mail sniffers
Aleksandar Milivojevic
amilivojevic at pbl.ca
Mon Apr 25 13:53:41 UTC 2005
Ankush Grover wrote:
> hey friends,
>
> One of my friend's office they have sniffers for mail.I explain the
> scenario in their office there is no internet connection given to the
> programmers or developers whatever they have is their official
> mails.They can only receive and send mails through their official mail
> ids.Whatever they send and receive is passed through some sniffers or
> some filters programs if something related to the company is going out
> they fire that developer or programmer.
>
> What i want to know what kind of programs they are using to filter
> those mails.I don't know much about their setup as my friend is a
> software developer and he has very less knowledge about the system
> administration part.
>
> Can anybody tell me about those sniffers and programs for filter or
> checking the mail traffic.
>
> I would like to have such kind of setup in my office.
You sure you want to do it? Unless it is clearly spelled out in
employment agreement, you might be creating legal problems for yourself
(depending on the jurisdiction you live in). I'd check with legal
department before proceeding. If anything goes wrong and company gets
sued, you'd better be able to point finger at your legal department, or
they will surelly (and happily) point the finger to you (which could
make you kind of unemployed rather quickly).
Said that, there are some specialized commercial packages that should do
the job. Don't know the names, just know that they exist. Basically
you set them up to look for catch phrases (for example, internal names
of not-yet-published products, or some susspicious words). There's
nothing "out-of-the-box" in open source world. There are some
unspecialized programs that could be used to accomplish something like
that, such as Snort (already mentioned in one of the replies you got).
It is also trivial to write a filter (using Milter API) that will send a
copy of all emails entering/leaving company to separate mailbox and/or
save a copy of email onto disk, or do whatever you want with it. Check
the documentation (distributed with Sendmail source which is available
at www.sendmail.org).
You can't do a thing if the user is using encryption (S/MIME or PGP).
The only thing they can do in that case is raise an alarm that the user
was using encryption (which hardly can be a reason to fire the user,
unless his/hers contract specifically prohibits the use of encryption).
It's like you fired him because you saw him talking on his cell phone
on the parking lot from your office window...
Also, you can't control what your users are doing from their personal
accounts. If you have somebody who is leaking internal information and
if he is smart, he sure isn't going to leak it using company's email
address. He's going to do it from security of his/hers home. Of
course, unless your company is hiring the cheapest possible developers.
They usually don't have high enough IQ ;-)
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the fedora-list
mailing list