Overview
Dovecot is the most widely used IMAP and POP3 mail server, providing secure mailbox access for end users. Monitoring Dovecot ensures your users can reliably access their email, authentication works correctly, and server resources stay healthy.
Prerequisites
- A Linux server running Dovecot
- Xitogent agent installed on the server
- An active Xitoring account
Step 1 — Install Xitogent
curl -s https://xitoring.com/install.sh | sudo bash -s -- --key=YOUR_API_KEY
Step 2 — Enable the Dovecot Integration
sudo xitogent integrate
Select Dovecot from the available integrations. Xitogent will detect your Dovecot installation and begin collecting metrics.
Key Metrics to Monitor
| Metric | Description |
|---|---|
| Active IMAP Connections | Number of concurrent IMAP sessions |
| Active POP3 Connections | Number of concurrent POP3 sessions |
| Authentication Success/Failure | Login attempt outcomes |
| Disk I/O | Mailbox read/write operations |
| CPU & Memory Usage | Resource consumption by Dovecot processes |
| Connection Rate | New connections per second |
Step 3 — Configure Triggers
- Authentication Failures (Critical) — Alert on spikes in failed logins, which may indicate brute-force attacks
- Connection Count (Warning) — Fires when concurrent connections approach server capacity
- High Resource Usage (Warning) — Triggers when Dovecot consumes excessive CPU or memory
Monitoring Strategy
Combine multiple approaches for complete mail server visibility:
- Xitogent Integration — Monitors Dovecot process metrics and performance
- IMAP Uptime Check — Create an IMAP check on port 993 (SSL) to verify the service is reachable
- POP3 Uptime Check — Monitor port 995 (SSL) if POP3 is enabled
- SSL Certificate Monitoring — Track certificate expiry for your mail server domain
Best Practices
- Monitor authentication patterns — Sudden spikes in failed logins are often brute-force attacks; integrate with fail2ban
- Track connection concurrency — Dovecot has configurable connection limits; monitor to avoid rejecting legitimate users
- Watch disk I/O — Maildir/mbox operations are I/O-intensive; combine with Disk Health integration for full visibility
- Pair with Postfix/Exim monitoring — Monitor both MTA (delivery) and MDA (access) for complete mail infrastructure coverage
Troubleshooting
- No metrics: Ensure Dovecot is running with
systemctl status dovecotand checkdoveadmaccess - High auth failures: Review
/var/log/mail.logfor source IPs and consider rate limiting - Connection refused: Verify Dovecot is listening on expected ports with
ss -tlnp | grep dovecot