ZCS Administrator's Guide, Network Edition 5.0 (Rev 5.0.19 September 2009)
Table of Contents Previous Next Index


Managing Legal Requests for Information
Managing Legal Requests for Information
Legal Intercept for Law Enforcement
Create Mailbox Snapshots for Legal Discovery
Legal Intercept for Law Enforcement
The ZCS legal intercept feature is used to obtain copies of email messages that are sent, received, or saved as drafts from targeted accounts and send these message to a designated “shadow” email address. Legal Intercept can be configured to send the complete content of the message or to send only the header information. When a targeted account sends, receives, or saves a draft message, an intercept message is automatically created to forward copies of the messages as attachments to the specified email address.
Legal Intercept attributes
The legal intercept feature can be configured either for a Class of Service or for individual accounts. The feature is configured from the CLI, using zmprov.
The following attributes are used to configure the feature:
 
zimbraInterceptAddress
Intercepted messages are sent to this address. When this attributes is empty, legal intercept is off. You can have multiple recipients for an intercepted message
zimbraInterceptSendHeadersOnly
The default is False. Change to True to have only the message headers sent, not the message body
zimbraInterceptFrom
Used to construct the From: header content used in the intercept message. The default is Postmaster@<address.com>
zimbraInterceptSubject
The template used to construct the subject -line the intercept message should show. The default subject line reads “Intercept message for account@example.com <intercepted message subject>”
zimbraInterceptBody
The template used to construct the body of the intercept message. The default message is “Intercepted message for <account@example.com.
Operation=<type of message>, folder=<folder>, folder ID=<#>.”
The following parameters can be used in the From, Subject, and Body templates to modify the default intercept message:
ACCOUNT_DOMAIN. Domain of the account being intercepted.
ACCOUNT_ADDRESS. Address being intercepted.
MESSAGE_SUBJECT. Subject of the message being intercepted.
OPERATION. Operation that the user is performing, “add message”, “send message”, or “save draft”
FOLDER_NAME. Name of the folder to which the message was saved.
FOLDER_ID. ID of the folder to which the message was saved.
NEWLINE. Used for formatting multi-line message bodies.
Configuration
The only required configuration to setup legal intercept is to enable the feature on the target accounts. You can enable the attribute to send only the header information of the email message, not the complete message.
The default intercept cover email message and the name in the From field can also be modified.
How to set up legal intercept
1.
Define the intercept address
If enabling by COS, type zmprov mc <cosname> zimbraInterceptAddress <account@intercept_example.gov>
If enabling by account, type zmprov ma <accountname@domain.com> zimbraInterceptAddress <account@intercept_example.gov>
If you are going to use the default intercept message template and From name, legal intercept is set up.
To enable the attribute so that only header information is forwarded, go to step 2.
To modify the attributes of the intercept message continue with step 3.
2.
To send only the header information, not the complete message, type
 
zmprov ma <accountname@example.com> zimbraInterceptSendHeadersOnly TRUE
3.
To change the From name, type
 
zmprov ma <accountname@example.com> zimbraInterceptFrom <newname@example.com>
4.
To change the text of the Subject line, type
 
zmprov ma <accountname@example.com> zimbraInterceptSubject <Intercepted message subject text> parameter parameter
5.
To change the text in the message body, type
 
zmprov ma <accountname@example.com> zimbraInterceptBody <Intercepted message text> parameter <text> parameter
6.
To send only the header information not the complete message, type
 
zmprov ma <accountname@example.com> zimbraInterceptSendHeadersOnly TRUE
Note: To modify by COS, type zmprov mc.
Create Mailbox Snapshots for Legal Discovery
You can create a query for the user’s mailbox using the REST URL format to search for specific types of email messages and attachments and have these messages zipped and saved to your computer. This zip file can be forwarded to a requesting law enforcement agency.
When the file is unzipped, each messages is displayed as an .eml file. The attachments are saved in the format they were delivered.
How to create a mailbox snapshot zip file
You must be logged into the ZCS administration console to create the zip file. You create a zip file for one account at a time.
1.
In the address field of the browser, after 7071/ type:
home/<username>?fmt=zip&query=<criteria_name>
In the above example, a zip file of all email messages and attachments in the Inbox after June 13, 2008 is created for an account called user1.
You can use any search operators that are used for searching in ZCS. For example you can search by folder (in:<folder_name>), by sender’s name (from:<someone>), and you can use multiple search terms. See the Search Tips wiki page for keyword examples, http://wiki.zimbra.com/.php?title=Search_Tips.
2.
Press Enter or the arrow to create the zip. A Confirm box displays, asking if you want to navigate away from this page. You do not leave the admin console page.
3.
Click OK. The zip file is made that includes the messages and attachments, a browser download dialog opens and you are asked to save it to disk.
This zip file is ready to be delivered. The names of the .eml files are the subject lines from the messages.
Managing Legal Requests for Information

Table of Contents Previous Next Index
ZCS Administrator's Guide, Network Edition 5.0 (Rev 5.0.19 September 2009)
Copyright © 2009 Zimbra Inc.