How to track a mail

[ghanedan]

Hi,

For security reasons we want to track certain mails that are sent to users.

We want to track if the mail is forwarded to somewhere else etc.

But becuase we use TLS all the mail logs are encrypted, so I wonder is there a way to do this, identify a specific message movement ?

Best regards,

[uxbod]

There a numerous ways of doing this though it is dependant on which version of ZCS you are running so please update your profile with the following output so we can help you

Code:

su - zimbra
zmcontrol -v

[ghanedan]

Quote:

Originally Posted by uxbod

There a numerous ways of doing this though it is dependant on which version of ZCS you are running so please update your profile with the following output so we can help you

Code:

su - zimbra
zmcontrol -v

It's.
Release 5.0.6_GA_2313.SLES10_64_20080522105817 SLES10_64 FOSS edition

I must be able to apply the method to past logs. So any configuration should also be valid for past logs.

Best Regards,

[uxbod]

If you are wanting to monitor for a particular email or content then I do not think this is possible unless you do something like [SOLVED] Law Enforcement (aka intercept)? or implement mail archiving.

[ghanedan]

Quote:

Originally Posted by uxbod

If you are wanting to monitor for a particular email or content then I do not think this is possible unless you do something like [SOLVED] Law Enforcement (aka intercept)? or implement mail archiving.

No I just want to track and identify a particular mai in logs.

I am not interested in the content of the mail, just the route it has traced. For instance I receive a mail and thi is logged, when I forward it this is also logged. So there must be a logical connection between these 2 mails in logfiles.

If the mail subject headers were not TLS encrypted, this could be done from the subject text.

But it is TLS encrypted.

[uxbod]

Quote:

Originally Posted by ghanedan

I am not interested in the content of the mail, just the route it has traced. For instance I receive a mail and thi is logged, when I forward it this is also logged. So there must be a logical connection between these 2 mails in logfiles.

Nope, once you forward the email it because its own unique email. Mail archiving is the way to handle this IMHO.

[ghanedan]

Any other ideas ?

[uxbod]

Quote:

But becuase we use TLS all the mail logs are encrypted

Why are they anyway ? TLS just means that the transport mechanism between MTA1 and MTA2 is encrypted; not the actual message content itself.

[ghanedan]

Quote:

Originally Posted by uxbod

Why are they anyway ? TLS just means that the transport mechanism between MTA1 and MTA2 is encrypted; not the actual message content itself.

Sure. I see a cryptic message-id in log files, for example:
Message-ID: <C16F17028464408664D554257EA4D1227@somebody>

And think that message id part is encrypted from message header. Ok this might not be the case.

But there must be a way to track the mail with this Message-ID

[uxbod]

CLI zmmsgtrace - Zimbra :: Wiki