Many companies’ security policies require mandatory monitoring of the emails users send and receive. Such control can pursue several goals at once from preventing leaks of important information to monitoring compliance with the rules of communication with clients. One way to control messages is to intercept them and redirect them to the inbox of the responsible person, who can subsequently pick them up during the investigation of various incidents. In this article, we will talk about how you can organize the interception of user messages in Carbonio.
Intercepting Incoming Messages
This function can be implemented from the administrator console. To do this, just go to the settings of the selected user and set for him in the “Forwarding” section the address to which incoming email messages will be forwarded. Addresses can be either hidden or visible to the user.
After this, all incoming messages for the user will also appear in the incoming messages of the specified user. However, outwardly they will not differ in any way from ordinary incoming messages. If the administrator disables saving local copies of forwarded emails, they will appear only in the mailboxes of users specified in the forwarding settings.
This function, although it is a way to intercept incoming messages, is still, as a rule, used not for information security purposes, but to ensure the continuity of business processes. For example, forwarding can be configured during an employee’s vacation, so that his colleague or manager receives incoming mail. Also, such forwarding can be useful when dismissing an employee, so that letters addressed to him do not remain unattended.
Intercepting Outgoing Messages
Interception of outgoing messages in Carbonio is implemented at the Postfix level and its configuration is associated with editing its configuration files.
First, you need to log into the Carbonio MTA server under the zextras account, create a file, and fill it with a table of forwarding addresses.
su zextras
cd /opt/zextras/common/conf
touch sender_bcc
echo "user@carbonio.local zextras@carbonio.local" > sender_bcc
In our case, there will be only one row in the table. The left email address indicates the name of the user whose outgoing messages will be forwarded, and the right mail address indicates the name of the user to whom outgoing messages will be forwarded. There is no limit to the number of rows that can be added to the created table.
Once the forwarding address table has been created and populated with addresses, all that remains is to configure Postfix to use it. To do this, specify the path to the created table in the corresponding section of the Postfix settings file /opt/zextras/common/conf/main.cf.
Save the changes to the configuration file and apply the changes using the commands
postmap /opt/zextras/common/conf/sender_bcc
postfix reload
After this, all messages sent by users from the left column will go to the mailbox of users from the right column. In the Carbonio web client, messages intercepted in this way will look like this:
The email saves the sender’s name, recipient’s name, subject, and body.
Considering that the sender’s name in intercepted emails is always strictly specified, the recipient of intercepted emails can configure a mail rule so that they are placed in a separate folder and also configure the retention period for emails for this folder so that the intercepted data is stored for a strictly defined period.
Intercepting All User Messages and Actions
In some cases, it may be necessary to control not only the user’s sent and received messages but also his drafts. Carbonio can establish full control over the user’s actions.
This is also done on the command line using the zimbraInterceptAddress parameter, which can be configured either for an individual user or for an entire class of service. For example:
carbonio prov modifyAccount user-1@carbonio.local zimbraInterceptAddress user@carbonio.local
In this case, all email actions performed by the user user-1@carbonio.local will be intercepted and sent to the user@carbonio.local
carbonio prov modifyCos default zimbraInterceptAddress user@carbonio.local
In this case, all email actions performed by all users of the default class of service will be intercepted and sent to user@carbonio.local.
Intercepted actions are displayed as messages. By default, they look like this:
- Start creating a new email (Adding to drafts)
- Editing an email in drafts (Saving to drafts)
- Sending an email (Move to sent)
- Receiving an email (Add to inbox)
All these messages have a common addressee, common words, and an indication of the user’s name in the subject line, the message itself is attached to them as a file, in addition, they contain a description of the actions performed by the user.
The presence of common features in intercepted messages is intended to make their sorting as easy as possible. To make it even more convenient to administer the flow of intercepted messages, Carbonio can customize various message interception parameters, which are also configured on the command line and can be configured both for individual users and for entire classes of service.
To intercept only email headers without email attachments:
zimbraInterceptSendHeadersOnly
To configure the sender address of the intercepted letter (by default postmaster@carbonio.local):
zimbraInterceptFrom
To configure the subject of the intercepted message:
zimbraInterceptSubject
To configure the body of the intercepted letter:
zimbraInterceptBody
Examples
carbonio prov modifyAccount user-1@carbonio.local zimbraInterceptSendHeadersOnly TRUE
After entering this command, only the headers of the letter will be intercepted from the user user-1@carbonio.local, the text of the letter itself will not be included in the attachment.
carbonio prov modifyCos default zimbraInterceptFrom intercept@carbonio.local
After entering this command, all intercepted letters from users of the default Service Class will have the sender’s email address in the sender field intercept@carbonio.local.
carbonio prov modifyAccount user-1@carbonio.local zimbraInterceptSubject 'Intercepted from ${ACCOUNT_ADDRESS} Message: ${MESSAGE_SUBJECT}'
After entering this command, the subject of letters intercepted from the user user-1@carbonio.local will correspond to the entered template.
carbonio prov modifyCos default zimbraInterceptBody 'Intercepted from ${ACCOUNT_ADDRESS} Message.${NEWLINE}Action=${OPERATION}, Folder=${FOLDER_NAME}, Folder ID=${FOLDER_ID}.'
After entering this command, the body of all intercepted letters from users of the default class of service will match the entered template.
As can be seen from the examples, the specified settings allow the use of interactive parameters. Let’s list the allowed parameters and their meaning:
- ACCOUNT_DOMAIN – the domain in which the account whose email was intercepted is located
- ACCOUNT_ADDRESS – address of the account whose email was intercepted
- MESSAGE_SUBJECT – the subject of the intercepted letter
- OPERATION – an action that was performed with the intercepted letter
- FOLDER_NAME – the name of the folder in which the intercepted letter was saved
- FOLDER_ID – identifier of the folder in which the intercepted letter was saved
- NEWLINE – line feed parameter in multi-line email bodies
Thus, Carbonio can implement full control over user actions. However, it should be taken into account that interception of messages, if the data on the server is not deduplicated, can lead to a sharp increase in the space that mail takes up on the server. In addition, the use of email interception can lead to mail loops. Therefore, we recommend that you approach setting up mail interception with great responsibility.