4

My employer requires all email correspondence in the organization to be indexed, for regulatory compliance reasons. Our mail server is not managed by us, and does not have this feature. Each workstation has its own email software. Aside from looking for a new mail provider, how should I index emails in a mostly realtime fashion?

bistromath
  • 89
  • 1
  • 7
  • In addition to archiving your email you should probably also prevent people from circumventing that, both in policy and with active measures such as by blocking webmail providers and the default mail ports. Scandals in the White House such as https://en.wikipedia.org/wiki/Bush_White_House_email_controversy and https://en.wikipedia.org/wiki/Hillary_Clinton_email_controversy can happen in your regulated industry too. – HBruijn Jun 20 '16 at 15:51
  • Does your mailserver support journaling? Our organization recently started using Smarsh for this sort of thing, but requires us to journal over. – Thebluefish Jun 20 '16 at 21:10

3 Answers3

11

Honestly, indexing data of any sort from multiple places in multiple formats is a recipe for disaster. You would be better off setting up your own internal email server, switching to a provider that offers indexing features, or adding a proxy-email server are pretty much your best options. All three of those suggestions come with their own pros and cons.

If this is legitimately a business requirement... your boss will pay for it. If you have a small IT department... let someone else to the work for you. (read as "let office365, google, or other similar company be your email provider") Trying to do this yourself without a dedicated person for that task will just end up making you look like you don't know what you're doing... and will probably get you fired at some point.

TheCompWiz
  • 7,349
  • 16
  • 23
2

I think you may be looking for a service or appliance such as the Barracuda Message Archiver. I use the appliance version and it indexes all mail as it is sent / received.

notandy
  • 564
  • 1
  • 5
  • 19
  • Assuming that your email provider will work with you on getting it setup. – notandy Jun 20 '16 at 15:47
  • Barracuda Networks also offers Barracuda Essentials for Office 365 which includes Email Security Service and Message Archiver. The Barracuda Essentials for Office 365 products are cloud based so you don't need to worry about installing an appliance. You log into the cloud and configure the message archiver for your domain. You will need access to your zone file but it is straightforward. – user5870571 Jun 20 '16 at 15:48
  • 1
    ...if the original-poster was using office365... which does do indexing... he wouldn't be here. So, no... barracuda essentials for office 365 is a not really a well-though-out suggestion. – TheCompWiz Jun 20 '16 at 15:55
-2

The simplest, rawest way to do it would be to tap your organization's internet gateway, listening for connections to the mail server and perform packet capture on all emails going inbound and out. Store the captured packets in some sort of noSQL db.

There are some open-source project that can do this (Moloch comes to mind) but you might have to get a bit creative if the mail server uses SSL.

Ivan
  • 198
  • 1
  • 8
  • Any haters care to explain the downvotes? We do this successfully in our organization for the same reasons. – Ivan Jun 20 '16 at 20:54
  • 2
    "A bit creative" is an understatement. You need to find a flaw in the underlying algorithm, which, if I recall correctly, has been proven secure. Good luck with that. – Nic Jun 21 '16 at 00:02
  • Ah, right. I took for granted the fact that we already MITM all traffic by virtue of an intermediary proxy for which we own the certificates. – Ivan Jun 21 '16 at 01:10
  • Oh, yeah, if you can install your own trusted CA then it's no problem. The trouble comes when people don't use computers they own – Nic Jun 21 '16 at 01:16