Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: mathubbard on June 28, 2006, 10:36:57 PM
-
Is there any way of easily checking on the headers... and maybe content of e-mails passing through an SME7 server.
I'm using an SME7.0 server for a company with 30 employees, and it would be nice to be able to have a quick look at e-mails passing through the server to check the system is not being abused.
I guess one could set up a forward for all incoming e-mails to a separate account and look at this... but I'd really like a simple log.
Any ideas?
Mat.
-
mathubbard
> ... but I'd really like a simple log.
Did you look at the log files ?
try
qmail/current
or
smtpfront-qmail/current
-
mat
What you want is available from a plugin in qpsmtpd and is called Bcc
From the console as root
config setprop qpsmtpd Bcc enabled BccUser xxx
signal-event email-update
where the BccUser is the user mailbox or email address you want all blind copies of all incoming and outgoing emails to go to.
I set up a user account just for this purpose and use a seperate mail client to download the emails daily otherwise the mail box can get rather large.
Note that in some countries you are required by law to notify your users that you are keeping a copy of all their emails. You would be surprised how quickly it cuts down on personal email.
Jon
-
Thanks for your replies.
The log files are useful.... but the presentation is not particulary good. For a quick look at what is happening... it would be nice to have a logfile which shows on one line:
sender-address recipient-address first 40 chars of message header
I will probably go for the bcc option.... and download mail to another pc.
A previous solution I've used is to connect the server via a hub(rather than a swtich), and then run e-mail packet sniffing software on a separate PC which 'listens' for e-mail passing through the server. This wotks... but seemed a crude solution.
Cheers,
Mat.
-
Jon,
Can you clarify your response a little for me? I need to do the same thing - monitor potential e-mail abuse by one of my employees. In your code:
config setprop qpsmtpd Bcc enabled BccUser xxx
signal-event email-update
Can you illuminate/explain the "xxx" parameter? I hope the answer is that I can monitor a single employee's e-mail.
Thanks
-
Can you illuminate/explain the "xxx" parameter? I hope the answer is that I can monitor a single employee's e-mail.
The xxx is the value i.e the user or email address you WANT the emails to be sent/copied to for the admin to review.
This will monitor ALL emails in/out, I dont know of any way you can monitor a single employee emails
-
I'm now running a copy of Outlook on a separate PC which downloads all incoming and outgoing emails from the company SME mail server - I created an account called logger, and used the bcc functionailty described in this post.
Interestingly, if employees bother to look at the their e-mail headers they will notice the bcc copy to logger@mycompany.net
This works well as the server doesn't get clogged up with e-mails - about 70Mb a day.
It's easy to sort the Outlook database based upon user and/or date and other people who want to view the data can do so quite easily....
My next problem is going to be what to do with the Outlook data. I think I'll just bin it every month and start with a fresh data file.
I did consider using something like Evolution under Linux, but I guess this will have the same storage problems as Outlook.
-
My next problem is going to be what to do with the Outlook data. I think I'll just bin it every month and start with a fresh data file.
If using Outlook why not archive it off on to CD?
-
It would be nice if someone did an ISOqlog for SME7 ... that tell you how many e-mails came in and whent out per person and the daily megabytes as well ... it shows you per e-mail address as well as daily and weekly.
I have it installed on SME6.0.1 and it's great for abuse checking ... just seeing the quantaties of mail by a person as well as megabytes is enought to tell weather there abusing or not.
It also shows if it's a local delivery or external ... easily worked out who is abusing. :hammer:
I forgot to mention there is also a general stats in there as well ... it also shows external e-mail addresses of how many they sent to you and size. very handy tool for IT admins.
Regards,
Tib
-
How would I go about turning off this bcc feature?
-
Turn it off?
config delprop qpsmtpd Bcc enabled BccUser xxx
signal-event email-update
Change the setprop to a delprop. That should do it. Doesn't delete the user, just stops the bcc action.
-
Or if you wish to leave that user there til next time do...
config setprop qpsmtpd Bcc disabled BccUser xxx
signal-event email-update
where xxx is the user and email address emails are being sent to.
-
Jon,
Can you clarify your response a little for me? I need to do the same thing - monitor potential e-mail abuse by one of my employees. In your code:
config setprop qpsmtpd Bcc enabled BccUser xxx
signal-event email-update
Can you illuminate/explain the "xxx" parameter? I hope the answer is that I can monitor a single employee's e-mail.
Thanks
Have a look at this...
http://www.dungog.net/sme/usermanager.php#fwd
-
It would be nice if someone did an ISOqlog for SME7 ... that tell you how many e-mails came in and whent out per person and the daily megabytes as well ... it shows you per e-mail address as well as daily and weekly.
I have it installed on SME6.0.1 and it's great for abuse checking ... just seeing the quantaties of mail by a person as well as megabytes is enought to tell weather there abusing or not.
It also shows if it's a local delivery or external ... easily worked out who is abusing. :hammer:
I forgot to mention there is also a general stats in there as well ... it also shows external e-mail addresses of how many they sent to you and size. very handy tool for IT admins.
Regards,
Tib
You could be in luck..
http://www.vanhees.cc/index.php?name=CmodsDownload&file=index&req=viewsdownload&sid=64