diff --git a/src/eventlog.js b/src/eventlog.js
index 20581a2b4..2c8e9b8d5 100644
--- a/src/eventlog.js
+++ b/src/eventlog.js
@@ -18,12 +18,19 @@ exports = module.exports = {
     ACTION_APP_UNINSTALL: 'app.uninstall',
     ACTION_APP_UPDATE: 'app.update',
     ACTION_APP_LOGIN: 'app.login',
+
     ACTION_BACKUP_FINISH: 'backup.finish',
     ACTION_BACKUP_START: 'backup.start',
     ACTION_BACKUP_CLEANUP: 'backup.cleanup',
+
     ACTION_CERTIFICATE_RENEWAL: 'certificate.renew',
+
+    ACTION_MAILBOX_ADD: 'mailbox.add',
+    ACTION_MAILBOX_REMOVE: 'mailbox.remove',
+
     ACTION_START: 'cloudron.start',
     ACTION_UPDATE: 'cloudron.update',
+
     ACTION_USER_ADD: 'user.add',
     ACTION_USER_LOGIN: 'user.login',
     ACTION_USER_REMOVE: 'user.remove',
diff --git a/src/mail.js b/src/mail.js
index 8626d6235..d8410094f 100644
--- a/src/mail.js
+++ b/src/mail.js
@@ -51,6 +51,7 @@ var assert = require('assert'),
     debug = require('debug')('box:mail'),
     dns = require('./native-dns.js'),
     domains = require('./domains.js'),
+    eventlog = require('./eventlog.js'),
     infra = require('./infra_version.js'),
     mailboxdb = require('./mailboxdb.js'),
     maildb = require('./maildb.js'),
@@ -916,10 +917,11 @@ function getMailbox(name, domain, callback) {
     });
 }
 
-function addMailbox(name, domain, userId, callback) {
+function addMailbox(name, domain, userId, auditSource, callback) {
     assert.strictEqual(typeof name, 'string');
     assert.strictEqual(typeof domain, 'string');
     assert.strictEqual(typeof userId, 'string');
+    assert.strictEqual(typeof auditSource, 'object');
     assert.strictEqual(typeof callback, 'function');
 
     name = name.toLowerCase();
@@ -931,6 +933,8 @@ function addMailbox(name, domain, userId, callback) {
         if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(new MailError(MailError.ALREADY_EXISTS, `mailbox ${name} already exists`));
         if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
 
+        eventlog.add(eventlog.ACTION_MAILBOX_ADD, auditSource, { name, domain, userId });
+
         callback(null);
     });
 }
@@ -954,15 +958,18 @@ function updateMailbox(name, domain, userId, callback) {
     });
 }
 
-function removeMailbox(name, domain, callback) {
+function removeMailbox(name, domain, auditSource, callback) {
     assert.strictEqual(typeof domain, 'string');
     assert.strictEqual(typeof name, 'string');
+    assert.strictEqual(typeof auditSource, 'object');
     assert.strictEqual(typeof callback, 'function');
 
     mailboxdb.del(name, domain, function (error) {
         if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such mailbox'));
         if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
 
+        eventlog.add(eventlog.ACTION_MAILBOX_REMOVE, auditSource, { name, domain });
+
         callback(null);
     });
 }
diff --git a/src/routes/mail.js b/src/routes/mail.js
index 9767ddbbf..3b72b7da3 100644
--- a/src/routes/mail.js
+++ b/src/routes/mail.js
@@ -44,6 +44,11 @@ var assert = require('assert'),
 
 var mailProxy = middleware.proxy(url.parse('http://127.0.0.1:2020'));
 
+function auditSource(req) {
+    var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress || null;
+    return { ip: ip, username: req.user ? req.user.username : null, userId: req.user ? req.user.id : null };
+}
+
 function getDomain(req, res, next) {
     assert.strictEqual(typeof req.params.domain, 'string');
 
@@ -234,7 +239,7 @@ function addMailbox(req, res, next) {
     if (typeof req.body.name !== 'string') return next(new HttpError(400, 'name must be a string'));
     if (typeof req.body.userId !== 'string') return next(new HttpError(400, 'userId must be a string'));
 
-    mail.addMailbox(req.body.name, req.params.domain, req.body.userId, function (error) {
+    mail.addMailbox(req.body.name, req.params.domain, req.body.userId, auditSource(req), function (error) {
         if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
         if (error && error.reason === MailError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
         if (error && error.reason === MailError.BAD_FIELD) return next(new HttpError(400, error.message));
@@ -263,7 +268,7 @@ function removeMailbox(req, res, next) {
     assert.strictEqual(typeof req.params.domain, 'string');
     assert.strictEqual(typeof req.params.name, 'string');
 
-    mail.removeMailbox(req.params.name, req.params.domain, function (error) {
+    mail.removeMailbox(req.params.name, req.params.domain, auditSource(req), function (error) {
         if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
         if (error) return next(new HttpError(500, error));