diff --git a/include/class-Log.php b/include/class-Log.php
index 26487c4..05966ee 100644
--- a/include/class-Log.php
+++ b/include/class-Log.php
@@ -1,162 +1,218 @@
 <?php
 # Copyright (C) 2018, 2019, 2020 Valerio Bozzolan
 # KISS Libre Hosting Panel
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as
 # published by the Free Software Foundation, either version 3 of the
 # License, or (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU Affero General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 
 // make sure that this class is loaded at startup
 class_exists( User::class );
 class_exists( Domain::class );
+class_exists( Mailbox::class );
 
 trait LogTrait {
 
 	/**
 	 * Get the log actor name
 	 *
 	 * @return string
 	 */
 	public function getLogActorFirm() {
 		return User::firm( $this->get( 'actor_uid' ) );
 	}
 
 	/**
 	 * Get the action family
 	 *
 	 * @return string
 	 */
 	public function getLogFamily() {
 		return $this->get( 'log_family' );
 	}
 
 	/**
 	 * Get the action
 	 */
 	public function getLogAction() {
 		return $this->get( 'log_action' );
 	}
 
 	/**
 	 * Get the action
 	 */
 	public function getLogDate() {
 		return $this->get( 'log_timestamp' );
 	}
 
 	/**
 	 * Get the log message
 	 *
 	 * @param  array $args Arguments
 	 * @return self
 	 */
 	public function getLogMessage( $args ) {
 
 		$family = $this->getLogFamily();
 		$action = $this->getLogAction();
 
 		// trigger the right message family
 		switch( $family ) {
 			case 'domain':
 				return self::domainMessage( $action, $this, $args );
+			case 'mailbox':
+				return self::mailboxMessage( $action, $this, $args );
 		}
 
 		return self::unknownAction( $family, $action );
 	}
 
 	/**
 	 * Get the log message alongside the date
 	 *
 	 * @param  array $args Arguments
 	 * @return self
 	 */
 	public function getLogMessageWithDate( $args ) {
 		return sprintf(
 			"%s - %s",
 			$this->getLogDate()->format( __( "Y-m-d H:i" ) ),
 			$this->getLogMessage( $args )
 		);
 	}
 
 	protected function normalizeLog() {
 		$this->datetimes( 'log_timestamp' );
 	}
 }
 
 /**
  * A generic log of an action
  *
  * Something happened. Dunno what.
  */
 class Log extends Queried {
 
 	use LogTrait;
 	use UserTrait;
 	use DomainTrait;
+	use MailboxTrait;
 
 	public function __construct() {
 		$this->normalizeLog();
 	}
 
 	/**
 	 * Database table name
 	 */
 	const T = 'log';
 
 	/**
 	 * Generate a Domain-related message
 	 *
 	 * @param  string $action The related action name
 	 * @param  object $log
 	 * @param  array  $args Arguments
 	 * @return string Message
 	 */
 	public static function domainMessage( $action, $log, $args ) {
 
 		/**
 		 * You can pass some objects to build the message:
 		 *
 		 * A complete 'actor' User object
 		 * A complete 'domain' Domain object
 		 */
 		$actor  = $args['actor']  ?? $log;
 		$domain = $args['domain'] ?? $log;
 		$plan   = $args['plan']   ?? $log;
 
 		// create the Actor firm from the passed User object or from the Log
 		$actor_firm = $actor instanceof User
 			? $actor->getUserFirm()
-		        : $log->getLogActorFirm();
+		        : $actor->getLogActorFirm();
 
 		switch( $action ) {
 
 			// an administrator has changed the Plan for a Domain
 			case 'plan.change':
 				return sprintf(
 					__( "%s changed the Plan for %s to %s" ),
 					$actor_firm,
 					$domain->getDomainFirm(),
 					esc_html( $plan->getPlanName() )
 				);
 		}
 
+		// default dummy message
 		return self::unknownAction( 'domain', $action );
 	}
 
+	/**
+	 * Generate a Mailbox-related message
+	 *
+	 * @param  string $action The related action name
+	 * @param  object $log
+	 * @param  array  $args Arguments
+	 * @return string Message
+	 */
+	public static function mailboxMessage( $action, $log, $args ) {
+
+		/**
+		 * You can pass some objects to build the message:
+		 *
+		 * A complete 'actor'   User object
+		 * A complete 'domain'  Domain object
+		 * A complete 'mailbox' Mailbox object
+		 */
+		$actor   = $args['actor']   ?? $log;
+		$domain  = $args['domain']  ?? $log;
+		$mailbox = $args['mailbox'] ?? $log;
+
+		// create the Actor firm from the passed User object or from the Log
+		$actor_firm = $actor instanceof User
+			? $actor->getUserFirm()
+		        : $actor->getLogActorFirm();
+
+		$mailbox_firm = $mailbox->getMailboxFirm();
+
+		// trigger the right action message
+		switch( $action ) {
+
+			// the mailbox was created
+			case 'create':
+				return sprintf(
+					__( "%s created the mailbox %s" ),
+					$actor_firm,
+					$mailbox_firm
+				);
+
+			case 'description.change':
+				return sprintf(
+					__( "%s edited description of %s" ),
+					$actor_firm,
+					$mailbox_firm
+				);
+		}
+
+		// default dummy message
+		return self::unknownAction( 'mailbox', $action );
+	}
+
 	private static function unknownAction( $family, $action ) {
 		return esc_html( sprintf(
 			__( "misterious action about %s (%s)" ),
 			$family,
 			$action
 		) );
 	}
 }
diff --git a/include/class-Mailbox.php b/include/class-Mailbox.php
index 82626fc..fea2c7d 100644
--- a/include/class-Mailbox.php
+++ b/include/class-Mailbox.php
@@ -1,230 +1,237 @@
 <?php
 # Copyright (C) 2018, 2019, 2020 Valerio Bozzolan
 # Boz Libre Hosting Panel
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as
 # published by the Free Software Foundation, either version 3 of the
 # License, or (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU Affero General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 
 // load dependent traits
 class_exists( 'Domain' );
 
 trait MailboxTrait {
 
 	use DomainTrait;
 
 	/**
 	 * Get the Mailbox ID
 	 *
 	 * @return int
 	 */
 	public function getMailboxID() {
 		return $this->get( 'mailbox_ID' );
 	}
 
 	/**
 	 * Get the mailbox username
 	 *
 	 * @return string
 	 */
 	public function getMailboxUsername() {
 		return $this->get( 'mailbox_username' );
 	}
 
 	/**
 	 * Get the mailbox address
 	 *
 	 * @return string E-mail
 	 */
 	public function getMailboxAddress() {
 		return sprintf( "%s@%s",
 			$this->get( 'mailbox_username' ),
 			$this->get( 'domain_name' )
 		);
 	}
 
 	/**
 	 * Get the mailbox description (if any)
 	 *
 	 * @return string
 	 */
 	public function getMailboxDescription() {
 		return $this->get( 'mailbox_description' );
 	}
 
 	/**
 	 * Get the mailbox permalink
 	 *
 	 * @return string
 	 */
 	public function getMailboxPermalink( $absolute = false ) {
 		return Mailbox::permalink(
 			$this->get( 'domain_name' ),
 			$this->get( 'mailbox_username' )
 		);
 	}
 
+	public function getMailboxFirm() {
+		return HTML::a(
+			$this->getMailboxPermalink(),
+			esc_html( $this->getMailboxAddress() )
+		);
+	}
+
 	/**
 	 * Update this mailbox password
 	 *
 	 * @param  string $password
 	 * @return string
 	 */
 	public function updateMailboxPassword( $password = null ) {
 		if( ! $password ) {
 			$password = generate_password();
 		}
 
 		$enc_password = Mailbox::encryptPassword( $password );
 
 		query( 'START TRANSACTION' );
 
 		// update
 		( new MailboxAPI() )
 			->whereMailbox( $this )
 			->update( [
 				new DBCol( 'mailbox_password', $enc_password, 's' ),
 			] );
 
 	        // register this event in the registry
 	        APILog::insert( [
 	                'family'  => 'mailbox',
 	                'action'  => 'newpassword',
 	                'mailbox' => $this,
 	        ] );
 
 		query( 'COMMIT' );
 
 		return $password;
 	}
 
 	/**
 	 * Get the last size in bytes
 	 *
 	 * @return int
 	 */
 	public function getMailboxLastSizeBytes() {
 		return $this->get( 'mailbox_lastsizebytes' );
 	}
 
 	/**
 	 * Normalize a Mailbox after being fetched from database
 	 */
 	protected function normalizeMailbox() {
 		$this->normalizeDomain();
 		$this->integers( 'mailbox_ID',
 		                 'mailbox_lastsizebytes' );
 		$this->booleans( 'mailbox_receive' );
 	}
 
 	/**
 	 * Get the mailbox filesystem pathname in the MTA host
 	 *
 	 * TODO: actually all the mailbox are on the same host.
 	 * Then, we should support multiple hosts.
 	 *
 	 * @return string
 	 */
 	public function getMailboxPath() {
 
 		// require a valid filename or throw
 		$mailbox_user = $this->getMailboxUsername();
 		require_safe_dirname( $mailbox_user );
 
 		// mailboxes are stored under a $BASE/domain/username filesystem structure
 		return $this->getDomainMailboxesPath() . __ . $mailbox_user;
 	}
 }
 
 /**
  * A mailbox
  */
 class Mailbox extends Queried {
 
 	use MailboxTrait;
 
 	/**
 	 * Database table
 	 */
 	const T = 'mailbox';
 
 	/**
 	 * Constructor
 	 */
 	public function __construct() {
 		$this->normalizeMailbox();
 	}
 
 	/**
 	 * Get the mailbox permalink
 	 *
 	 * @param $domain string
 	 * @param $mailbox string
 	 * @param $absolute boolean
 	 * @return string
 	 */
 	public static function permalink( $domain, $mailbox = null, $absolute = false ) {
 		$part = site_page( 'mailbox.php', $absolute ) . _ . $domain;
 		if( $mailbox ) {
 			$part .= _ . $mailbox;
 		}
 		return $part;
 	}
 
 	/**
 	 * Encrypt a password
 	 *
 	 * @param string $password Clear text password
 	 * @return string          One-way encrypted password
 	 */
 	public static function encryptPassword( $password ) {
 		global $HOSTING_CONFIG;
 
 		// the Mailbox password encryption mechanism can be customized
 		if( isset( $HOSTING_CONFIG->MAILBOX_ENCRYPT_PWD ) ) {
 			return call_user_func( $HOSTING_CONFIG->MAILBOX_ENCRYPT_PWD, $password );
 		}
 
 		// or then just a default behaviour
 
 		/**
 		 * The default behaviour is to adopt the crypt() encryption mechanism
 		 * with SHA512 and some random salt. It's strong enough nowadays.
 		 *
 		 * Read your MTA/MDA documentation, whatever you are using.
 		 * We don't know how your infrastructure works, so we don't know
 	 	 * how you want your password encrypted in the database and what kind
 		 * of password encryption mechanisms your MTA/MDA supports.
 		 *
 		 * In short if you are using Postfix this default configuration may work
 		 * because you may have Postfix configured as follow:
 		 *
 		 * Anyway you can use whatever MTA/MDA that talks with a MySQL database
 		 * and so you should adopt the most stronger encryption mechanism available.
 		 *
 		 *   https://doc.dovecot.org/configuration_manual/authentication/password_schemes/
 		 */
 
 		$salt = bin2hex( openssl_random_pseudo_bytes( 3 ) );
 		return '{SHA512-CRYPT}' . crypt( $password, "$6$$salt" );
 	}
 
 	/**
 	 * Force to get a Mailbox ID, whatever is passed
 	 *
 	 * @param  mixed $mailbox Mailbox object or Mailbox ID
 	 * @return int
 	 */
 	public static function getID( $mailbox ) {
 		return is_object( $mailbox ) ? $mailbox->getMailboxID() : (int)$mailbox;
 	}
 }