hey friends,
One of my friend's office they have sniffers for mail.I explain the scenario in their office there is no internet connection given to the programmers or developers whatever they have is their official mails.They can only receive and send mails through their official mail ids.Whatever they send and receive is passed through some sniffers or some filters programs if something related to the company is going out they fire that developer or programmer.
What i want to know what kind of programs they are using to filter those mails.I don't know much about their setup as my friend is a software developer and he has very less knowledge about the system administration part.
Can anybody tell me about those sniffers and programs for filter or checking the mail traffic.
I would like to have such kind of setup in my office.
You sure you want to do it? Unless it is clearly spelled out in employment agreement, you might be creating legal problems for yourself (depending on the jurisdiction you live in). I'd check with legal department before proceeding. If anything goes wrong and company gets sued, you'd better be able to point finger at your legal department, or they will surelly (and happily) point the finger to you (which could make you kind of unemployed rather quickly).
Said that, there are some specialized commercial packages that should do the job. Don't know the names, just know that they exist. Basically you set them up to look for catch phrases (for example, internal names of not-yet-published products, or some susspicious words). There's nothing "out-of-the-box" in open source world. There are some unspecialized programs that could be used to accomplish something like that, such as Snort (already mentioned in one of the replies you got). It is also trivial to write a filter (using Milter API) that will send a copy of all emails entering/leaving company to separate mailbox and/or save a copy of email onto disk, or do whatever you want with it. Check the documentation (distributed with Sendmail source which is available at www.sendmail.org).
You can't do a thing if the user is using encryption (S/MIME or PGP). The only thing they can do in that case is raise an alarm that the user was using encryption (which hardly can be a reason to fire the user, unless his/hers contract specifically prohibits the use of encryption). It's like you fired him because you saw him talking on his cell phone on the parking lot from your office window...
Also, you can't control what your users are doing from their personal accounts. If you have somebody who is leaking internal information and if he is smart, he sure isn't going to leak it using company's email address. He's going to do it from security of his/hers home. Of course, unless your company is hiring the cheapest possible developers. They usually don't have high enough IQ ;-)
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
