ELK stack / logging

[strarsis]

Is your feature request related to a problem? Please describe. Advanced logging analysis, finding trends, attacks, spamming, predicting disk space shortages, bandwidth issues, traffic overconsumption

Describe the solution you'd like Support for ELK stack for all mailcow dockerized services, so an ELK stack docker setup can be connected to it (either on same system or another one).

[patschi]

Docker by default logs all container output to /var/lib/docker/containers/. You can use any application or scripts to get this output and forward it to any log management of your choice, to further process the logs there. (I'm doing that this way without issues). The only negative side is that you're required to parse the JSON at some point.

[strarsis]

There is some log information that is notably useful for the postmaster: Rejected outbound mail due to valid issues like being blacklisted, SPF/DKIM/TLS error with other MTAs. Rejected inbound mail due to alias ownership/repeated failed login attempts from the same IP over days (which are probably legitimate login attempts that fail because of MUA config issues). Lots of unusual outbound mail (compromised mail account, spamming and viruses).

Some ELK filter/rules suite for mailcow would be awesome!

[patschi]

I'm sure it would be very useful and nice-to-know, but I believe it might be a bit out-of-scope of the core mailcow development. If some user wants to contribute some templates/filter/rule-sets for a ELK stack, I think the docs might be a good choice.