[Dovecot] Who all accessed my dovecot server?
Hi,
I have set up a mail server with dovecot as IMAP/POP3 server, postfix as MTA and roundcube as web mail client. Other mail clients such as Thunderbird is also being used for mail access.
Now as a security policy in our organization, I want to know the IP addresses of the machines from which my mail server was accessed.
Is there any monitoring tools to get these details?
Regards,
Suja
-- View this message in context: http://dovecot.2317879.n4.nabble.com/Who-all-accessed-my-dovecot-server-tp43... Sent from the Dovecot mailing list archive at Nabble.com.
Am 03.07.2013 10:32, schrieb pvsuja:
Hi,
I have set up a mail server with dovecot as IMAP/POP3 server, postfix as MTA and roundcube as web mail client. Other mail clients such as Thunderbird is also being used for mail access.
Now as a security policy in our organization, I want to know the IP addresses of the machines from which my mail server was accessed.
Is there any monitoring tools to get these details?
Regards,
Suja
-- View this message in context: http://dovecot.2317879.n4.nabble.com/Who-all-accessed-my-dovecot-server-tp43... Sent from the Dovecot mailing list archive at Nabble.com.
logwatch gives you detailed report about ips pop3/imap also counts users/ip logins pop3/imap and shows delivers to imap folders, use it i.e daily with logrotate you might have to adjust dovecot logging level and use some logwatch ignores
http://sourceforge.net/projects/logwatch/files/
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Am 7/3/2013 10:32 AM, schrieb pvsuja:
I have set up a mail server with dovecot as IMAP/POP3 server, postfix as MTA and roundcube as web mail client. Other mail clients such as Thunderbird is also being used for mail access.
Now as a security policy in our organization, I want to know the IP addresses of the machines from which my mail server was accessed.
Is there any monitoring tools to get these details?
A cron job doing
grep "imap-login: Login:" /var/log/maillog
might do the job already. The 'rip=' part of the matches tells you the remote IP. Instead of /var/log/maillog you might have to check another file (it depends on your Dovecot setup).
-- Frerich Raabe - raabe@froglogic.com www.froglogic.com - Multi-Platform GUI Testing
Am 03.07.2013 10:53, schrieb Frerich Raabe:
Am 7/3/2013 10:32 AM, schrieb pvsuja:
I have set up a mail server with dovecot as IMAP/POP3 server, postfix as MTA and roundcube as web mail client. Other mail clients such as Thunderbird is also being used for mail access.
Now as a security policy in our organization, I want to know the IP addresses of the machines from which my mail server was accessed.
Is there any monitoring tools to get these details?
A cron job doing
grep "imap-login: Login:" /var/log/maillog
might do the job already. The 'rip=' part of the matches tells you the remote IP. Instead of /var/log/maillog you might have to check another file (it depends on your Dovecot setup).
graphic realtime logging may also be done out of syslog by using some monitoring solution like nagios , xymon, zabbix etc
this might give you ideas, hove to code your own stuff
http://sys4.de/de/blog/2013/04/02/monitoring-logfile-entries-logwatch/
http://sys4.de/de/blog/2013/01/10/xymon-dovecot-count-imap-pop3-logins-graph...
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
participants (3)
-
Frerich Raabe
-
pvsuja
-
Robert Schetterer