[jira] [Resolved] (JAMES-3942) Audit user trails

Thu, 05 Oct 2023 19:13:03 -0700 


     [ 
https://issues.apache.org/jira/browse/JAMES-3942?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

René Cordier resolved JAMES-3942.
---------------------------------
    Fix Version/s: 3.9.0
       Resolution: Done

[https://github.com/apache/james-project/pull/1738] implements this and has 
been merged

> Audit user trails 
> ------------------
>
>                 Key: JAMES-3942
>                 URL: https://issues.apache.org/jira/browse/JAMES-3942
>             Project: James Server
>          Issue Type: Improvement
>            Reporter: Tran Hong Quan
>            Priority: Major
>             Fix For: 3.9.0
>
>          Time Spent: 3h 20m
>  Remaining Estimate: 0h
>
> Sometimes some users do some suspicious actions that could be harmful. It 
> would be helpful if James' admin could monitor user trails to audit the 
> potentially harmful actions.
> h2. Step 1: Audit trail implementation
> In james-core add a {{AuditTrail}} class allowing to log critical user 
> actions accross the application.
> Usage:
> ```
> AuditTrail.entry()
>     .username(() -> ...)
>     .remoteIp(() -> ...)
>     .userAgent(() -> ...)
>     .protocol(() -> ...)
>     .action(() -> ...)
>     .parameters(() -> aMap)
>     .log();
> ```
>  
> Use SLF4J logger to back this.
> h2. Step 2: Use the audit trail where needed
>  *  SMTP authentication success including username
>  *  SMTP authentication failure including username
>  *  SMTP message spooled including mailId and mimeMessageId, sender, 
> recipients
>  *  Recipient Rewritting ([x, y] rewritten in [w, y, z]) including mailId and 
> mimeMessageId, sender, recipients before and after
>  *  LocalDelivery message including messageId, mailId and mimeMessageId, 
> sender, recipients
>  *  MailRepository including mailId and mimeMessageId, sender, recipients
>  *  RemoteDelivery planned including mailId and mimeMessageId, sender, 
> recipients
>  *  RemoteDelivery success
>  *  RemoteDelivery failure
>  *  JMAP email sent including mailId and mimeMessageId, sender, recipients
>  *  JMAP rights sharing changed including delegator and delegatee and user 
> performing the action, mailboxId and rights
>  *  JMAP delegation including delegator and delegatee and user performing the 
> action
>  *  LMTP email sent including mimeMessageId, MailId, sender, recipients
>  *  IMAP authentication success including username
>  *  IMAP authentication failure including username
>  *  IMAP expunge including list of messageIds
>  *  JMAP Email/set destroy including list of messageIds
>  *  JMAP forward/set including username and forward list
>  *  JMAP email read (need to be FetchType full) EmailFullViewFactory - 
> including username and messageId
>  *  IMAP email read (need to be FetchType full) FetchProcessor - including 
> username and messageId



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

Reply via email to