Re: outgoing email monitoring

[gjgowey () tmo blackberry net]

Your problem is a lot more complicated than it would appear at first glance.  What you want is every email to be 
delayed for a few hours from when it is sent so they can be examined.  Most mailers (including exchange) have a 
configuration that can be modified as to when the MTA will send all queued messages, but this is not what you are 
looking for since a person could send a message 1 minute before the delivery time.  Further complicating matters is the 
possible use of a free webmail service, ssh, scp, ftp, or im.  All of which all files to go through without being seen 
by your mail server.

To make your network leak proof you essentially need a central proxy that all internet traffic goes through.  You can 
work on tuning the policy of the proxy server to only allow communication via the corporate email system.  Once you get 
to that point then you can worry about configuring your mail system for delayed delivery and archiving of all sent 
mail.  Additionally, if you are setting up a new mail system I would make sure that the system is authenticating the 
sender (as opposed to just making sure the from meets an @company.com template) so it's 100% known exactly who sent the 
email.

Geoff

Sent from my BlackBerry wireless handheld.  

-----Original Message-----
From: Matt Miller <madmillerx () gmail com>
Date: Tue, 01 May 2007 22:01:39 
To:security-basics () securityfocus com
Subject: outgoing email monitoring

hi list.
I need a solution to monitor the flow of outgoing email traffic for data 
leak/security concerns. The two objectives that i have are:
-monitoring and reporting -  who sends, how many and where to?
-possibility to temporarily put outgoing all e-mail on hold for 
reviewing by admin/user and releasing for delivery.

Any suggestions?
Thanks

Matt