Legal Intercept: Difference between revisions
m (Protected "Legal Intercept" [edit=sysop:move=sysop]) |
(the extra configuration is...) |
||
Line 1: | Line 1: | ||
{{ZC}} | {{ZC}} | ||
==Purpose== | |||
Service Providers are increasingly under the legal obligation to capture any persistent state changes within a separate archive mailbox for legal intercept/discovery. For example, if a message is saved as a draft, and then deleted, this still needs to be recorded somehow in the archive mailbox as this mechanism could be used by multiple users to communicate (one writes a draft, the other reads and deletes) without necessarily having those communications ever make it into the archive mailbox. | Service Providers are increasingly under the legal obligation to capture any persistent state changes within a separate archive mailbox for legal intercept/discovery. For example, if a message is saved as a draft, and then deleted, this still needs to be recorded somehow in the archive mailbox as this mechanism could be used by multiple users to communicate (one writes a draft, the other reads and deletes) without necessarily having those communications ever make it into the archive mailbox. | ||
* ''Legal Intercept'' - The ability to intercept user messages and send them to another mailbox. | |||
Once intercept is turned on, any time that the user sends a message, receives a message, or saves a draft, an intercept message is sent to the specified mailbox with the original message attached. | * Once intercept is turned on, any time that the user sends a message, receives a message, or saves a draft, an intercept message is sent to the specified mailbox with the original message attached. | ||
* This is different than forwarding, here a new message envelope is constructed to avoid the possibility of bounces returning to the original sender or monitored user. | |||
'''The following applies to the Network Edition of ZCS 5.0.3+''' | |||
==Command Usage== | |||
== | |||
To enable: | To enable: | ||
zmprov ma accountToWatch@domain.com zimbraInterceptAccount sendReportTo@domain.com | zmprov ma accountToWatch@domain.com zimbraInterceptAccount sendReportTo@domain.com | ||
To check status: | |||
zmprov ga accountToWatch@domain.com | grep zimbraInterceptAccount | |||
To disable: | |||
zmprov ma accountToWatch@domain.com | zmprov ma accountToWatch@domain.com zimbraInterceptAccount <nowiki>''</nowiki> | ||
or | |||
zmprov ma accountToWatch@domain.com -zimbraInterceptAccount sendReportTo@domain.com | |||
==Intercept Values== | |||
zimbraInterceptAddress: intercept messages are sent to this address. When empty, lawful intercept is turned off. | zimbraInterceptAddress: intercept messages are sent to this address. When empty, lawful intercept is turned off. | ||
Line 32: | Line 33: | ||
zimbraInterceptSendHeadersOnly: when TRUE, only the headers are sent, not the message body. | zimbraInterceptSendHeadersOnly: when TRUE, only the headers are sent, not the message body. | ||
====Message Composition | For headers only mode (no message body) you would set: | ||
zmprov ma accountToWatch@domain.com zimbraInterceptSendHeadersOnly TRUE | |||
====Message Composition Templates==== | |||
zimbraInterceptFrom: Template used to construct the From: header of the intercept message. | zimbraInterceptFrom: Template used to construct the From: header of the intercept message. | ||
Line 40: | Line 44: | ||
zimbraInterceptBody: Template used to construct the body of the intercept message. | zimbraInterceptBody: Template used to construct the body of the intercept message. | ||
The default format of the intercept message is currently: | |||
Intercepted message for user@domain.com. Operation=add message, folder=Name, folder ID=#. | |||
=====Template Values===== | |||
The following parameters can be passed to the from/subject/body templates: | The following parameters can be passed to the from/subject/body templates: | ||
Line 54: | Line 63: | ||
FOLDER_ID - ID of the folder to which the message was saved. | FOLDER_ID - ID of the folder to which the message was saved. | ||
NEWLINE - Used for formatting multi-line message bodies. | NEWLINE - Used for formatting multi-line message bodies. | ||
Also the under construction: Bug 21761 - Legal intercept support: IM (real-time vs periodic method of save in chats folder etc) | ==Notes== | ||
In 5.0.3 there's some additional manual configuration needed [http://bugzilla.zimbra.com/show_bug.cgi?id=26471 Bug 26471 - intercept throws NPE] (solved in 5.0.5+) | |||
(Manually set all the 'zimbraInterceptValues' else you will get an error in the Web-UI.) | |||
Also the under construction: [http://bugzilla.zimbra.com/show_bug.cgi?id=21761 Bug 21761 - Legal intercept support: IM] (real-time reporting vs periodic method of save in chats folder etc) | |||
See also [http://www.zimbra.com/products/zimbra_archiving.html Zimbra Archiving & Discovery add-on] which does envelope forking & included cross-mailbox search. |
Revision as of 00:31, 12 April 2008
Purpose
Service Providers are increasingly under the legal obligation to capture any persistent state changes within a separate archive mailbox for legal intercept/discovery. For example, if a message is saved as a draft, and then deleted, this still needs to be recorded somehow in the archive mailbox as this mechanism could be used by multiple users to communicate (one writes a draft, the other reads and deletes) without necessarily having those communications ever make it into the archive mailbox.
- Legal Intercept - The ability to intercept user messages and send them to another mailbox.
- Once intercept is turned on, any time that the user sends a message, receives a message, or saves a draft, an intercept message is sent to the specified mailbox with the original message attached.
- This is different than forwarding, here a new message envelope is constructed to avoid the possibility of bounces returning to the original sender or monitored user.
The following applies to the Network Edition of ZCS 5.0.3+
Command Usage
To enable:
zmprov ma accountToWatch@domain.com zimbraInterceptAccount sendReportTo@domain.com
To check status:
zmprov ga accountToWatch@domain.com | grep zimbraInterceptAccount
To disable:
zmprov ma accountToWatch@domain.com zimbraInterceptAccount ''
or
zmprov ma accountToWatch@domain.com -zimbraInterceptAccount sendReportTo@domain.com
Intercept Values
zimbraInterceptAddress: intercept messages are sent to this address. When empty, lawful intercept is turned off.
zimbraInterceptSendHeadersOnly: when TRUE, only the headers are sent, not the message body.
For headers only mode (no message body) you would set:
zmprov ma accountToWatch@domain.com zimbraInterceptSendHeadersOnly TRUE
Message Composition Templates
zimbraInterceptFrom: Template used to construct the From: header of the intercept message.
zimbraInterceptSubject: Template used to construct the Subject: header of the intercept message.
zimbraInterceptBody: Template used to construct the body of the intercept message.
The default format of the intercept message is currently:
Intercepted message for user@domain.com. Operation=add message, folder=Name, folder ID=#.
Template Values
The following parameters can be passed to the from/subject/body templates:
ACCOUNT_DOMAIN - Domain of the account being intercepted.
ACCOUNT_ADDRESS - Address being intercepted.
MESSAGE_SUBJECT - Subject of the message being intercepted.
OPERATION - Operation that the user is performing ("add message", "send message", "save draft")
FOLDER_NAME - Name of the folder to which the message was saved.
FOLDER_ID - ID of the folder to which the message was saved.
NEWLINE - Used for formatting multi-line message bodies.
Notes
In 5.0.3 there's some additional manual configuration needed Bug 26471 - intercept throws NPE (solved in 5.0.5+)
(Manually set all the 'zimbraInterceptValues' else you will get an error in the Web-UI.)
Also the under construction: Bug 21761 - Legal intercept support: IM (real-time reporting vs periodic method of save in chats folder etc)
See also Zimbra Archiving & Discovery add-on which does envelope forking & included cross-mailbox search.