Dovecot v2.1+ Statistics

There are different “zoom levels” you may use to view the following statistics:

  • command: Per-IMAP command
  • session: Per IMAP/POP3 connection
  • user: Per user (all of user’s sessions summed up)
  • domain: Per domain (all of domain’s users summed up)
  • ip: Per IP address (all sessions from the IP summed up)

Basic Configuration

mail_plugins = $mail_plugins stats
protocol imap {
  mail_plugins = $mail_plugins imap_stats
}
plugin {
  # how often to session statistics
  stats_refresh = 30 secs
  # track per-IMAP command statistics
  stats_track_cmds = yes
}

You’ll also need to give enough permissions for mail processes to be able to write to stats-mail fifo. For example if you use a single “vmail” user for mail access:

service stats {
  fifo_listener stats-mail {
    user = vmail
    mode = 0600
  }
}

Statistics gathered

Statistics gathered using the getrusage() system call:

  • user_cpu: User CPU (seconds.microseconds)
  • sys_cpu: System CPU (seconds.microseconds)
  • min_faults: Minor page faults (page reclaims)
  • maj_faults: Major page faults
  • vol_cs: Voluntary context switches
  • invol_cs: Involuntary context switches
  • disk_input: Number of bytes read from disk
  • disk_output: Number of bytes written to disk

The disk_input and disk_output attempt to count the actual read/write bytes to physical disk, so e.g. reads from OS’s cache aren’t counted. Note that not all operating systems and filesystem support this, instead they simply show these values always as 0.

Statistics gathered by Dovecot’s lib-storage internally:

  • lookup_path: Number of open() and stat() calls (i.e. “path lookups”)
  • lookup_attr: Number of stat() and fstat() calls
  • read_count: Number of read() calls for message data (e.g. index files not counted)
  • read_bytes: Number of message bytes read()
  • cache_hits: Number of cache hits from dovecot.index.cache file


Advertisements

RoundCube Fail2Ban Plugin

RoundCube Fail2Ban Plugin is a small plugin that will display a failed login attempts to your syslog or userlogins log file. Using this information Fail2Ban be able to block a user for a set amount of time. The best part, the block is happing at the IP level and blocks the IP address, not the user they are try to log in as.

Download

  • tgz | zip | git – Version: 1.0 (2009-Jul-09)

Install

  • Place this plugin folder into the RoundCube plugins directory (roundcube/plugins/)
  • Add fail2ban to $rcmail_config[‘plugins’] in your RoundCube config

Note: When downloading this plugin from http://github.com/mattrude/rc-plugin-fail2ban you will need to create a directory called fail2ban and place fail2ban.php in there, ignoring the root directory in the downloaded archive. You may also run ‘git clone git://github.com/mattrude/rc-plugin-fail2ban.git fail2ban’ from the plugins directory.

Fail2Ban Setup

fail2ban/jail.conf:

[roundcube]
enabled  = true
port     = http,https
filter   = roundcube
action   = iptables-multiport[name=roundcube, port="http,https"]
logpath  = /var/www/html/roundcube/logs/userlogins

fail2ban/filter.d/roundcube.conf:

[Definition]
failregex = FAILED login for .*. from <HOST>
ignoreregex =