On Thursday 30 of January 2014, Reindl Harald wrote:
Am 30.01.2014 10:50, schrieb Arkadiusz Miśkiewicz:
mail_log_events is nice addition but how to log who exactly triggered particular event? For example 5 users from 5 IP addresses uses single imap user/mailbox.
One of them deletes email and I'm logging delete related events. The only logged thing is:
dovecot: imap(user): delete: box=INBOX, uid=673287, msgid=some@thing, size=1230
which tells me nothing about who triggered it actually (note all 5 users were logged in at deletion time)
How to solve this problem?
do not share user-logins
I'm not sharing. Customers are.
don't do that for any service, not only mail
That impossible to make.
Customer creates login "abc" on my server and gives it to 10 employees to watch that mailbox.
10 employees log in to that single accound and do some actions. One of them is "bad" and deletes important mail. I want to be able to figure which one.
I have no control over customers. Also I see no sensible reason to disallow such work style.
that's why ACL / shared mailboxes exists because in that case you have the unique username in the logs instead always the same one
When customers log in: dovecot: pop3-login: Login: user=<someone1>, method=PLAIN, rip=xxx, lip=yyy, mpid=11680, session=<MR9D9y3xhwBb6rD1> dovecot: imap-login: Login: user=<someone2>, method=PLAIN, rip=aaa, lip=yyy, mpid=11682, TLS, session=<U1lD9y3xoQBPuvZx>
session id is logged. Now how to get that id logged in mail_log_events lines?
-- Arkadiusz Miśkiewicz, arekm / maven.pl