Security Basics mailing list archives
Re: outgoing email monitoring
From: gjgowey () tmo blackberry net
Date: Tue, 1 May 2007 21:45:00 +0000
Your problem is a lot more complicated than it would appear at first glance. What you want is every email to be delayed for a few hours from when it is sent so they can be examined. Most mailers (including exchange) have a configuration that can be modified as to when the MTA will send all queued messages, but this is not what you are looking for since a person could send a message 1 minute before the delivery time. Further complicating matters is the possible use of a free webmail service, ssh, scp, ftp, or im. All of which all files to go through without being seen by your mail server. To make your network leak proof you essentially need a central proxy that all internet traffic goes through. You can work on tuning the policy of the proxy server to only allow communication via the corporate email system. Once you get to that point then you can worry about configuring your mail system for delayed delivery and archiving of all sent mail. Additionally, if you are setting up a new mail system I would make sure that the system is authenticating the sender (as opposed to just making sure the from meets an @company.com template) so it's 100% known exactly who sent the email. Geoff Sent from my BlackBerry wireless handheld. -----Original Message----- From: Matt Miller <madmillerx () gmail com> Date: Tue, 01 May 2007 22:01:39 To:security-basics () securityfocus com Subject: outgoing email monitoring hi list. I need a solution to monitor the flow of outgoing email traffic for data leak/security concerns. The two objectives that i have are: -monitoring and reporting - who sends, how many and where to? -possibility to temporarily put outgoing all e-mail on hold for reviewing by admin/user and releasing for delivery. Any suggestions? Thanks Matt
Current thread:
- outgoing email monitoring Matt Miller (May 01)
- Re: outgoing email monitoring Noaman Khan (May 01)
- RE: outgoing email monitoring Miguel Ramirez (May 01)
- Re: outgoing email monitoring Steven Hollingsworth (May 01)
- Re: outgoing email monitoring gjgowey (May 01)
- RE: outgoing email monitoring Zhihao (May 07)
- <Possible follow-ups>
- Re: outgoing email monitoring vachanta (May 01)
- Re: Re: outgoing email monitoring security (May 02)
- RE: outgoing email monitoring jfvanmeter (May 08)