Firewall Wizards mailing list archives
Re: Screening Outgoing Mail for Content
From: Bennett Todd <bet () mordor net>
Date: Wed, 5 Aug 1998 09:15:16 -0400
1998-08-04-10:10:41 Bruce B. Platt:
Someone asked me to suggest a method to screen outbound mail for content. That is, to screen all messages destined outside the local domain for certain key words and then forward the message to an internal "censor" if it contains words on the "forbidden" word list. They are looking to "ensure" that outbound mail doesn't contain information which may compromise the interests of one of their clients if sent to another client. They have no internet connection, and no outbound mail as a consequence of this concern.
Not too hard to set up. If you aren't already doing so, you can run smap/smapd from fwtk; Guy posted a script to log all email passing through that. Adding on an fgrep to control whether to let it on through or shunt it aside for human (or censor) processing would be easy. Hope your users don't regard their email delivery as time-critical, because any stop list encompassing enough to have a small ``miss'' rate is going to have a ``false-hit'' rate that's probably many times the actual incident rate. A possibility to consider instead is shunting aside a copy of all email that passes through, for offline analysis and possible followup. That's the approach Guy took. His results suggest that if you're clever at automating text processing, one individual should be able to read all the ``interesting'' email for a company of a thousand or so people in a couple of hours per day. -Bennett
Current thread:
- Screening Outgoing Mail for Content Bruce B. Platt (Aug 04)
- Re: Screening Outgoing Mail for Content Marcus J. Ranum (Aug 04)
- Re: Screening Outgoing Mail for Content Perry E. Metzger (Aug 05)
- Re: Screening Outgoing Mail for Content Thomas Schiavinato (Aug 05)
- Re: Screening Outgoing Mail for Content6 Chad Schieken (Aug 05)
- Re: Screening Outgoing Mail for Content6 Joseph S. D. Yao (Aug 06)
- Re: Screening Outgoing Mail for Content Thomas Schiavinato (Aug 05)
- Re: Screening Outgoing Mail for Content Wilson Roberto Afonso (Aug 05)
- Re: Screening Outgoing Mail for Content Joseph S. D. Yao (Aug 05)
- Re: Screening Outgoing Mail for Content and other things cfb (Aug 06)
- Re: Screening Outgoing Mail for Content Perry E. Metzger (Aug 05)
- Re: Screening Outgoing Mail for Content Ted Doty (Aug 05)
- Re: Screening Mail Policy&Product Paul Woodie (Aug 09)
- <Possible follow-ups>
- Re: Screening Outgoing Mail for Content Dave O'Shea (Aug 05)
- Re: Screening Outgoing Mail for Content Godfrey_Cureton (Aug 05)
- Re: Screening Outgoing Mail for Content Dean_Ethier (Aug 05)
- Re: Screening Outgoing Mail for Content Peter Jeremy (Aug 05)
- RE: Screening Outgoing Mail for Content Steven Deutsch (Aug 05)