diff --git a/setup/login-alerts.sh b/setup/login-alerts.sh
new file mode 100644
index 00000000..c5dd53c8
--- /dev/null
+++ b/setup/login-alerts.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# Create a script to be called when a user logs in
+cat << 'EOF' > /etc/ssh/login-alert.sh
+#!/bin/bash
+
+source /etc/mailinabox.conf # load global vars
+
+if [ "$PAM_TYPE" != "close_session" ]; then
+    # send alert
+    sendEmail -q -f "bot@$PRIMARY_HOSTNAME" -t "admin@$PRIMARY_HOSTNAME" -u "SSH Login: $PAM_USER from $PAM_RHOST" -m "If you don't recognize this login, your key or password may be compromised."
+fi
+EOF
+
+chmod +x /etc/ssh/login-alert.sh # make script executable
+
+if grep -Fq "login-alert" /etc/pam.d/sshd # if line has already been added to sshd
+then
+    : # do nothing
+else
+    echo 'session optional pam_exec.so seteuid /etc/ssh/login-alert.sh' >> /etc/pam.d/sshd # otherwise add the line
+fi
diff --git a/setup/start.sh b/setup/start.sh
index 04096474..b58984e2 100755
--- a/setup/start.sh
+++ b/setup/start.sh
@@ -102,6 +102,7 @@ source setup/dns.sh
 source setup/mail-postfix.sh
 source setup/mail-dovecot.sh
 source setup/mail-users.sh
+source setup/login-alerts.sh
 source setup/dkim.sh
 source setup/spamassassin.sh
 source setup/web.sh