View Full Version : I need to intersect emails

23rd June 2008, 03:45 PM
Hi My Boss came to me and said that i have to see what emails one of the employees is sending. She is too sneaky and deletes all of her "sent items" and her "deleted items". When I check the maillog on FC5 with Postfix I can see that she is sending the email. But my Boss wants to see what content is in the email. I am using Dovecot as the smtp server. There must be a way to just view the email or intersect it without having to go buy another program. Please help.

24th June 2008, 01:27 AM
Frankly, I think I'd plead ignorance on this one. "I've looked into my resources and checked as much as I'm able and really come up with a blank on this one, boss. There may be ways, but I'm not sure we'd be dealing with legit people who we could trust with our info if we used their software".

You really don't need to get involved in what could be a lawsuit. Also makes you wonder how devious the company is about YOUR stuff! CYA, for sure!

24th June 2008, 01:29 AM
Yeah, I agree with Bob. I don't know what the privacy laws are where you are, but this could come back to bite you in the rear end.


24th June 2008, 03:03 AM
Usually, in the US (remember, our president is BUSH---shucks, last time people listened to a Bush they wandered the desert for 40 years, but anyway) all emails are considered company property.

I'm not a lawyer, on the other hand, if you're going to use the emails as grounds for termination, she might have a case that she wasn't warned, even if it's explicitly stated in company policy. If it is explicitly stated in company policy, and she isn't complying, then you have grounds for termination right there.

I'm sure there are various ways to direct it somewhere, but I would think that the very very diplomatic approach with your boss would be best--that you've researched and everything indicates that regardless of the law, you might be opening yourself up to various issues if she is not explicitly informed about it in advance. The fact that she is female also means that she could possibly claim that she was facing discrimination because of her sex.

Remember, law isn't necessarily logical.

I'm leaving out the morality issues. I've been fortunate enough to work for people who either told employees all their email was considered to be company business and viewable, or ones who felt that they had the right to privacy and wouldn't look at the emails.

However, I think we're all accepting that there may be legitimate reasons for this request. Still, as the others have said, I think your best bet is to say that in researching it, you've found that it's non-trivial and there have been instances of it leaving the company liable to various civil suits. (In this country, where anyone can sue anyone for anything, I'm sure that it's happened. Burglars sue homeowners because they tripped over something, so whether or not someone is committing a felony doesn't eliminate their right to sue.)

24th June 2008, 04:08 AM
scottro is right on this one.

I worked as IT for a company for a few years and I had a similar situation happen. Company computers are company computers. Company bandwidth is company bandwidth. All are property of the Company and anything done on those assets is subject to the Company.

24th June 2008, 06:42 AM
I'm not one for spying, however, I have some sympathy here. I have also been in the unfortunate situation in which an employee was abusing email/web access privileges on company gear and company time. In fact, part of most hiring processes now require all employees to sign statements of understanding that all email and web traffic can and will be monitored. It is usually clearly stated that any violations of these policies will result in immediate termination.

Parenthetically, just last week the U.S. 9th circuit ruled personal privacy in emails/text messages at work, and on company gear were constitutionally protected, but I suspect that will be overturned shortly. The 9th circus gets overturned on a regular basis.

The resulting liability and exposure suits and other issues generated by that particularly activist and odious decision should prove interesting. However, the draconian measures employers will now need to institute to circumvent those issues will be anything but entertaining.

And what does that mean for the innocent working stiff? ... at the risk of actually running across someone who knows what it means ...



24th June 2008, 06:53 AM
I am using Dovecot as the smtp server.
Hmm, I thought Dovecot did not act as an MTA. You must be thinking of Postfix, which you mentioned is being used. You could use a before-queue filter to save the email content for a particular user before sending it off. Read the Postfix documentation on how to do that. The only problem is if the user is encrypting her mail. Then you're out of luck.

24th June 2008, 07:10 AM
If the purpose is to get the employee to stop using company email for personal use, could not one tell her (them) that "all email" was being monitored? That way everyone wins, and there are no hassles. OTOH, if they persist, then it whatever they deserve.

24th June 2008, 07:36 AM
See, the problem is she is selling information to another company. With that information the other company has been counter offering deals with clients. Our company has lost MAJOR deals in the last 6 months. We got a hint at a sports game box when one of the other companies employees got drunk and let some info slip... My boss isnt too happy about that so he really wants to fish her out. See getting incoming mail is easy we just redirect her email to her and to some one else, but the emails she sends that is the problem...

24th June 2008, 07:49 AM
Sorry I meant Dovecot is how they get the mail off the server and Postfix is the sender...

24th June 2008, 07:57 AM
In that case, I wonder if you or your boss might want to get an independant IT guy in to do the "data collection". This looks to me like litigation is in the works, and you might be in the middle of it.
Geez, I am glad I am retired!

24th June 2008, 08:06 AM
Yeah I agree to get an external IT guy to do that but my boss will argue then why is he paying my salary. If the external guy can do it then I can do it. How do I argue that?

24th June 2008, 08:12 AM
Agreed, but the key thing is "independant". However, I guess you are right...your boss will call the shots. I hope he is thinking ahead.
Again, I sure am glad I am retired...I am getting too old for that kind of "ulcer material".

24th June 2008, 08:20 AM
There's the always bcc maps, which can be, I think, set to a per user basis.
I would start by grepping her name in the maillogs and seeing if she's even using email to do this. It seems that it would be a very foolish thing to do. (That should show who she's sending to.)

It's a pity your boss is so set on vengeance. It wastes a lot of time and money. The external data collection would be, if he's planning litigation, harder for her to fight in court.

I'm not saying he should forgive and forget, but just terminate her. It will probably cost him more to get his payback than he's lost.

Bosses are funny that way. (errm, by terminate her, I just mean fire her.)

Anyway, if you do get stuck having to do this, I think the bcc_maps is the way to go. I'm not really familiar with it, just did a quick google because it roused my curiosity.

This looks as if it may be helpful (but I haven't tested it.)

24th June 2008, 09:08 AM
I got it working.

To monitor emails or copy emails being sent or recieved

1.edit main.cf in postfix add the following line

sender_bcc_maps = hash:/etc/postfix/sender_bcc

2.create sender_bcc file in /etc/postfix
sender_bcc format:

sender@lazoop.co.za recipient@lazoop.co.za

3. Hash the file

postmap sender_bcc

One problem I come accross is that it sends duplicates

24th June 2008, 10:06 AM
Ok to get rid of the duplicates I just ran a command to scan the folder for duplicates and delte them....

4.Delete Duplicate emails by writing script deldup.sh


/usr/local/bin/fdupes /home/vmail/domain/accountrecipient/new/ -f | xargs rm -f
/usr/local/bin/fdupes /home/vmail/domain/accountrecipient/cur/ -f | xargs rm -f

5. Add to crontab to run periodically

crontab -e

0-59/5 * * * * /usr/local/bin/deldup

24th June 2008, 10:09 PM
Good luck with this, and please let us know how it turns out. After all this discussion, I'm sure we'd all like to know! I'd been thinking about the possibility of adding a bcc to her emails at the server level, but didn't have the time to hunt down the instructions. Glad to see I was on the right track.

As a side note, issues like this can often be resolved by redefining the question. Instead of asking "How can I intercept her email," asking "How can I get a copy of all email she sends" leads to the idea of having the SMTP server quietly send copies to a secondary address, and leads to the solution.

I must admit, however, that your quarry must be either very foolish or almost computer illiterate if she's sending out her reports through your servers. A few years ago I was working for a company where I assumed that all email was being monitored. (You don't have to be paranoid to feel that way when the corporate culture is based on micro-management and second-guessing!) At one point, I had a technical question to ask a friend that called a minor company policy into question. I emailed him from work, but I did it via my gmail account, so that nothing passed through their servers in or out. Considering how easy it is to get a throwaway account on a web-based server, I'm a tad astonished that she's using her work account! If your boss is right, however, I'm glad she is.

25th June 2008, 06:58 AM
I guess rather than using the email at all, I would move it to a usb stick of some sort. They are so small and in so many shapes now, there is virtually no way to find them. Plus you can move some huge files(relative to what email is limited to). I mean with a 32gb stick how long would it take one to pull an entire database?

25th June 2008, 07:20 AM
Thank you for all your help people. I have achieved what I needed to. My boss got to see the content of the email she is sending. Whether it was "intercepted" or "copied" doesnt really matter. Im not here to argue semantics. Ive developed a script that will store every employees emails appropriately so now I can have system where in future I can produce my own litigation of email than spend alot of money on another IT company to do that, and that in my opinion is foolish unless of course the IT personel is "computer illiterate". Scottro thanks for the info it helped. As for company policy they are aware of the emails being monitored. And any other legal issues that I have overlooked will be held responible by my boss as he told me to do it which Ive recorded via email.

25th June 2008, 11:45 AM
Firstly, glad it helped--I didn't know about it either till your posts got me interested enough to look, so we both learned.
It made you, hopefully, look good to your boss, which is always a good thing.
I'm never sure about litigation only being the boss' problem, but I doubt it will be an issue because of the fact that, especially if you're in the US, and employees are aware that their email can be monitored, you should be in the clear.

I guess we would all be curious, if you can reveal it, if the employee really was foolish enough to use company email for this purpose. One would think that with various throwaway accounts so easy to come by (though many companies block access to gmail, hotmail and the like) if she did, she deserves to be fired simply for being too unimaginative to work in a position where she has access to such information.

Oops, I see you're in South Africa. I guess that's not in the US. :) On the other hand, I repeat, that if employees are made aware of the fact that their email may be monitored at any time, which is becoming more and more of a standard policy, I would guess that as you say, any legal issues are up to your boss.

It's sad in a way. Most companies, I think, used to allow employees privacy as far as email but policies changed not only because of our president who would like to be a dictator, but by simple greed and stupidity on the part of so many employees who made it necessary.