostname.
    Set it to 1 if you have two report for the same hostname but one with the domain
    part.
  - On some MTA, message delivery is done outside and only queuing is logged,
    this mean that messages are counted as incoming but not delivered. Enable
    new directive NO_QUEUE_EXCLUSION to force sendmailanalyzer to take them
    as sent.

For a complete list of changes and credits see https://github.com/darold/sendmailanalyzer/releases/tag/v9.3

Version 9.2 - Sunday January 17 2016

This release fixes some bugs reported since last release and adds several additional milters and useful features.

  * All column in detailed views are now sortable.
  * Add support to systemd journalctl with the JOURNALCTL_CMD configuration
    directive or the -j command line option.
  * Allow parsing of log files coming from multiple host.
  * Add support to postfix clamsmtpd virus and spampd detection.
  * Add report of subject in detailed view when available in log file.
  * Add date before hour in the detailed report.
  * Add explanation about how to rebuild reports in documentation.

There's also new command line parameters or configuration directive:

  * Add -j | --journalctl command line option to specify the journalctl command
  * Add -F | --force command line option to be used instead of -f | --full to
    parse full log file without taking care of the history file LAST_PARSED.
    This is useful if you always have log files with fresh entries and log
    files coming from multiple host. Before that you had to remove the
    history file before parsing a new log.

For a complete list of changes and credits see https://github.com/darold/sendmailanalyzer/releases/tag/v9.2

Version 9.1 - Sunday April 19 2015

This release fixes one year of reported issues, adds several additional milters and useful features.

  * Add CSV export of top senders and recipients as well as search results.
  * Add STARTLS status report in the Status report.
  * More translation file: Russian and Italian.
  * Add DSN report for postfix log.
  * Add support to Exim log file.
  * Add support to milter-limit reported in Top Rejection & Events report
    with status starting with "has exceeded ...".
  * Improve incremental mode by seeking directly to last parser position
    in the logfile after last run. It will also auto detect file rotation
    and fall back to the start of the file when the file has changed.
  * Add postfix warning into SysErr reports.
  * Add support to spampd spam detection.
  * Add information about settings for sendmailanalyzer into systemd service.
  * Add ruleset=check_relay with reject=550 5.7.1 to the spam reports.

There's also new command line parameters or configuration directive:

  * --duplicate command line option to use to fix a bad Postfix behavior
    which use different MTA id per recipient for a single message. Note that
    when enabled, you will not see messages with multiple recipient.
  * Add new configuration directives EXCLUDE_FROM, EXCLUDE_RELAY and EXCLUDE_TO
    to not report emails from/to the specified list of senders/recipients or
    from senders relay.
  * Add WEEKLY_FREE_SPACE configuration directive to force sa_cache to archive
    or remove data file each weeks instead of default per month.

UPGRADE: You need to reinstall all file and rebuild your configuration file from the new default configuration file. Data files do not need to be remove, backward compatibility is preserved.

For a complete list of changes and credits see https://github.com/darold/sendmailanalyzer/releases/tag/v9.1

Version 9.0 - Saturday March 15 2014

This is a major release with lot of major enhancements and a full year of bugs fixes. There is a complete remove of dependency to libgd and GD::Graph* Perl modules, graphs are now drawn using the flotr2 javascript library. It adds support to ipv6 addresses, a new week view in the calendar menu. It also restores reports on postgrey and adds support to policyd-weight, sqlgrey and maiad plugins. A new directive EXCLUDE_TO to be able to exclude some destination addresses from reports and new Brazilian Portuguese translation file pt_BR.

UPGRADE: You need to reinstall all file and rebuild your configuration file from the new default configuration file. Data files may not need to be remove, backward compatibility should be preserved.

For a complete list of changes and credits see https://github.com/darold/sendmailanalyzer/releases/tag/v9.0