Email Monitoring

[Scot L. Harris]

On Mon, 2005-07-18 at 13:43, David Benigni wrote:
> This subject has been covered a few times already.  I have the need to
> copy all incoming / outgoing messages from a particular user(s) to
> another mail box.  I can get the incoming easily.  The outgoing is the
> part that I'm struggling with.  I use sendmail.  I have seen a few
> options using MIMEDefang and milter-bcc.  MIMEDefang, from my
> understanding doesn't make it completely invisible.  So, has any one
> used milter-bcc or other options?


I forgot to mention the caveat for doing this.  Setting up milter-bcc or
other similar tools will only work for email that is sent through your
email server.  Users can and sometimes do configure their outbound SMTP
server to point to some other email server on the Internet.  Tools that
run on your email server will not be able to intercept those messages.

The same is true for users that use gmail or one of the other free email
accounts.  

You could try to block such connections at your firewall or try to log
such connections at the firewall.  However this becomes a cat and mouse
game for the most part.

In theory you could force all outgoing access to go through a proxy
server but then a user could write an application that tunnels through
the proxy server using an allowed protocol to hit a system on the
outside that would send his email from that server.

Most users would not know how to do this but depending on the user set
it can be done.

Just be aware that such tools are not fool proof.

-- 
Scot L. Harris
webid at cfl.rr.com

And now for something completely different.