To store log security details of mailbox access by others then the owner the enhanced security logging may be activated. This can be used to e.g. look for suspicious activity by users that have specific rights. The settings for this feature have been added to server.cfg using the parameters audit_log_enabled, audit_log_method (supporting syslog or file), the loglevel using audit_log_level and the audit_log_timestamp option.

The security logging was implemented using a 2 stage approach, storing essential information in syslog or file, and when required reading the logging with the use of a supplied log parser script.

The output is in human readable format like:

Allowed: Tue Mar 15 09:20:13 2011: access allowed rights=view type=folder objectid=store\4561\IPM_SUBTREE\Inbox username=Testuser2 ownername=Testuser1

Denied: Tue Mar 15 09:20:13 2011: access denied rights=view type=folder objectid=store\4561\IPM_SUBTREE\Inbox username=Testuser2 ownername=Testuser1