Difference between revisions of "Legal Intercept"

m (Protected "Legal Intercept" [edit=sysop:move=sysop])
(the extra configuration is...)
Line 1: Line 1:
 
{{ZC}}
 
{{ZC}}
===Purpose===
 
The following applies to the Network Edition of ZCS 5.0.3+
 
  
 +
==Purpose==
 
Service Providers are increasingly under the legal obligation to capture any persistent state changes within a separate archive mailbox for legal intercept/discovery. For example, if a message is saved as a draft, and then deleted, this still needs to be recorded somehow in the archive mailbox as this mechanism could be used by multiple users to communicate (one writes a draft, the other reads and deletes) without necessarily having those communications ever make it into the archive mailbox.
 
Service Providers are increasingly under the legal obligation to capture any persistent state changes within a separate archive mailbox for legal intercept/discovery. For example, if a message is saved as a draft, and then deleted, this still needs to be recorded somehow in the archive mailbox as this mechanism could be used by multiple users to communicate (one writes a draft, the other reads and deletes) without necessarily having those communications ever make it into the archive mailbox.
  
'''Legal Intercept''' - The ability to intercept user messages and send them to another mailbox.  
+
* ''Legal Intercept'' - The ability to intercept user messages and send them to another mailbox.  
  
Once intercept is turned on, any time that the user sends a message, receives a message, or saves a draft, an intercept message is sent to the specified mailbox with the original message attached.  
+
* Once intercept is turned on, any time that the user sends a message, receives a message, or saves a draft, an intercept message is sent to the specified mailbox with the original message attached.
 +
 
 +
* This is different than forwarding, here a new message envelope is constructed to avoid the possibility of bounces returning to the original sender or monitored user.
  
The default format of the intercept message is currently:
 
  
Intercepted message for user@domain.com. Operation=add message, folder=Name, folder ID=#.
+
'''The following applies to the Network Edition of ZCS 5.0.3+'''
  
----
+
==Command Usage==
===Enabeling===
 
 
To enable:
 
To enable:
  
 
  zmprov ma accountToWatch@domain.com zimbraInterceptAccount sendReportTo@domain.com
 
  zmprov ma accountToWatch@domain.com zimbraInterceptAccount sendReportTo@domain.com
  
 +
To check status:
 +
zmprov ga accountToWatch@domain.com | grep zimbraInterceptAccount
  
For headers only mode (no message body) set:
+
To disable:
  zmprov ma accountToWatch@domain.com zimbraInterceptSendHeadersOnly TRUE
+
  zmprov ma accountToWatch@domain.com zimbraInterceptAccount <nowiki>''</nowiki>
 
+
or
 +
zmprov ma accountToWatch@domain.com -zimbraInterceptAccount sendReportTo@domain.com
  
----
 
  
===Intercept Values===
+
==Intercept Values==
  
 
zimbraInterceptAddress: intercept messages are sent to this address. When empty, lawful intercept is turned off.  
 
zimbraInterceptAddress: intercept messages are sent to this address. When empty, lawful intercept is turned off.  
Line 32: Line 33:
 
zimbraInterceptSendHeadersOnly: when TRUE, only the headers are sent, not the message body.  
 
zimbraInterceptSendHeadersOnly: when TRUE, only the headers are sent, not the message body.  
  
====Message Composition Values====
+
For headers only mode (no message body) you would set:
 +
zmprov ma accountToWatch@domain.com zimbraInterceptSendHeadersOnly TRUE
 +
 
 +
====Message Composition Templates====
  
 
zimbraInterceptFrom: Template used to construct the From: header of the intercept message.  
 
zimbraInterceptFrom: Template used to construct the From: header of the intercept message.  
Line 40: Line 44:
 
zimbraInterceptBody: Template used to construct the body of the intercept message.  
 
zimbraInterceptBody: Template used to construct the body of the intercept message.  
  
 +
The default format of the intercept message is currently:
 +
 +
Intercepted message for user@domain.com. Operation=add message, folder=Name, folder ID=#.
 +
 +
=====Template Values=====
  
 
The following parameters can be passed to the from/subject/body templates:  
 
The following parameters can be passed to the from/subject/body templates:  
Line 54: Line 63:
  
 
FOLDER_ID - ID of the folder to which the message was saved.  
 
FOLDER_ID - ID of the folder to which the message was saved.  
 +
 
NEWLINE - Used for formatting multi-line message bodies.
 
NEWLINE - Used for formatting multi-line message bodies.
  
----
 
===Notes===
 
There's some additional (but easy) manual configuration needed until we fix Bug 26471 - intercept throws NPE (solved for 5.0.5)
 
  
Also the under construction: Bug 21761 - Legal intercept support: IM (real-time vs periodic method of save in chats folder etc)
+
==Notes==
 +
In 5.0.3 there's some additional manual configuration needed [http://bugzilla.zimbra.com/show_bug.cgi?id=26471 Bug 26471 - intercept throws NPE] (solved in 5.0.5+)
 +
 
 +
(Manually set all the 'zimbraInterceptValues' else you will get an error in the Web-UI.)
 +
 
 +
Also the under construction: [http://bugzilla.zimbra.com/show_bug.cgi?id=21761 Bug 21761 - Legal intercept support: IM] (real-time reporting vs periodic method of save in chats folder etc)
 +
 
 +
See also [http://www.zimbra.com/products/zimbra_archiving.html Zimbra Archiving & Discovery add-on] which does envelope forking & included cross-mailbox search.

Revision as of 00:31, 12 April 2008


Purpose

Service Providers are increasingly under the legal obligation to capture any persistent state changes within a separate archive mailbox for legal intercept/discovery. For example, if a message is saved as a draft, and then deleted, this still needs to be recorded somehow in the archive mailbox as this mechanism could be used by multiple users to communicate (one writes a draft, the other reads and deletes) without necessarily having those communications ever make it into the archive mailbox.

  • Legal Intercept - The ability to intercept user messages and send them to another mailbox.
  • Once intercept is turned on, any time that the user sends a message, receives a message, or saves a draft, an intercept message is sent to the specified mailbox with the original message attached.
  • This is different than forwarding, here a new message envelope is constructed to avoid the possibility of bounces returning to the original sender or monitored user.


The following applies to the Network Edition of ZCS 5.0.3+

Command Usage

To enable:

zmprov ma accountToWatch@domain.com zimbraInterceptAccount sendReportTo@domain.com

To check status:

zmprov ga accountToWatch@domain.com | grep zimbraInterceptAccount

To disable:

zmprov ma accountToWatch@domain.com zimbraInterceptAccount ''

or

zmprov ma accountToWatch@domain.com -zimbraInterceptAccount sendReportTo@domain.com


Intercept Values

zimbraInterceptAddress: intercept messages are sent to this address. When empty, lawful intercept is turned off.

zimbraInterceptSendHeadersOnly: when TRUE, only the headers are sent, not the message body.

For headers only mode (no message body) you would set:

zmprov ma accountToWatch@domain.com zimbraInterceptSendHeadersOnly TRUE

Message Composition Templates

zimbraInterceptFrom: Template used to construct the From: header of the intercept message.

zimbraInterceptSubject: Template used to construct the Subject: header of the intercept message.

zimbraInterceptBody: Template used to construct the body of the intercept message.

The default format of the intercept message is currently:

Intercepted message for user@domain.com. Operation=add message, folder=Name, folder ID=#.
Template Values

The following parameters can be passed to the from/subject/body templates:

ACCOUNT_DOMAIN - Domain of the account being intercepted.

ACCOUNT_ADDRESS - Address being intercepted.

MESSAGE_SUBJECT - Subject of the message being intercepted.

OPERATION - Operation that the user is performing ("add message", "send message", "save draft")

FOLDER_NAME - Name of the folder to which the message was saved.

FOLDER_ID - ID of the folder to which the message was saved.

NEWLINE - Used for formatting multi-line message bodies.


Notes

In 5.0.3 there's some additional manual configuration needed Bug 26471 - intercept throws NPE (solved in 5.0.5+)

(Manually set all the 'zimbraInterceptValues' else you will get an error in the Web-UI.)

Also the under construction: Bug 21761 - Legal intercept support: IM (real-time reporting vs periodic method of save in chats folder etc)

See also Zimbra Archiving & Discovery add-on which does envelope forking & included cross-mailbox search.

Jump to: navigation, search