diff --git a/src/routes/mailserver.js b/src/routes/mailserver.js
index dbe05e7e0..14cd39817 100644
--- a/src/routes/mailserver.js
+++ b/src/routes/mailserver.js
@@ -5,16 +5,14 @@ exports = module.exports = {
 };
 
 var addons = require('../addons.js'),
-    assert = require('assert'),
     BoxError = require('../boxerror.js'),
     middleware = require('../middleware/index.js'),
     HttpError = require('connect-lastmile').HttpError,
     url = require('url');
 
 function proxy(req, res, next) {
-    assert.strictEqual(typeof req.params.pathname, 'string');
-
     let parsedUrl = url.parse(req.url, true /* parseQueryString */);
+    const pathname = req.path.split('/').pop();
 
     // do not proxy protected values
     delete parsedUrl.query['access_token'];
@@ -25,7 +23,7 @@ function proxy(req, res, next) {
         if (error) return next(BoxError.toHttpError(error));
 
         parsedUrl.query['access_token'] = addonDetails.token;
-        req.url = url.format({ pathname: req.params.pathname, query: parsedUrl.query });
+        req.url = url.format({ pathname: pathname, query: parsedUrl.query });
 
         const proxyOptions = url.parse(`https://${addonDetails.ip}:3000`);
         proxyOptions.rejectUnauthorized = false;
diff --git a/src/server.js b/src/server.js
index efe9d58c2..2c302ded0 100644
--- a/src/server.js
+++ b/src/server.js
@@ -247,13 +247,9 @@ function initializeExpressSync() {
     router.post('/api/v1/settings/:setting',      json, token, authorizeAdmin, routes.settings.set);
 
     // email routes
-    router.get('/api/v1/mailserver/:pathname', token, (req, res, next) => {
-        // some routes are more special than others
-        if (req.params.pathname === 'eventlog' || req.params.pathname === 'clear_eventlog') {
-            return authorizeOwner(req, res, next);
-        }
-        authorizeAdmin(req, res, next);
-    }, routes.mailserver.proxy);
+    router.get ('/api/v1/mailserver/eventlog',          token, authorizeOwner, routes.mailserver.proxy);
+    router.get ('/api/v1/mailserver/usage',             token, authorizeAdmin, routes.mailserver.proxy);
+    router.post('/api/v1/mailserver/clear_eventlog',    token, authorizeOwner, routes.mailserver.proxy);
 
     router.get ('/api/v1/mail/:domain',                               token, authorizeAdmin, routes.mail.getDomain);
     router.get ('/api/v1/mail/:domain/status',                        token, authorizeAdmin, routes.mail.getStatus);