On Sat, 29 Nov 2003, Alexander Dalloz wrote: > > !!! But be aware:...... > is totally forbidden as it breaks the personal rights of the employees. Yes, You do want to watch out for legal issues. If the boss is the only one reading email and he is a perv/criminal then you are an accomplice now that you have read these cautions. If the law and policy allows you to do this as a minimum I suspect, you need a delivery process to an archive log file for all mail including _his_ mail. You also need control of all mail connections -- could be difficult to impossible. If all connections involve sendmail relay hosts and you control all gateways others have given info on rewrite rules that work. Remember that, when you run out of disk space mail bounces badly. To cover your behind you also need an access log and process for managing and archiving the log files. Since, the only good reasons to do this sort of thing will potentially result in legal action the file contents cannot be tampered or appear to be tampered with. You as a person with pass-words could get in the middle of a serious stink. I understood that the original request was for copies of all outgoing mail to be logged. Incoming context may matter too. Perhaps he suspects things like insider trading or other information leaks. If so he needs legal people to be involved from the get go. To log all outgoing mail you need to have control of all mail agents. i.e. any "telnet host 25" connection and also any MS exchange connection, pop, imap, http etc. This requires that you have control of all the mail agents. This is not easy.... If all messages pass through a server some stuff is possible. At one layer I see you are using "QMAIL TOASTER v 1.0" so see: How do I keep a copy of all incoming and outgoing mail messages? http://cr.yp.to/qmail/faq/admin.html#copies Consider that some mail tools can make a direct connection to the host in the "To:/CC:/Bcc:" line and also other hosts listed in DNS MX records. No relay sendmail.mc/cf change will log these connections without firewall stuff and control of all the user desktop tools to keep things working. I just started tinkering with Netscape, I added a new profile and clicked on the letter then it launched the setup Wizard, it asked for outgoing SMTP server. In this way any user can setup a profile that uses their own ISP or any durn thing. This would bypass most company "Smart relay hosts". You are using Mozilla which has the same profile options... You posted from: cpc1-leed2-5-0-cust111.ldst.cable.ntl.com [80.6.166.111] via -- wmm.legend.co.uk [212.69.230.163] With a From line that includes 8010.co.uk Since you are in the UK a google search finds http://www.ghlaw.com/html/05publications/3alerts/EALERTrevisedemploiymentelectronicmonitoring2001.htm: "And effective October 24, 2000, the Lawful Business Practices Regulations, gives British employers expanded powers to engage in job-related electronic monitoring. .... "Accordingly, workplace policies and practices concerning e-mail and Internet use should be reviewed by counsel from time to time to ensure compliance with local laws, and reinforced on site by management training and communications. Employers should also be prepared to see a rise in litigation by disgruntled employees and others".... So there may be some legal foundation in the UK. BTW: I believe what he is asking is also legal in California. The original post WAS a business related communication. Did your mail pass through a sendmail agent that your company has audit control of. Your From line "co.uk" finds a big company with 30,000+ employees. And a connection to an ISP via a 192.168.0.3 host. Spoof city.. and serious policy context. This tells me that this task is mostly impossible and would only trap the silly or stupid.
