Legal Intercept: Difference between revisions

mNo edit summary
No edit summary
 
(16 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{BC|Certified}}
__FORCETOC__
<div class="col-md-12 ibox-content">
=Legal Interception=
{{KB|{{ZC}}|{{ZCS 5.0}}||}}
{{WIP}}
==Purpose==
==Purpose==
Service Providers are increasingly under the legal obligation to capture any persistent state changes within a separate archive mailbox for legal intercept/discovery. For example, if a message is saved as a draft, and then deleted, this still needs to be recorded somehow in the archive mailbox as this mechanism could be used by multiple users to communicate (one writes a draft, the other reads and deletes) without necessarily having those communications ever make it into the archive mailbox.
Service Providers are increasingly under the legal obligation to capture any persistent state changes within a separate archive mailbox for legal intercept/discovery. For example, if a message is saved as a draft, and then deleted, this still needs to be recorded somehow in the archive mailbox as this mechanism could be used by multiple users to communicate (one writes a draft, the other reads and deletes) without necessarily having those communications ever make it into the archive mailbox.


* ''Legal Intercept'' - The ability to intercept user messages and send them to another mailbox.  
Legal Intercept is the ability to intercept user messages and send them to another mailbox. Once intercept is turned on, any time that the user sends a message, receives a message, or saves a draft, an intercept message is sent to the specified mailbox with the original message attached. This is different than forwarding, here a new message envelope is constructed to avoid the possibility of bounces returning to the original sender or monitored user.


* Once intercept is turned on, any time that the user sends a message, receives a message, or saves a draft, an intercept message is sent to the specified mailbox with the original message attached.  
'''''Note''': This feature is implemented in ZCS 5.0.3+ intended for recording web-client actions only. While it may log IMAP/ZCO outgoing actions if you 'save a copy to the sent folder' it does not include basic SMTP sends; please see the [http://www.zimbra.com/products/zimbra_archiving.html ZAD] add-on if you need guaranteed recording of actions outside of the ZWC.''


* This is different than forwarding, here a new message envelope is constructed to avoid the possibility of bounces returning to the original sender or monitored user.
==Command Usage==
The following CLI commands are for common Legal Intercept tasks.


(This feature is implemented in ZCS 5.0.3+)
To enable Legal Intercept:


==Command Usage==
zmprov ma accountToWatch@domain.com zimbraInterceptAddress sendReportTo@domain.com
To enable:
 
To check status of Legal Intercept:


  zmprov ma accountToWatch@domain.com zimbraInterceptAddress sendReportTo@domain.com
  zmprov ga accountToWatch@domain.com zimbraInterceptAddress


To check status:
To disable Legal Intercept:
zmprov ga accountToWatch@domain.com | grep zimbraInterceptAddress


To disable:
  zmprov ma accountToWatch@domain.com zimbraInterceptAddress <nowiki>''</nowiki>
  zmprov ma accountToWatch@domain.com zimbraInterceptAddress <nowiki>''</nowiki>
or
 
or,
 
  zmprov ma accountToWatch@domain.com -zimbraInterceptAddress sendReportTo@domain.com
  zmprov ma accountToWatch@domain.com -zimbraInterceptAddress sendReportTo@domain.com


==Intercept Values==
The following are Legal Intercept values.


==Intercept Values==
*'''zimbraInterceptAddress'''. Intercept messages are sent to this address. When empty, lawful intercept is turned off.


zimbraInterceptAddress: intercept messages are sent to this address. When empty, lawful intercept is turned off.  
*'''zimbraInterceptSendHeadersOnly'''. When TRUE, only the headers are sent, not the message body.  


zimbraInterceptSendHeadersOnly: when TRUE, only the headers are sent, not the message body.
For example, for headers only mode (no message body) you would set:


For headers only mode (no message body) you would set:
  zmprov ma accountToWatch@domain.com zimbraInterceptSendHeadersOnly TRUE
  zmprov ma accountToWatch@domain.com zimbraInterceptSendHeadersOnly TRUE


====Message Composition Templates====
====Message Composition Templates====


zimbraInterceptFrom: Template used to construct the From: header of the intercept message.  
*'''zimbraInterceptFrom'''. Template used to construct the '''From''' header of the intercept message.  


zimbraInterceptSubject: Template used to construct the Subject: header of the intercept message.  
*'''zimbraInterceptSubject'''. Template used to construct the '''Subject''' header of the intercept message.  


zimbraInterceptBody: Template used to construct the body of the intercept message.  
*'''zimbraInterceptBody'''. Template used to construct the body of the intercept message.  


The default format of the body of the intercept message is currently:  
The default format of the body of the intercept message is currently:  


  Intercepted message for [user@domain.com].  
  Intercepted message for [user@domain.com].  
  Operation=[add message], folder=[Inbox], folder ID=[2].
  Operation=[Action], folder=[Name], folder ID=[#].


=====Template Values=====
=====Template Values=====
Line 50: Line 59:
The following parameters can be passed to the from/subject/body templates:  
The following parameters can be passed to the from/subject/body templates:  


ACCOUNT_DOMAIN - Domain of the account being intercepted.  
*'''ACCOUNT_DOMAIN'''. Domain of the account being intercepted.  


ACCOUNT_ADDRESS - Address being intercepted.  
*'''ACCOUNT_ADDRESS'''. Address being intercepted.  


MESSAGE_SUBJECT - Subject of the message being intercepted.  
*'''MESSAGE_SUBJECT'''. Subject of the message being intercepted.  


OPERATION - Operation that the user is performing ("add message", "send message", "save draft")  
*'''OPERATION'''. Operation that the user is performing (E.g. add message, send message, save draft)  


FOLDER_NAME - Name of the folder to which the message was saved.  
*'''FOLDER_NAME'''. Name of the folder to which the message was saved.  


FOLDER_ID - ID of the folder to which the message was saved.  
*'''FOLDER_ID'''. ID of the folder to which the message was saved.  


NEWLINE - Used for formatting multi-line message bodies.
*'''NEWLINE'''. Used for formatting multi-line message bodies.


==Notes==
By design legal lntercept does not include mail sent via SMTP clients - please see [http://bugzilla.zimbra.com/show_bug.cgi?id=30232 Bug 30232]


==Notes==
In 5.0.3 there's some additional manual configuration needed [http://bugzilla.zimbra.com/show_bug.cgi?id=26471 Bug 26471 - intercept throws NPE] (solved in 5.0.5+)
In 5.0.3 there's some additional manual configuration needed [http://bugzilla.zimbra.com/show_bug.cgi?id=26471 Bug 26471 - intercept throws NPE] (solved in 5.0.5+)


(Workaround is to manually set all the 'zimbraIntercept' COS attributes else you will get an error in the Web-UI.)
(Workaround is to manually set all the '''zimbraIntercept''' COS attributes else you will get an error in the Web-UI.)
For example,
 
For example,
 
  zmprov mc default zimbraInterceptSendHeadersOnly FALSE
  zmprov mc default zimbraInterceptSendHeadersOnly FALSE
  zmprov mc default zimbraInterceptFrom "Postmaster <postmaster@\${ACCOUNT_DOMAIN}>"
  zmprov mc default zimbraInterceptFrom "Postmaster <postmaster@\${ACCOUNT_DOMAIN}>"
Line 75: Line 87:
  zmprov mc default zimbraInterceptBody "Intercepted message for \${ACCOUNT_ADDRESS}.\${NEWLINE}Operation=\${OPERATION}, folder=\${FOLDER_NAME}, folder ID=\${FOLDER_ID}."
  zmprov mc default zimbraInterceptBody "Intercepted message for \${ACCOUNT_ADDRESS}.\${NEWLINE}Operation=\${OPERATION}, folder=\${FOLDER_NAME}, folder ID=\${FOLDER_ID}."


Also the under construction: [http://bugzilla.zimbra.com/show_bug.cgi?id=21761 Bug 21761 - Legal intercept support: IM] (real-time reporting vs periodic method of save in chats folder etc)
Bugs/Rfe's:  
*[http://bugzilla.zimbra.com/show_bug.cgi?id=21761 Bug 21761 - Legal intercept support: IM] (real-time reporting vs periodic method of save in chats folder etc)
 
*[http://bugzilla.zimbra.com/show_bug.cgi?id=30232 Bug 30232 - Legal Intercept doesn't work for sent emails if you use IMAP/POP3/SMTP] < Not Targeted.
While legal intercept may log IMAP/ZCO outgoing actions if you 'save a copy to the sent folder' it does not include basic SMTP sends.
Please see the [http://www.zimbra.com/products/zimbra_archiving.html Zimbra Archiving & Discovery add-on] which does envelope forking & includes cross-mailbox search.
 
<span id="_allowing_a_domain_or_delegated_administrator_to_use_legal_intercept"></span>
= Allowing a domain or delegated administrator to use Legal Intercept =
 
The below blogs describe how you can create a delegated or domain administrator to delegate administrative tasks.


See also [http://www.zimbra.com/products/zimbra_archiving.html Zimbra Archiving & Discovery add-on] which does envelope forking & included cross-mailbox search.
* https://blog.zimbra.com/2021/11/zimbra-skillz-create-zimbra-delegated-administrators/
* https://blog.zimbra.com/2023/05/discover-zimbra-10s-new-delegated-admin-wizard/
 
In you want the enable the delegated administrator to configure Legal Intercept from the Admin Console UI you can add the rights via the command line as the user <code>zimbra</code> as follows:
 
<pre>zmprov grr domain example.com usr delegated-admin@example.com set.account.zimbraInterceptAddress
zmprov grr domain example.com usr delegated-admin@example.com set.account.zimbraInterceptSendHeadersOnly</pre>
Replace <code>example.com</code> and <code>delegated-admin</code> with your actual domain and account.
 
For more details on using Legal Intercept via the Admin Console UI see; https://blog.zimbra.com/2022/07/zimbra-skillz-legal-intercept-on-zimbra/


{{Article Footer|ZCS 5.0.3+|4/11/2008}}
{{Article Footer|ZCS 5.0.3+|4/11/2008}}


[[Category:Command Line Interface]]
[[Category:Command Line Interface]]
[[Category:Configuration]]
[[Category:Configuration]]
[[Category:ZCS 5.0]]

Latest revision as of 10:45, 28 April 2023

Legal Interception

   KB 2418        Last updated on 2023-04-28  




0.00
(0 votes)

Purpose

Service Providers are increasingly under the legal obligation to capture any persistent state changes within a separate archive mailbox for legal intercept/discovery. For example, if a message is saved as a draft, and then deleted, this still needs to be recorded somehow in the archive mailbox as this mechanism could be used by multiple users to communicate (one writes a draft, the other reads and deletes) without necessarily having those communications ever make it into the archive mailbox.

Legal Intercept is the ability to intercept user messages and send them to another mailbox. Once intercept is turned on, any time that the user sends a message, receives a message, or saves a draft, an intercept message is sent to the specified mailbox with the original message attached. This is different than forwarding, here a new message envelope is constructed to avoid the possibility of bounces returning to the original sender or monitored user.

Note: This feature is implemented in ZCS 5.0.3+ intended for recording web-client actions only. While it may log IMAP/ZCO outgoing actions if you 'save a copy to the sent folder' it does not include basic SMTP sends; please see the ZAD add-on if you need guaranteed recording of actions outside of the ZWC.

Command Usage

The following CLI commands are for common Legal Intercept tasks.

To enable Legal Intercept:

zmprov ma accountToWatch@domain.com zimbraInterceptAddress sendReportTo@domain.com

To check status of Legal Intercept:

zmprov ga accountToWatch@domain.com zimbraInterceptAddress

To disable Legal Intercept:

zmprov ma accountToWatch@domain.com zimbraInterceptAddress ''

or,

zmprov ma accountToWatch@domain.com -zimbraInterceptAddress sendReportTo@domain.com

Intercept Values

The following are Legal Intercept values.

  • zimbraInterceptAddress. Intercept messages are sent to this address. When empty, lawful intercept is turned off.
  • zimbraInterceptSendHeadersOnly. When TRUE, only the headers are sent, not the message body.

For example, for headers only mode (no message body) you would set:

zmprov ma accountToWatch@domain.com zimbraInterceptSendHeadersOnly TRUE

Message Composition Templates

  • zimbraInterceptFrom. Template used to construct the From header of the intercept message.
  • zimbraInterceptSubject. Template used to construct the Subject header of the intercept message.
  • zimbraInterceptBody. Template used to construct the body of the intercept message.

The default format of the body of the intercept message is currently:

Intercepted message for [user@domain.com]. 
Operation=[Action], folder=[Name], folder ID=[#].
Template Values

The following parameters can be passed to the from/subject/body templates:

  • ACCOUNT_DOMAIN. Domain of the account being intercepted.
  • ACCOUNT_ADDRESS. Address being intercepted.
  • MESSAGE_SUBJECT. Subject of the message being intercepted.
  • OPERATION. Operation that the user is performing (E.g. add message, send message, save draft)
  • FOLDER_NAME. Name of the folder to which the message was saved.
  • FOLDER_ID. ID of the folder to which the message was saved.
  • NEWLINE. Used for formatting multi-line message bodies.

Notes

By design legal lntercept does not include mail sent via SMTP clients - please see Bug 30232

In 5.0.3 there's some additional manual configuration needed Bug 26471 - intercept throws NPE (solved in 5.0.5+)

(Workaround is to manually set all the zimbraIntercept COS attributes else you will get an error in the Web-UI.)

For example,

zmprov mc default zimbraInterceptSendHeadersOnly FALSE
zmprov mc default zimbraInterceptFrom "Postmaster <postmaster@\${ACCOUNT_DOMAIN}>"
zmprov mc default zimbraInterceptSubject "Intercepted message for \${ACCOUNT_ADDRESS}: \${MESSAGE_SUBJECT}"
zmprov mc default zimbraInterceptBody "Intercepted message for \${ACCOUNT_ADDRESS}.\${NEWLINE}Operation=\${OPERATION}, folder=\${FOLDER_NAME}, folder ID=\${FOLDER_ID}."

Bugs/Rfe's:

While legal intercept may log IMAP/ZCO outgoing actions if you 'save a copy to the sent folder' it does not include basic SMTP sends. Please see the Zimbra Archiving & Discovery add-on which does envelope forking & includes cross-mailbox search.

Allowing a domain or delegated administrator to use Legal Intercept

The below blogs describe how you can create a delegated or domain administrator to delegate administrative tasks.

In you want the enable the delegated administrator to configure Legal Intercept from the Admin Console UI you can add the rights via the command line as the user zimbra as follows:

zmprov grr domain example.com usr delegated-admin@example.com set.account.zimbraInterceptAddress
zmprov grr domain example.com usr delegated-admin@example.com set.account.zimbraInterceptSendHeadersOnly

Replace example.com and delegated-admin with your actual domain and account.

For more details on using Legal Intercept via the Admin Console UI see; https://blog.zimbra.com/2022/07/zimbra-skillz-legal-intercept-on-zimbra/

Verified Against: ZCS 5.0.3+ Date Created: 4/11/2008
Article ID: https://wiki.zimbra.com/index.php?title=Legal_Intercept Date Modified: 2023-04-28



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search