Linux monitor email processing live

Is there an application that can link all the mail processing steps together from connection to delivery in a way that shows the whole process and the decision live?

I know it's possible to tail -f /var/log/mail.log, but when there becomes a large amount of connections and internal steps (client authorisation, recipient authorisation, relays, bounces, etc.) this log can become quite time-consuming and prone to missing steps.

I'm thinking something a bit like "top" but for email.

e.g.

  1. connect from 1.2.3.4
  2. client denied/accepted, mail from, to
  3. recipient address verified/bounced
  4. policy checked, antispam, antivirus.
  5. relayed/delivered to...

This could then be shown in a top-like display like:

CONNECT               FROM           TO               POLICY     DELIVERY RESULT
example.com [1.2.3.4] [email protected] [email protected]  OK         Maildir  2.5.0 OK
spam.com [1.2.4.5]    [email protected]   [email protected]  SBL Fail   Reject   5.7.1 Deny
1.2.4.6                                               NO_FQDN    Reject   4.7.1 Retry

(Excuse the oversimplification)

Additionally, this could be used to build/store statistics on mail acceptance/rejection which could, in turn, be used to spot accidental misconfiguration. Has anyone seen anything like this?


A very interesting question! I have no real answer, but I still try to help you somehow.

Try pfqueue, it's not exactly -- or nowhere near :) -- you want, but a very useful and similar tool anyway.

Then there's isoqlog. It's a command line tool which produces HTML pages and thus is not a top clone, but of course you can browse the results with elinks or other text browser of your choice if you so will.

Last but not least, mailstats (or mailstats.pl) should show you some nice statistics about delivery times, error/return codes etc.


Exitop is a perl script that can tell you everything that is going on when using the exim MTA. qshape gives you some indication of what is happening with items in the postfix queues and you could put hooks into the postfix policy daemon or write some kind of parser for the log files, but I'm unaware of any tool that does this already. I'm not really familiar enough with sendmail to know how it could be done if you're using that MTA.