[Dovecot] mail_log_events, but who exactly triggered events? [feature request]

Steffen Kaiser skdovecot at smail.inf.fh-brs.de
Tue Feb 4 12:52:39 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 4 Feb 2014, Arkadiusz Miśkiewicz wrote:

> Date: Tue, 4 Feb 2014 13:09:15 +0100
> From: Arkadiusz Miśkiewicz <arekm at maven.pl>
> To: dovecot at dovecot.org
> Subject: Re: [Dovecot] mail_log_events,
>     but who exactly triggered events? [feature request]
> 
> On Thursday 30 of January 2014, Steffen Kaiser wrote:
>> On Thu, 30 Jan 2014, Reindl Harald wrote:
>>> Am 30.01.2014 12:04, schrieb Arkadiusz Miśkiewicz:
>>>> On Thursday 30 of January 2014, Reindl Harald wrote:
>>>>> Am 30.01.2014 10:50, schrieb Arkadiusz Miśkiewicz:
>>>>>> mail_log_events is nice addition but how to log who exactly triggered
>>>>>> particular event? For example 5 users from 5 IP addresses uses single
>>>>>> imap user/mailbox.
>>>>>>
>>>>>> One of them deletes email and I'm logging delete related events. The
>>>>>> only logged thing is:
>>>>>>
>>>>>> dovecot: imap(user): delete: box=INBOX, uid=673287,
>>>>>> msgid=<some at thing>, size=1230
>
> Here is a feature request:
>
> Add optionally (or unconditionally) logging of session id in mail_log_events.
>
> Timo, is this possible?
>
> (the same session id that appears in login log entries: dovecot: imap-login:
> Login: user=<someone2>, method=PLAIN, rip=aaa, lip=yyy,
> mpid=11682, TLS, session=<U1lD9y3xoQBPuvZx>)
>
> So for example this would get logged:
> dovecot: imap(user): delete: box=INBOX, uid=673287, msgid=<some at thing>,
> size=1230, session=<U1lD9y3xoQBPuvZx>

did you've tried this:
http://wiki2.dovecot.org/Variables
there is the session variable and the mail_log_prefix setting. Should 
work, IMHO.

>
>> @Arkadiusz, please tell us, if 10 people use the same account name and
>> password, how would you as a server behind the internet with a human
>> brain differ those 10 individuals?
>>
>> The only idea I, personally, have is the IP address: Do they connect from
>> different IP addresses _all_ the time? No NAT involved? Do you know who
>> uses which IP address _all_ the time? If so, Dovecot logs the IP address
>> during login and you can associate a PID with an IP address, IMHO you can
>> add the remote IP address to the log string. Check out the variables page
>> in the Wiki.
>>
>> But, frankly, _if_ you have someone, who is >>"bad" and deletes important
>> mail<<, you should see >>sensible reason to disallow such work style<<.
>> The next time you see yet another IP address and don't know the user
>> again.
>
> Ok, but why session id that's assigned at login cannot be logged in
> mail_log_events, too? Is there any technical problem with this approach?
>
> It solves the problem (yes, assume different IP addresses; won't work
> obviously if the address is the same)
>
> The discussion is now about changing the way service is used by people while
> I'm more interested in what dovecot can do or (enhancing) dovecot
> capabilities.
>
>

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUvDil3D1/YhP6VMHAQKYPAf/Y19YFhmfNUcOa8AckcE5u1G9b36za9MH
HS2hcTjKI4k1iKHFhMS7cdKoeH0uHQaq0SWOhqH8jAssDh+YpnOTrmAdr2gJDHVi
rX9JSXoD/VgkQKptoc+EEgumEnHIrdu0GNjp5Jz2kKjM0prv+GscTJuoaSMhOjr2
xL/BxW3q85HsGmSQbxbHp5mcZiBZe0WFrz0U/vAfA0LO/mUBYfNmze+BXM867asc
aMEtMk9JahBUEPuNOzxqU9Qf70LlYkfV2Fw48+tpuGByG7yjkI5OXc8Flh47Z0jN
4OAHSPwVblh7LJuOM7DAlpPO8mbJOlVhMVxDisazxDwHO1oTq1rnPQ==
=oGnE
-----END PGP SIGNATURE-----


More information about the dovecot mailing list