Re: Block a user's outgoing email

[Ansgar Wiechers <bugtraq () planetcobalt net>]

On 2003-08-28 larry_birch () dofasco ca wrote:
> On August 27, 2003, Kryptos [mailto:kryptos () phreaker net] wrote:
> > Although redirecting the user's outgoing mail to your security
> > department would work for Outlook, you should also consider that the
> > user may use webmail on a service such as Yahoo!, or they may use an
> > instant messaging application.  You should consider these as security
> > violations as well.  If you're logging the user's e-mail in an
> > attempt to gather evidence of NDA violations, you might consider a
> > keylogger or similar application to catch all the activity on the
> > computer.
>
> I believe that within Exchange 5.5 administrator go to the user's
> Limit tab and set the outgoing message size to 0 (likely it is
> currently set to no limit).  But the previous email makes a great
> point.

Wouldn't that just prevent the user from sending mail (and therefore
maybe alarm him) instead of redirecting the sent mail to another address
for review?

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------