|
Security Basics
mailing list archives
Re: outgoing email monitoring
From: gjgowey () tmo blackberry net
Date: Tue, 1 May 2007 21:45:00 +0000
Your problem is a lot more complicated than it would appear at first glance. What you want is every email to be
delayed for a few hours from when it is sent so they can be examined. Most mailers (including exchange) have a
configuration that can be modified as to when the MTA will send all queued messages, but this is not what you are
looking for since a person could send a message 1 minute before the delivery time. Further complicating matters is the
possible use of a free webmail service, ssh, scp, ftp, or im. All of which all files to go through without being seen
by your mail server.
To make your network leak proof you essentially need a central proxy that all internet traffic goes through. You can
work on tuning the policy of the proxy server to only allow communication via the corporate email system. Once you get
to that point then you can worry about configuring your mail system for delayed delivery and archiving of all sent
mail. Additionally, if you are setting up a new mail system I would make sure that the system is authenticating the
sender (as opposed to just making sure the from meets an @company.com template) so it's 100% known exactly who sent the
email.
Geoff
Sent from my BlackBerry wireless handheld.
-----Original Message-----
From: Matt Miller <madmillerx () gmail com>
Date: Tue, 01 May 2007 22:01:39
To:security-basics () securityfocus com
Subject: outgoing email monitoring
hi list.
I need a solution to monitor the flow of outgoing email traffic for data
leak/security concerns. The two objectives that i have are:
-monitoring and reporting - who sends, how many and where to?
-possibility to temporarily put outgoing all e-mail on hold for
reviewing by admin/user and releasing for delivery.
Any suggestions?
Thanks
Matt
 By Date 
By Thread
Current thread:
|
Intro
