Am 03.07.2013 10:53, schrieb Frerich Raabe:
Am 7/3/2013 10:32 AM, schrieb pvsuja:
I have set up a mail server with dovecot as IMAP/POP3 server, postfix as MTA and roundcube as web mail client. Other mail clients such as Thunderbird is also being used for mail access.
Now as a security policy in our organization, I want to know the IP addresses of the machines from which my mail server was accessed.
Is there any monitoring tools to get these details?
A cron job doing
grep "imap-login: Login:" /var/log/maillog
might do the job already. The 'rip=' part of the matches tells you the remote IP. Instead of /var/log/maillog you might have to check another file (it depends on your Dovecot setup).
graphic realtime logging may also be done out of syslog by using some monitoring solution like nagios , xymon, zabbix etc
this might give you ideas, hove to code your own stuff
http://sys4.de/de/blog/2013/04/02/monitoring-logfile-entries-logwatch/
http://sys4.de/de/blog/2013/01/10/xymon-dovecot-count-imap-pop3-logins-graph...
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein