Monitoring email

Is there anyway to set up monitoring of all email into and out of the domain for management purposes? If not could it be included in some way?

One of my clients monitors all email in and out of the company with staff knowledge of course.

The in part is not so much of a problem by setting up forwarding or lists etc However, the out mail part is a little more tricky.

At present they download into vPOP3 and that has monitoring facilities but it would be better if this could be set up on the external mail server.

It is hard to do this in Exchange too and only third party programs go some what to enabling the feature.

Email monitoring outbound is becoming not only an important management tool but also in many cases a legal requirement or for legal protection. A simple "monitor outbound" facility for a domain would make this a very attractive product for that feature alone I reckon.

Any thoughts?

This is a function of your mail server (MTA), not Virtualmin. My suggestion is that you look into[A HRef="http://www.MailScanner.info/">MailScanner</A>. It is free, it has an option to archive all incoming and outgoing mail, and it can work as an external SMTP gateway, so it ties in nicely with almost any other mail server.

Beware that it may be illegal to do this, depending on your cirucumstances and where you are located.

And if you don’t like MailScanner for some reason, here is another product called[A HRef=“http://www.modulo.ro/content/view/55/1/”>Synonym, the email message archiver</A>. Apparently it is also free, but it is written as a Sendmail Milter, so obviously it requires Sendmail to run. However, it appears that it hasn’t been updated in a while (since 10/26/2004), so MailScanner would still be my primary recommendation, which has excellent developer and community support.

Hi Alan,

Thanks for the information on that. I will check out the sites shortly.

All the staff in this particular company are aware that email is montiored, it’s an integral part of the companies management process. So no privacy issues.

Hey Paul,

It is easy to use Procmail for this, and you won’t have to install/use anything outside of the standard Virtualmin Professional install. It just takes one additional rule in your /etc/procmailrc file. I believe it would be something like this:

:0 c
! archive@domain.tld

Which will forward a copy (that’s the “c” in the first line) to the mailbox archive@domain.tld. Note this is untested, but I think it will work. Let me know if it doesn’t and I’ll actually figure out the right rule and test it out here.

BTW-The rule needs to come before any other delivery rules.

Oops, I missed the outgoing part. That one will probably best be done with a sender_bcc_maps file for Postfix, though I’m not sure if one can use a catchall in that map file. I’m looking into it…

Ok, even easier than sender_bcc_maps and procmail is the always_bcc directive.

always_bcc = admin@domain.tld

This will send a bcc (blind carbon copy) of all mail to admin@domain.tld. It should catch incoming and outgoing.

Thanks Joe,

I will give that a go tommorrow and update everyone on here too for reference.

Cheers for now,

Paul

And just to be absolutely complete in covering this topic, I’ll add that you can edit the always_bcc option in Webmin’s Postfix module. Browse to the General Options page, and the option is labeled “Address that receives bcc of each message”. You’ll never have to look at the configuration file in a text editor, if you really don’t want to. :wink:

Hi Joe,

I see this feature in the admin part of the control panel which is great. However, I’m worndering if we can set this on a per domain & email basis? For example, some of my clients have “problem children” they want to monitor but not everyone, for in-coming & out-going messages.

Thanks,

Mikel

Hey Mikel,

I believe you can use the above-mentioned sender_bcc_maps feature to do this on a more specific basis. It’s not going to be covered in Virtualmin, however, which I think is what you’re going for (i.e. your domain owner users can’t control it without being given some additional privileges, and it’s not at all an intuitive option to use).

I’ll have to think about whether we can find a place to add this in Virtualmin without confusing people or getting unsuspecting folks into legality issues over privacy (in many countries there are laws against private parties utilizing technical eavesdropping methods like this–even if the server is owned by the party doing the eavesdropping). We’ve already got way too many options in Virtualmin for most of our users. We certainly don’t want to add some that can get folks into real world trouble. :wink:

Maybe a new module just for email archival management. I know many types of business (accounting, law, and medical in the US) have various responsibilities for email privacy, archival, and deletion. It might be nice to have a module that can handle those types of requirements in an automatic way. We probably won’t develop it soon, as we’re swamped at the moment with wrapping up all of the other OS support and fixing the few major remaining bugs before ending EA…but I might tackle it sometime once those things are wrapped up.