Postfix Monitoring With Mailgraph And pflogsumm - Page 3

4 Fedora Core 5


4.1 Mailgraph

There's no Mailgraph package available for Fedora Core 5, so we must install it manually. First, we need to install the prerequsities that Mailgraph requires:

yum install rrdtool rrdtool-perl perl-File-Tail

Then we download the Mailgraph sources and copy the Mailgraph scripts to the appropriate locations:

cd /tmp
tar xvfz mailgraph-1.12.tar.gz
cd mailgraph-1.12
mv /usr/local/bin/
mv mailgraph-init /etc/init.d/mailgraph

Now we must adjust the Mailgraph init script /etc/init.d/mailgraph:

vi /etc/init.d/mailgraph

On Fedora, the Postfix mail log is /var/log/maillog, so we change




Then we add another variable to /etc/init.d/mailgraph, IGNORE_LOCALHOST. If you have integrated a content filter like amavisd into Postfix, add this line


to the block where the variables like MAIL_LOG are defined. If you don't use a content filter, add this line instead:


In both cases, change

        nice -19 $MAILGRAPH_PL -l $MAIL_LOG -d \
                --daemon-pid=$PID_FILE --daemon-rrd=$RRD_DIR


        nice -19 $MAILGRAPH_PL -l $MAIL_LOG -d \
                --daemon-pid=$PID_FILE --daemon-rrd=$RRD_DIR $IGNORE_LOCALHOST

So the final script should look like this (in this case, with --ignore-localhost enabled):


# $Id: mailgraph-init,v 1.4 2005/06/13 11:23:22 dws Exp $
# example init script for mailgraph
# chkconfig: 2345 82 28
# description: mailgraph postfix log grapher.
# processname:
# pidfile: /var/run/


case "$1" in
        echo "Starting mail statistics grapher: mailgraph";
        nice -19 $MAILGRAPH_PL -l $MAIL_LOG -d \
                --daemon-pid=$PID_FILE --daemon-rrd=$RRD_DIR $IGNORE_LOCALHOST

        echo "Stopping mail statistics grapher: mailgraph";
        if [ -f $PID_FILE ]; then
                kill `cat $PID_FILE`
                rm $PID_FILE
                echo "mailgraph not running";

        echo "Usage: $0 { start | stop }"
        exit 1

exit 0

Next we make the script executable, create the appropriate system startup links and start Mailgraph:

chmod 755 /etc/init.d/mailgraph
chkconfig --levels 235 mailgraph on
/etc/init.d/mailgraph start

Still in the /tmp/mailgraph-1.12 directory, we move mailgraph.cgi to our cgi-bin directory:

mv mailgraph.cgi /var/www/

Now we open the file and adjust the locations of the two Mailgraph databases.

vi /var/www/


my $rrd = 'mailgraph.rrd'; # path to where the RRD database is
my $rrd_virus = 'mailgraph_virus.rrd'; # path to where the Virus RRD database is


my $rrd = '/var/lib/mailgraph.rrd'; # path to where the RRD database is
my $rrd_virus = '/var/lib/mailgraph_virus.rrd'; # path to where the Virus RRD database is

Then we make the script executable:

chmod 755 /var/www/

If you use suExec for the web site, you must chown mailgraph.cgi to the appropriate owner and group.

Now direct your browser to, and you should see some graphs. Of course, there must be some emails going through your system before you see the first results, so be patient.


4.2 pflogsumm

The steps differ only slightly from those on Debian and Ubuntu. The main difference is that Postfix logs to /var/log/maillog on Fedora instead of /var/log/mail.log (Debian/Ubuntu) (pay attention to the dot!).

First we install pflogsumm:

yum install postfix-pflogsumm

We want pflogsumm to be run by a cron job each day and send the report to Therefore we must configure our system that it writes one mail log file for 24 hours, and afterwards starts the next mail log so that we can feed the old mail log to pflogsumm. Therefore we configure logrotate (that's the program that rotates our system's log files) like this: open /etc/logrotate.conf and append the following stanza to it, after the line # system-specific logs may be configured here:

vi /etc/logrotate.conf

/var/log/maillog {
    rotate 7
    start 0

Also change /etc/logrotate.d/syslog

vi /etc/logrotate.d/syslog


/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
        /bin/kill -HUP `cat /var/run/ 2> /dev/null` 2> /dev/null || true


/var/log/messages /var/log/secure /var/log/spooler /var/log/boot.log /var/log/cron {
        /bin/kill -HUP `cat /var/run/ 2> /dev/null` 2> /dev/null || true

There's a logrotate script in /etc/cron.daily. This script is called everyday between 06:00h and 07:00h. With the configuration we just made, it will copy the current Postfix log /var/log/maillog to /var/log/maillog.0 and compress it, and the compressed file will be /var/log/maillog.0.gz. It will also create a new, empty /var/log/maillog to which Postfix can log for the next 24 hours.

Now we create the script /usr/local/sbin/ which invokes pflogsumm and makes it send the report to

vi /usr/local/sbin/

gunzip /var/log/maillog.0.gz

pflogsumm /var/log/maillog.0 | formail -c -I"Subject: Mail Statistics" -I"From: pflogsumm@localhost" -I"To:" -I"Received: from ([])" | sendmail

gzip /var/log/maillog.0
exit 0

We must make this script executable:

chmod 755 /usr/local/sbin/

Then we create a cron job which calls the script everyday at 07:00h:

crontab -e

0 7 * * * /usr/local/sbin/ &> /dev/null

This will send the report to


5 Links

Share this page:

14 Comment(s)

Add comment


From: Anonymous at: 2006-07-13 15:07:02

Falko, you're the man! just a perfect howto!

From: Doug at: 2009-02-23 14:19:22

If you do a pflogsumm --help, you'll note the option of -d yesterday.  This means you can get away from the logrotate entries entirely.



From: venol at: 2011-01-09 14:54:02

how to make it mailgraph and pflogsum to monitoring email one by one for user?

From: at: 2012-09-12 07:46:28

If someone is interested, take a look to this mailgraph patch ... add postscreen rejects to the errors graph:

From: at: 2006-12-28 01:50:06

wouldn't this script be more logical?

Saves a lot on cpu/disk io


zcat /var/log/mail.log.0.gz | pflogsumm | formail -c -I"Subject: Mail Statistics" -I"From: pflogsumm@localhost" -I"To:" -I"Received: from ([])" | sendmail; 
exit 0

From: at: 2007-12-10 01:26:07


Thanks for the article it was a very good starting point for me and I'd also like to contribute with my two comments:

- pflogsumm is capable of sending reports for yesterday and today so there's no need to change the rotation of the mail log files. You can just simply execute:

cat /var/log/mail.log.0 /var/log/mail.log | pflogsumm -d yesterday --problems_first

This is going to give you statistics for yesterday.

I personally created a file in /etc/cron.daily/ with this content:

echo -e "From:\nSubject: Daily Mail Statistics on `hostname --fqdn`\nTo: <>\n\n`cat /var/log/mail.log.0 /var/log/mail.log | pflogsumm -d yesterday --problems_first`\n\n\n\n`cat /var/log/mail.log.0 /var/log/mail.log | pflogsumm -d today --mailq --problems_first`\n"|sendmail -t
exit 0

This gives me statistics for yesterday 0-24 and also for today 0-6:47 am and also lists the content of the queues.

- If for some reason this was not working for you than it is very important to use the right tool for the log rotation. /var/log/mail* files are rotated by a script which comes with the sysklogd package. In your solution /var/log/mail.log is rotated twice, once by the sysklogd script on Sunday and once every day at 6:25. Which will result in a strange situation and you have only 4 days of history, because the sysklogd keeps only 4 versions.

So you can either disable the weekly rotation and use the rotation you described or do it the "proper way". I'm saying proper because the sysklogd rotation is doing other things as well. 

You need to edit two files in order to change the default (weekly rotation with 4 weeks of history) behavior. Add mail to the daily rotation script:


Add these lines: (-c 14 means keep 14 days of history)

# Non default logrotate for mail logs
for LOG in `syslogd-listfiles -a | grep mail`
  if [ -s $LOG ]; then
    savelog -g adm -m 640 -u root -c 14 $LOG >/dev/null

Disable mail logs in the weekly rotation file:


modify this line: 

for LOG in `syslogd-listfiles --weekly`

to look like this: 

for LOG in `syslogd-listfiles --weekly -s mail`

From: Anonymous at: 2006-07-06 10:08:38

This is quite neat. Just one minor gripe - after the first log rotation postfix wouldn't write to the new maillog - turned out I had to restart syslog. Maybe you could add this to your howto.


From: Anonymous at: 2006-07-06 18:28:41

previous poster -- syslog should be restarted as per logrotate.conf, check you haven't typo'ed.


 I only speed-read this so forgive me if I missed it, but if you are using amavisd-new or something similar you'll still end up with double-reporting of emails as pflogsumm doesn't handle this (see  Q.14) 



From: at: 2008-03-30 12:11:41

Many users have reported that syslog needs restarting otherwise the maillog file doesn't fill up and the pflogsumm emails just report zero emails. This seems to happen on RedHat based systems (Fedora, RHEL, CentOS).

The fix for this is to change the appropriate section of /etc/logrotate.conf to look like this:

 /var/log/maillog {
    rotate 7
    start 0
        /bin/kill -HUP `cat /var/run/ 2> /dev/null` 2> /dev/null || true

Additionally, to the previous poster, there is no double-reporting of emails when used with amavisd - this problem is overcome within the tutorial. 

From: at: 2011-01-27 10:13:30

When I run this command to check the output..

pflogsumm /var/log/maillog

I get all zeros, 

maillog file is okay, having lots of data.


I am using centos, ispconfig3.



From: Anonymous at: 2006-07-12 17:05:38

I agree... it seems to have taken some time, possibly two days, but it wasn't apparent that the logs broke.  I figured it is due to the edit of /etc/logrotate.d/syslog; removenig /var/log/maillog.  Since this is being excluded now, NO maillog logging is happening.  What is up with that suggestion?

From: Birta Levente at: 2012-05-08 10:53:03

If someone interested in I made a patch for mailgraph to show postfix/postscreen rejects:

From: theWoosh at: 2014-05-21 09:27:05

Hi - it's a fair bit later on and I noticed while getting mailgraph (1.14) to work on my debian/plesk installation, that a few things have changed. As it sure didn't work out of the box for me and there is little other documentation, I thought I would share my findings for anyone else struggling...


Two main things are new - one that some of the variables have been separated out to a conf file: /etc/default/mailgraph (that is automatically written to during package install), so for instance, the way to ignore localhost is now just to change the line in that file to read:


& for Plesk users:


I guess BOOT_START should also be set to  true...

...the other thing that has changed is that there is now an external css file that the mailgraph.cgi code uses to format output. I found that this didn't automatically get installed from the package and I had to get it from the tarball. I then found that it was broke if placed in the cgi-bin directory alongside mailgraph.cgi (apparently it tries to execute it as a cgi), so instead moved it to the httpdocs directory and modified the code to read:

 <link rel="stylesheet" href="../mailgraph.css" type="text/css" />

Missing Perl Modules 

Anyway that was later, since none of it worked when I installed it from the debian repository, so from here: I determined I was missing perl modules (check like so: ) as I don't really use any perl stuff on this server.

Installed cpanimus from here: FILE:Tail got installed in the process...but had to manually install Time::HiRes:

cpanm Time::HiRes

Permissions & image files 

 I still had errors as it was trying to save temporary image files to a directory it didn't have permissions on, so I modified mailgraph.cgi to read:

 my $tmp_dir = '/var/www/vhosts/';

...which was a directory already with write permission for the apache user.

Bigger Pictures

It now worked , but the charts were a bit small, so modified overall width in the css file and changed the mailgraph.cgi script so it read :

 my $xpoints = 930;


my $ypoints = 250;

.... Now it's working fine. Not an automatic setup by a long chalk, but I got there in the end and it looks fine!

I think it would be great to have some more documentation for this... from someone who undrstands it better than me! like I'm not even exactly clear what the legends represent on the graphs...! and is there any way you can get it to import old logs to get a view of the time before it was installed?? that would be awesome!  ...or get it to email a daily chart - bit more proactive?! Anyone.....? :-)

From: theWoosh at: 2014-05-21 09:31:30

sorry that last comment was meant to go on the Debian Lenny install not this one....