The following applies to the Network Edition of ZCS 5.0.3+
Service Providers are increasingly under the legal obligation to capture any persistent state changes within a separate archive mailbox for legal intercept/discovery. For example, if a message is saved as a draft, and then deleted, this still needs to be recorded somehow in the archive mailbox as this mechanism could be used by multiple users to communicate (one writes a draft, the other reads and deletes) without necessarily having those communications ever make it into the archive mailbox.
Legal Intercept - The ability to intercept user messages and send them to another mailbox.
Once intercept is turned on, any time that the user sends a message, receives a message, or saves a draft, an intercept message is sent to the specified mailbox with the original message attached.
The default format of the intercept message is currently:
Intercepted message for email@example.com. Operation=add message, folder=Name, folder ID=#.
zmprov ma accountToWatch@domain.com zimbraInterceptAccount sendReportTo@domain.com
For headers only mode (no message body) set:
zmprov ma accountToWatch@domain.com zimbraInterceptSendHeadersOnly TRUE
zimbraInterceptAddress: intercept messages are sent to this address. When empty, lawful intercept is turned off.
zimbraInterceptSendHeadersOnly: when TRUE, only the headers are sent, not the message body.
Message Composition Values
zimbraInterceptFrom: Template used to construct the From: header of the intercept message.
zimbraInterceptSubject: Template used to construct the Subject: header of the intercept message.
zimbraInterceptBody: Template used to construct the body of the intercept message.
The following parameters can be passed to the from/subject/body templates:
ACCOUNT_DOMAIN - Domain of the account being intercepted.
ACCOUNT_ADDRESS - Address being intercepted.
MESSAGE_SUBJECT - Subject of the message being intercepted.
OPERATION - Operation that the user is performing ("add message", "send message", "save draft")
FOLDER_NAME - Name of the folder to which the message was saved.
FOLDER_ID - ID of the folder to which the message was saved. NEWLINE - Used for formatting multi-line message bodies.
There's some additional (but easy) manual configuration needed until we fix Bug 26471 - intercept throws NPE (solved for 5.0.5)
Also the under construction: Bug 21761 - Legal intercept support: IM (real-time vs periodic method of save in chats folder etc)