[Dovecot] mail_log_events, but who exactly triggered events?
Arkadiusz Miśkiewicz
arekm at maven.pl
Thu Jan 30 13:04:00 EET 2014
On Thursday 30 of January 2014, Reindl Harald wrote:
> Am 30.01.2014 10:50, schrieb Arkadiusz Miśkiewicz:
> > mail_log_events is nice addition but how to log who exactly triggered
> > particular event? For example 5 users from 5 IP addresses uses single
> > imap user/mailbox.
> >
> > One of them deletes email and I'm logging delete related events. The only
> > logged thing is:
> >
> > dovecot: imap(user): delete: box=INBOX, uid=673287, msgid=<some at thing>,
> > size=1230
> >
> > which tells me nothing about who triggered it actually (note all 5 users
> > were logged in at deletion time)
> >
> > How to solve this problem?
>
> do not share user-logins
I'm not sharing. Customers are.
> don't do that for any service, not only mail
That impossible to make.
Customer creates login "abc" on my server and gives it to 10 employees to
watch that mailbox.
10 employees log in to that single accound and do some actions. One of them is
"bad" and deletes important mail. I want to be able to figure which one.
I have no control over customers. Also I see no sensible reason to disallow
such work style.
> that's why ACL / shared mailboxes exists because in that case
> you have the unique username in the logs instead always the
> same one
When customers log in:
dovecot: pop3-login: Login: user=<someone1>, method=PLAIN, rip=xxx, lip=yyy,
mpid=11680, session=<MR9D9y3xhwBb6rD1>
dovecot: imap-login: Login: user=<someone2>, method=PLAIN, rip=aaa, lip=yyy,
mpid=11682, TLS, session=<U1lD9y3xoQBPuvZx>
session id is logged. Now how to get that id logged in mail_log_events lines?
--
Arkadiusz Miśkiewicz, arekm / maven.pl
More information about the dovecot
mailing list