logging inbound/outbound email

logging inbound/outbound email

Post by Jason D. Kelleh » Thu, 18 Sep 1997 04:00:00



    Ok, here's the problem:

    The "Powers That BE" decided that the company could be held liable
if an employee emailed confidential information to the wrong people.
So, an our new email policy states that all email messages are company
records and employees have no expectation of privacy with regard to
email.

    Now, I've been given the task of archiving all email entering, or
leaving, our domain.  I doubt I'm the first guy to ever work for a
paranoid company, so would anyone who has already done this care to
point me in the right direction?

    Right now I have two ideas:

        1) Setup rule sets like check_mail and check_rcpt which somehow
           blind carbon-copy an address if the sender or recipient is
           not from our domain.  This would be nice, but I don't think it's
           possible.

        2) Use two different sendmail daemons on the Internet mail
           relay.  The first would have a delivery agent which bcc's
           all messages to an internal "dummy" account and then queue'd
           the mail for a separate sendmail (w/ the "real" .cf) to
           deliver.

    We're running sendmail 8.8.7, but changing that is no big deal.

    Any and all comments would be greatly appreciated.

--
Jason D. Kelleher              Systems Administrator


 
 
 

logging inbound/outbound email

Post by Nick Maclar » Thu, 18 Sep 1997 04:00:00



|>
|>     The "Powers That BE" decided that the company could be held liable
|> if an employee emailed confidential information to the wrong people.
|> So, an our new email policy states that all email messages are company
|> records and employees have no expectation of privacy with regard to
|> email.
|>
|>     Right now I have two ideas:
|>
|>         1) Setup rule sets like check_mail and check_rcpt which somehow
|>            blind carbon-copy an address if the sender or recipient is
|>            not from our domain.  This would be nice, but I don't think
|>         it's possible.

Why not?  I doubt that you can do it with sendmail, but you almost
certainly can using something like Exim.  I run Exim allowing local
mail (unlogged), and returning all mail bound for outside with a rude
message and a copy to the administrator (me).

Similarly, I bounce all external mail hard.  For reasons to do with
the RFC etc., the typical diagnostic is "unknown domain".  Mailers
that ignore the 'permanent error' flag tend to go into a loop, but
that is their problem.

Now, I am NOT a mailer expert, so I got help from our local experts in
setting this up, but I am 99% sure that you could do what you want
very simply (once you have worked out how to do it, which may take a
bit of time!)

Nick Maclaren,
University of Cambridge Computer Laboratory,
New Museums Site, Pembroke Street, Cambridge CB2 3QG, England.

Tel.:  +44 1223 334761    Fax:  +44 1223 334679

 
 
 

logging inbound/outbound email

Post by Tim Cut » Thu, 18 Sep 1997 04:00:00




>Why not?  I doubt that you can do it with sendmail, but you almost
>certainly can using something like Exim.  I run Exim allowing local
>mail (unlogged), and returning all mail bound for outside with a rude
>message and a copy to the administrator (me).

With exim it is pretty trivial.  A global filter file of:

# Exim filter
unseen save /some/filename

which will save a copy of every mail message passing in or out to one
huge mailbox, /some/filename

With a *y bit more effort you could change this to save only mail
originating in your organisation (which I assume is what you are
after)

Tim.

 
 
 

logging inbound/outbound email

Post by Jason D. Kelleh » Thu, 18 Sep 1997 04:00:00


    I hate following up to my own posts, but considering some of the
email I've received I guess I didn't make a few things clear.

    First, what I've been asked to do is not illegal under the
Electronic Communications Privacy Act.  All employees have given
consent.

    Second, I know there are a million (slight exaggeration) other ways
of passing confidential information (HTTP, FTP, NNTP, etc..), but I was
only asked to log all email.  For now, that's the only issue.

    Again, thanks for all comments.

--
Jason D. Kelleher              Systems Administrator




>    Ok, here's the problem:

>    The "Powers That BE" decided that the company could be held liable
>if an employee emailed confidential information to the wrong people.
>So, an our new email policy states that all email messages are company
>records and employees have no expectation of privacy with regard to
>email.

>    Now, I've been given the task of archiving all email entering, or
>leaving, our domain.  I doubt I'm the first guy to ever work for a
>paranoid company, so would anyone who has already done this care to
>point me in the right direction?

>    Right now I have two ideas:

>        1) Setup rule sets like check_mail and check_rcpt which somehow
>           blind carbon-copy an address if the sender or recipient is
>           not from our domain.  This would be nice, but I don't think it's
>       possible.

>        2) Use two different sendmail daemons on the Internet mail
>           relay.  The first would have a delivery agent which bcc's
>           all messages to an internal "dummy" account and then queue'd
>           the mail for a separate sendmail (w/ the "real" .cf) to
>           deliver.

>    We're running sendmail 8.8.7, but changing that is no big deal.

>    Any and all comments would be greatly appreciated.

>--
>Jason D. Kelleher              Systems Administrator



 
 
 

logging inbound/outbound email

Post by Scott Schwart » Thu, 18 Sep 1997 04:00:00



Quote:> We're running sendmail 8.8.7, but changing that is no big deal.

Fetch qmail (http://www.qmail.org), read FAQ 8.2, compile, install
enjoy.
 
 
 

logging inbound/outbound email

Post by Dave Sil » Fri, 19 Sep 1997 04:00:00



Quote:>     Now, I've been given the task of archiving all email entering, or
> leaving, our domain.

If you absolutely, positively have to log all mail going out, you'll
have to set up a firewall and block outgoing SMTP connections from
machines behind the firewall to prevent messages from bypassing your
MTA's. There are still lots of open relays available, and it's a
simple matter to configure most mail agents to use one of them. If you
just want to go through the motions of logging all mail to satisfy the
suits, you can skip this step. :-)

Quote:>     We're running sendmail 8.8.7, but changing that is no big deal.

Switch to qmail and you'll see greatly improved security and
performance, as well as simpler configuration.

--

Lockheed Martin Energy Research   Oak Ridge National Lab   Workstation Support
Take the qmail Challenge. See <URL:http://web.infoave.net/~dsill/qmail.html>

 
 
 

logging inbound/outbound email

Post by Nick Maclar » Fri, 19 Sep 1997 04:00:00


|>
|> If you absolutely, positively have to log all mail going out, you'll
|> have to set up a firewall and block outgoing SMTP connections from
|> machines behind the firewall to prevent messages from bypassing your
|> MTA's. There are still lots of open relays available, and it's a
|> simple matter to configure most mail agents to use one of them. If you
|> just want to go through the motions of logging all mail to satisfy the
|> suits, you can skip this step. :-)

That is true, but it isn't quite that black and white.  In English law,
an organisation is responsible for the acts of its employees while they
are following instructions or acting in good faith on behalf of the
organisation.  If they have broken the rules too grossly, their actions
can be denied and the organisation cannot be sued for their misconduct.
It isn't as simple as that, but is along those lines.

So it is probably enough to log all mail and issue a fiat that it is a
sacking offence to use a private mailer (or SMTP directly), especially
as few vendors provide a way of restricting SMTP.  But anyone found
breaking the rules HAS to be sacked for this approach to work.

Nick Maclaren,
University of Cambridge Computer Laboratory,
New Museums Site, Pembroke Street, Cambridge CB2 3QG, England.

Tel.:  +44 1223 334761    Fax:  +44 1223 334679

 
 
 

logging inbound/outbound email

Post by Roger Boo » Fri, 19 Sep 1997 04:00:00


: That is true, but it isn't quite that black and white.  In English law,
: an organisation is responsible for the acts of its employees while they
: are following instructions or acting in good faith on behalf of the
: organisation.  If they have broken the rules too grossly, their actions
: can be denied and the organisation cannot be sued for their misconduct.
: It isn't as simple as that, but is along those lines.

But that's English law, where they try to be reasonable about litigation.
The original poster is working under US law, where being 1% at fault
can cost you big bucks, and having someone working for you is almost
1% in and of itself.

It is rather ridiculous, and one of the biggest failings of the
US Government and dealing with business.

"Oh, the foot of my ladder melted a pile of cow manure, slipping with
me on it and making me fall, thus hurting myself.  I think I'll sue
the ladder manufacturer."

Roger

The US, where being stupid costs other people big money, and the lawyers
make out.
----------------------------------------------------------------------
The reply-to: address in the headers is a valid address, if you want
to send me e-mail just hit reply and it should work fine.  If your
newsreader is broken and can't deal with that then send your e-mail

----------------------------------------------------------------------

 
 
 

logging inbound/outbound email

Post by Ian Stirlin » Fri, 19 Sep 1997 04:00:00




: >     Now, I've been given the task of archiving all email entering, or
: > leaving, our domain.

: If you absolutely, positively have to log all mail going out, you'll
: have to set up a firewall and block outgoing SMTP connections from

And http to hotmail, etc.

--
Ian Stirling.   Designing a linux PDA, see  http://www.mauve.demon.co.uk/
-----******* If replying by email, check notices in header *******-------
What a wonderfull world it is that has girls in it!     Robert A Heinlein.

 
 
 

logging inbound/outbound email

Post by Jorge Miguel Guilherme - L » Sat, 20 Sep 1997 04:00:00



:     Now, I've been given the task of archiving all email entering, or
: leaving, our domain.  I doubt I'm the first guy to ever work for a
: paranoid company, so would anyone who has already done this care to
: point me in the right direction?

 Actually that setup can come handy in some networks.
 In fact I might have to do that to. The ideia is to have two mail machines,
one used by the Outside and the other used by the Inside. And for redundancy
in case of some failure they bouth have the mailboxes. Of course that there
is some automated way to delete the old messages.
 I know that very litle can be gained with that but doesn't hurt much.

--
      Jorge Guilherme

 
 
 

logging inbound/outbound email

Post by Bruce Ginger » Sat, 20 Sep 1997 04:00:00





Quote:> |>     The "Powers That BE" decided that the company could be held liable
> |> if an employee emailed confidential information to the wrong people.
> |> So, an our new email policy states that all email messages are company
> |> records and employees have no expectation of privacy with regard to
> |> email.
> Why not?  I doubt that you can do it with sendmail, but you almost
> certainly can using something like Exim.

I'm following up with the "jist" of some E-Mail discussions, because
this is getting to be a FAQ!

Run sendmail in queue-only mode for all SMTP connections and do NOT
allow other local invocations of it.  Periodically (e.g. under cron)
process from Queue-to-queue, inserting the required added delivery
address (as if it were a Bcc), as the control files are transferred
to the outbound queue.  The related data file than can be just moved.
Perhaps run with -q365d and make sure it is restarted more than once
a year.  I've not checked for "sane values" checks on the -q flag.

    ( DeliveryMode = q  or  d )

After all (or a given number) of messages are moved to the outbound
queue, launch a second sendmail for delivery ONLY of those messages
which have already been processed (run the 2nd queue).  Expire it
when the queue is empty.

An alternative is to force queue-on-reception and use

    confMIN_QUEUE_AGE

to allow processing of the message control file while it sits in the
queue.  (Can someone confirm that no immediate delivery attempt is
made with a non-zero value here?)

This solution gives "normal care" for archiving a blind copy of all
E-Mail selected in the queue-to-queue transfer.  It most expressly
does NOT prevent a deliberate attempt to bypass the provision!  To do
that, this queue-to-queue transfer must be the ONLY possible means
of getting mail out - that means NO World Wide Web, NO other services
crossing the firewall!  NOTHING that could allow a transmission to
the outside.

Still, it's a technological hack to solve a human-resources problem.

        Bruce Gingery

 
 
 

logging inbound/outbound email

Post by Nick Maclar » Sat, 20 Sep 1997 04:00:00


|>
|> I'm following up with the "jist" of some E-Mail discussions, because
|> this is getting to be a FAQ!
|>
|> Run sendmail in queue-only mode for all SMTP connections and do NOT
|> allow other local invocations of it.  ...

There lies the rub.  There are an awful lot of applications which
REQUIRE a fairly 'standard version of sendmail to be available for
local delivery.  NQS, some print services, etc.  That solution may
work for you, but won't work in general.

Nick Maclaren,
University of Cambridge Computer Laboratory,
New Museums Site, Pembroke Street, Cambridge CB2 3QG, England.

Tel.:  +44 1223 334761    Fax:  +44 1223 334679

 
 
 

logging inbound/outbound email

Post by James FitzGibb » Sat, 20 Sep 1997 04:00:00


Quote:>        1) Setup rule sets like check_mail and check_rcpt which somehow
>           blind carbon-copy an address if the sender or recipient is
>           not from our domain.  This would be nice, but I don't think it's
>       possible.

Probably not in check_mail, but in checkcompat() (not the ruleset, but the
function in conf.c), you could.

The flow would be something like this :

int
checkcompat( to, e )
        register ADDRESS *to;
        register ENVELOPE *e;
{
        char value[MAXLINE];

        if( ( wordinclass( to.q_host, 'w' ) == FALSE ) ||
                ( wordinclass( e->e_from.q_host, 'w' ) == FALSE ) ) {

                (void)addheader( "Bcc", value, e->e_header );
        }

Quote:}

I'm not a C programmer by trade, but I think the logic there is sound.  Other
people on this list could probably clean it up a bit.  This is all from
chapter of 20 of Sendmail 2nd edition.

--
j.


System Integrator, ACC TelEnterprises             Voice/Fax (416)207-7171/7123

 
 
 

logging inbound/outbound email

Post by Greg Wilki » Sat, 20 Sep 1997 04:00:00



Quote:> ...

>So it is probably enough to log all mail and issue a fiat that it is a
>sacking offence to use a private mailer (or SMTP directly), especially
>as few vendors provide a way of restricting SMTP.  But anyone found
>breaking the rules HAS to be sacked for this approach to work.

What do you mean especially as few vendors provide ways to restrict
SMTP? It is easy, you put in a firewall, remove the SMTP
protocol/port, have your internal e-mail server be the only one
allowed in and out of that port - and you're done!

>Nick Maclaren,
>University of Cambridge Computer Laboratory,
>New Museums Site, Pembroke Street, Cambridge CB2 3QG, England.

>Tel.:  +44 1223 334761    Fax:  +44 1223 334679

Gregory J. Wilkins
Information Systems Manager
Wye Technologies, Inc.
700 S. Illinois Ave. Suite A-102
Oak Ridge, TN  37830

http://www.wye.com
 
 
 

logging inbound/outbound email

Post by Jason D. Kelleh » Tue, 23 Sep 1997 04:00:00





>|>
>|> I'm following up with the "jist" of some E-Mail discussions, because
>|> this is getting to be a FAQ!
>|>
>|> Run sendmail in queue-only mode for all SMTP connections and do NOT
>|> allow other local invocations of it.  ...

>There lies the rub.  There are an awful lot of applications which
>REQUIRE a fairly 'standard version of sendmail to be available for
>local delivery.  NQS, some print services, etc.  That solution may
>work for you, but won't work in general.

    Actually, since this will have to run on a restricted machine.  (You
can send email w/ a telnet session...) We can make the assumption that
any local invocations of sendmail will be started for benign
purposes...

--
Jason D. Kelleher              Systems Administrator


 
 
 

1. log a user's inbound/outbound mail?

Hello fellow Linux users.. I managing a linux server that a lot of users
use, and we have a certain user we suspect is doing illicit activity
through e-mail. However, he promptly cleans his sent-mail and incoming
mailbox, so we do not have any proof but the audit trails /etc/maillog
leaves(which don't tell us the contents of the message). I am wondering,
for this and for future reference, is there a way to save a copy of a
user's inbound and/or outbound mail to a file without his/her knowledge?
We're running RedHat 6.0 with kernel 2.2.5.

Thanks a bunch,
Joe

2. Again: How do I know I am running a term on X?

3. iptables - opening an inbound port but allowing access to all machines outbound

4. Problem with EEPRO

5. Best way to intercept inbound and outbound TCP packets

6. Linux/GNU?

7. NETWORK--Outbound TELNET ok but Inbound TELNET fails

8. Q re sticky bit on regular files

9. Control Inbound and Outbound packets

10. How to save ALL inbound and outbound mail

11. all outbound and inbound mail forwarded to an account

12. deny inbound ping; allow outbound?

13. turning off inbound services, but not outbound