[jira] [Created] (JAMES-3942) Audit user trails

Mon, 25 Sep 2023 00:40:05 -0700 

Tran Hong Quan created JAMES-3942:
-------------------------------------

             Summary: Audit user trails 
                 Key: JAMES-3942
                 URL: https://issues.apache.org/jira/browse/JAMES-3942
             Project: James Server
          Issue Type: Improvement
            Reporter: Tran Hong Quan


Sometimes some users do some suspicious actions that could be harmful. It would 
be helpful if James' admin could monitor user trails to audit the potentially 
harmful actions.
h2. Step 1: Audit trail implementation

In james-core add a {{AuditTrail}} class allowing to log critical user actions 
accross the application.

Usage:

```
AuditTrail.entry()
    .username(() -> ...)
    .remoteIp(() -> ...)
    .userAgent(() -> ...)
    .protocol(() -> ...)
    .action(() -> ...)
    .parameters(() -> aMap)
    .log();
```
 
Use SLF4J logger to back this.
h2. Step 2: Use the audit trail where needed
 *  SMTP authentication success including username
 *  SMTP authentication failure including username
 *  SMTP message spooled including mailId and mimeMessageId, sender, recipients
 *  Recipient Rewritting ([x, y] rewritten in [w, y, z]) including mailId and 
mimeMessageId, sender, recipients before and after
 *  LocalDelivery message including messageId, mailId and mimeMessageId, 
sender, recipients
 *  MailRepository including mailId and mimeMessageId, sender, recipients
 *  RemoteDelivery planned including mailId and mimeMessageId, sender, 
recipients
 *  RemoteDelivery success
 *  RemoteDelivery failure
 *  JMAP email sent including mailId and mimeMessageId, sender, recipients
 *  JMAP rights sharing changed including delegator and delegatee and user 
performing the action, mailboxId and rights
 *  JMAP delegation including delegator and delegatee and user performing the 
action
 *  LMTP email sent including mimeMessageId, MailId, sender, recipients
 *  IMAP authentication success including username
 *  IMAP authentication failure including username
 *  IMAP expunge including list of messageIds
 *  JMAP Email/set destroy including list of messageIds
 *  JMAP forward/set including username and forward list
 *  JMAP email read (need to be FetchType full) EmailFullViewFactory - 
including username and messageId
 *  IMAP email read (need to be FetchType full) FetchProcessor - including 
username and messageId



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to