On Thursday 10 July 2003 04:54 pm, you wrote:
> I hate to have to ask this but it has become apparent that I have to do
> something about the situation.
> One of our sales reps is "allegedly" divulging trade secrets vie email to
> rival companies and some customers. My higher-ups have asked me to begin
> tracking all of the users email and keep copies of them for review. They
> would also like me to track incoming mail to this user as well. All
> without attracting the attention of the user... of course. :-)
> I've never had to do something like this before so I'm lost on where to
> begin.
> All of our outgoing mail goes through a postfix smtp hub... as does our
> incoming mail as well. Our pop server is off site in Tampa and I don't
> have much access to it except for a web interface to the Communigate
> software. Is there a way to accomplish what my bosses would like me to
> do? I would appreciate any information anyone might be able to provide.
> Thanks,
> Bradley
You can simply direct it to send a copy to a different mailbox through
/etc/aliases:
tom: tom@server2.com, recordall
You can also listen to all communications on your LAN and grab a copy of
everything matching a specific port and write it to file. Every midnight
you could have cron rename it based on date for posterity and ease of
access.
F.ex. Ethereal can record all LAN traffic and filter it on any port and
write a file. Then put a hub between your external Internet connection and
your LAN so that you can read the traffic from a different port. (Since a
switch will not allow for this.)
I used a simple text based sniffer many years ago to do this but I cannot
recall the name of it. Maybe I (or someone else) can recall it...
It was used to demonstrate how easy it is to sniff network traffic and read
peoples passwords and email. Which would serve you just fine.
--Steve ___________ Sigless?
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:07:33 EDT