iRedMail
// Document IndexAttention
Check out the lightweight on-premises email archiving software developed by iRedMail team: Spider Email Archiver.
Attention
netdata (http://my-netdata.io) is a "Simple. Effective. Awesome!" monitor which can monitor almost everyting on your Linux/FreeBSD system. You can visit its website to check online demo.
We will show you how to install and configure netdata on iRedMail server (Linux) to monitor mail service related software.
cd /usr/ports/net-mgmt/netdata
make install clean
Main config file of netdata is /usr/local/etc/netdata/netdata.conf, it
contains many parameters with detailed comments. Here's the
config file
used by iRedMail:
127.0.0.1 and port 19999 by default. Since it doesn't
have ACL control, we will run netdata behind Nginx to get ACL control done in
Nginx.[registry]
enabled = no
[global]
bind to = 127.0.0.1
run as user = netdata
default port = 19999
update every = 3
[plugin:proc]
# Disable IPVS check since iRedMail doesn't use ipvs by default
/proc/net/ip_vs/stats = no
# inbound packets dropped
/proc/net/dev = no
netdata ships a lot modular config files to gather information of software running on the server, they have very good default settings and most config files don't need your attention at all, including:
But some applications do require extra settings, we will cover them below.
OpenLDAP supports an optional monitoring interface you can use to obtain
information regarding the current state of your OpenLDAP server. For instance,
the interface allows you to determine how many clients are connected to the
server currently. The monitoring information is provided by a specialized
backend, the monitor backend. A manual page, slapd-monitor(5) is available.
netdata-1.11.1 (released on 23 Nov 2018) supports monitoring OpenLDAP through
its monitor backend.
To enable monitor backend in OpenLDAP, please append lines below in
/usr/local/etc/openldap/slapd.conf:
Attention
You must replace dc=example,dc=com by the real LDAP suffix that you use.
database monitor
access to dn="cn=monitor"
by dn.exact="cn=Manager,dc=example,dc=com" read
by dn.exact="cn=vmail,dc=example,dc=com" read
by * none
It enables OpenLDAP backend monitor, also grant read access to dn
cn=Manager,dc=example,dc=com and cn=vmail,dc=example,dc=com. Again, you
must replace dc=example,dc=com by the real LDAP suffix that you use.
Also find lines in slapd.conf like below:
modulepath /usr/local/libexec/openldap
moduleload back_mdb
Append a new moduleload directive right after moduleload back_mdb like
below:
moduleload back_monitor
Now restart OpenLDAP service.
Create file /usr/local/etc/netdata/python.d/openldap.conf with content below:
Attention
dc=example,dc=com by the real LDAP suffix that you use.<password-of-vmail> by the real password of
cn=vmail. You can find it in files under /usr/local/etc/postfix/ldap/.update_every: 5
local:
username : "cn=vmail,dc=example,dc=com"
password : "<password-of-vmail>"
server : "localhost"
port : 389
timeout : 1
Now restart netdata service.
We need to enable stub_status in Nginx to get detailed server info, also
update php-fpm config file to enable similar feature.
/usr/local/etc/nginx/templates/stub_status.tmpl with
content below:location = /stub_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
location = /status {
include fastcgi_params;
fastcgi_pass php_workers;
fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
access_log off;
allow 127.0.0.1;
deny all;
}
/usr/local/etc/nginx/sites-enabled/00-default.conf,
include new snippet config file stub_status.tmpl after the
redirect_to_https.tmpl line like below:server {
...
include /usr/local/etc/nginx/templates/redirect_to_https.tmpl;
include /usr/local/etc/nginx/templates/stub_status.tmpl; # <- add this line
...
}
/usr/local/etc/php-fpm.d/www.conf, enable
parameter pm.status_path like below:pm.status_path = /status
We need to enable statistics module in Dovecot.
/usr/local/etc/dovecot/dovecot.conf,
append plugin stats in global parameter mail_plugins, and imap_stats
for imap protocol:mail_plugins = ... stats
protocol imap {
mail_plugins = ... imap_stats
...
}
plugin {
# how often to session statistics (must be set)
stats_refresh = 30 secs
# track per-IMAP command statistics (optional)
stats_track_cmds = yes
}
service stats {
fifo_listener stats-mail {
user = vmail
mode = 0644
}
inet_listener {
address = 127.0.0.1
port = 24242
}
}
netdata requires a SQL user (we use netdata here) with privilege USAGE to
gather MySQL server information.
<password> in
command below by the real (and strong) password).# mysql -u root
sql> GRANT USAGE ON *.* TO netdata@localhost IDENTIFIED BY '<password>';
sql> FLUSH PRIVILEGES;
Create file /usr/local/etc/netdata/python.d/mysql.conf with content below.
Attention
<password> below by the real password.tcp:
name: 'local'
host: '127.0.0.1'
port: '3306'
user: 'netdata'
pass: '<password>'
netdata requires a SQL user (we use netdata here) to gather PostgreSQL server
information.
<password> in
command below by the real (and strong) password).# su - postgres
$ psql
sql> CREATE USER netdata WITH ENCRYPTED PASSWORD '<password>' NOSUPERUSER NOCREATEDB NOCREATEROLE;
Create file /usr/local/etc/netdata/python.d/postgres.conf with content below.
Attention
<password> below by the real password.socket:
name : 'local'
user : 'netdata'
password : '<password>'
database : 'postgres'
/usr/local/etc/nginx/templates/netdata.tmpl with
content below:# Running netdata as a subfolder to an existing virtual host
# FYI: https://github.com/firehol/netdata/wiki/Running-behind-nginx
location = /netdata {
return 301 /netdata/;
}
location ~ /netdata/(?<ndpath>.*) {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
proxy_pass http://127.0.0.1:19999/$ndpath$is_args$args;
gzip on;
gzip_proxied any;
gzip_types *;
auth_basic "Authentication Required";
auth_basic_user_file /usr/local/etc/nginx/netdata.users;
}
/usr/local/etc/nginx/sites-enabled/00-default-ssl.conf,
include new snippet config file netdata.tmpl before the
misc.tmpl line like below:server {
...
include /usr/local/etc/nginx/templates/netdata.tmpl; # <- add this line
include /usr/local/etc/nginx/templates/misc.tmpl;
...
}
/usr/local/etc/nginx/netdata.users used for basic http auth:touch /usr/local/etc/nginx/netdata.users
<password> below by a real, strong password.doveadm pw -s SSHA -p '<password>'
The password looks like this {SSHA}Tama1midwSV6XWTlonR6n6sNM8yuEPvv.
/usr/local/etc/nginx/netdata.users with your faviourite text
editor, add a line like below to create an account used to access netdata.
The format is <username>:<password>.postmaster@domain.com:{SSHA}Tama1midwSV6XWTlonR6n6sNM8yuEPvv
Now open a web browser and access url https://your-server/netdata/ (please
replace your-server by the real domain name), it will ask you to input
username and password for authentication, please use the account we just added
in file /usr/local/etc/nginx/netdata.users to login.
This is what you see after successfully logged in:
