[
https://issues.apache.org/jira/browse/JAMES-3942?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
René Cordier resolved JAMES-3942.
---------------------------------
Fix Version/s: 3.9.0
Resolution: Done
[https://github.com/apache/james-project/pull/1738] implements this and has
been merged
> Audit user trails
> ------------------
>
> Key: JAMES-3942
> URL: https://issues.apache.org/jira/browse/JAMES-3942
> Project: James Server
> Issue Type: Improvement
> Reporter: Tran Hong Quan
> Priority: Major
> Fix For: 3.9.0
>
> Time Spent: 3h 20m
> Remaining Estimate: 0h
>
> Sometimes some users do some suspicious actions that could be harmful. It
> would be helpful if James' admin could monitor user trails to audit the
> potentially harmful actions.
> h2. Step 1: Audit trail implementation
> In james-core add a {{AuditTrail}} class allowing to log critical user
> actions accross the application.
> Usage:
> ```
> AuditTrail.entry()
> .username(() -> ...)
> .remoteIp(() -> ...)
> .userAgent(() -> ...)
> .protocol(() -> ...)
> .action(() -> ...)
> .parameters(() -> aMap)
> .log();
> ```
>
> Use SLF4J logger to back this.
> h2. Step 2: Use the audit trail where needed
> * SMTP authentication success including username
> * SMTP authentication failure including username
> * SMTP message spooled including mailId and mimeMessageId, sender,
> recipients
> * Recipient Rewritting ([x, y] rewritten in [w, y, z]) including mailId and
> mimeMessageId, sender, recipients before and after
> * LocalDelivery message including messageId, mailId and mimeMessageId,
> sender, recipients
> * MailRepository including mailId and mimeMessageId, sender, recipients
> * RemoteDelivery planned including mailId and mimeMessageId, sender,
> recipients
> * RemoteDelivery success
> * RemoteDelivery failure
> * JMAP email sent including mailId and mimeMessageId, sender, recipients
> * JMAP rights sharing changed including delegator and delegatee and user
> performing the action, mailboxId and rights
> * JMAP delegation including delegator and delegatee and user performing the
> action
> * LMTP email sent including mimeMessageId, MailId, sender, recipients
> * IMAP authentication success including username
> * IMAP authentication failure including username
> * IMAP expunge including list of messageIds
> * JMAP Email/set destroy including list of messageIds
> * JMAP forward/set including username and forward list
> * JMAP email read (need to be FetchType full) EmailFullViewFactory -
> including username and messageId
> * IMAP email read (need to be FetchType full) FetchProcessor - including
> username and messageId
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
