[Dovecot] mail_log_events, but who exactly triggered events? [feature request]

Arkadiusz Miśkiewicz arekm at maven.pl
Tue Feb 4 12:09:15 UTC 2014


On Thursday 30 of January 2014, Steffen Kaiser wrote:
> On Thu, 30 Jan 2014, Reindl Harald wrote:
> > Am 30.01.2014 12:04, schrieb Arkadiusz Miśkiewicz:
> >> On Thursday 30 of January 2014, Reindl Harald wrote:
> >>> Am 30.01.2014 10:50, schrieb Arkadiusz Miśkiewicz:
> >>>> mail_log_events is nice addition but how to log who exactly triggered
> >>>> particular event? For example 5 users from 5 IP addresses uses single
> >>>> imap user/mailbox.
> >>>> 
> >>>> One of them deletes email and I'm logging delete related events. The
> >>>> only logged thing is:
> >>>> 
> >>>> dovecot: imap(user): delete: box=INBOX, uid=673287,
> >>>> msgid=<some at thing>, size=1230

Here is a feature request:

Add optionally (or unconditionally) logging of session id in mail_log_events.

Timo, is this possible?

(the same session id that appears in login log entries: dovecot: imap-login: 
Login: user=<someone2>, method=PLAIN, rip=aaa, lip=yyy, 
mpid=11682, TLS, session=<U1lD9y3xoQBPuvZx>)

So for example this would get logged:
dovecot: imap(user): delete: box=INBOX, uid=673287, msgid=<some at thing>, 
size=1230, session=<U1lD9y3xoQBPuvZx>

> @Arkadiusz, please tell us, if 10 people use the same account name and
> password, how would you as a server behind the internet with a human
> brain differ those 10 individuals?
> 
> The only idea I, personally, have is the IP address: Do they connect from
> different IP addresses _all_ the time? No NAT involved? Do you know who
> uses which IP address _all_ the time? If so, Dovecot logs the IP address
> during login and you can associate a PID with an IP address, IMHO you can
> add the remote IP address to the log string. Check out the variables page
> in the Wiki.
> 
> But, frankly, _if_ you have someone, who is >>"bad" and deletes important
> mail<<, you should see >>sensible reason to disallow such work style<<.
> The next time you see yet another IP address and don't know the user
> again.

Ok, but why session id that's assigned at login cannot be logged in 
mail_log_events, too? Is there any technical problem with this approach?

It solves the problem (yes, assume different IP addresses; won't work 
obviously if the address is the same)

The discussion is now about changing the way service is used by people while 
I'm more interested in what dovecot can do or (enhancing) dovecot 
capabilities.

-- 
Arkadiusz Miśkiewicz, arekm / maven.pl


More information about the dovecot mailing list