Hi there.
I have a concern with the quarantine functionality of EFA:
On one side I love it because it enables the addition of "Report this as spam" but on the other it poses a privacy-issue wherein I - as the local sysadmin - have the option to read all messages that comes through my servers.
Is there any way to achieve stamping of all incoming email with the "Report as"-link whilst keeping the content of the actual messages unavailable to sysadmins?
I do know about the audit function but if requested to provide proof that no emails have been read I feel that this log will not hold up.
A solution - at least in my mind - would be to introduce a choice to store the email for just the second it takes to stamp it, then deliver and leaving no trace of it on EFA. But - I am not fluent in these setups so I might be missing a bigger point.
Any inputs are welcome.
Thomas
Protect privacy
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Protect privacy
If I were attempting this, I would...
1) Create domain admins for your mail domain (not full admins).
2) Modify the code in detail.php starting on line 533 by removing most of the logic and restrict to admin only:
Change:
To this:
1) Create domain admins for your mail domain (not full admins).
2) Modify the code in detail.php starting on line 533 by removing most of the logic and restrict to admin only:
Change:
Code: Select all
if (
(
$item['dangerous'] === 'N' ||
$_SESSION['user_type'] === 'A' ||
(defined('DOMAINADMIN_CAN_SEE_DANGEROUS_CONTENTS') && true === DOMAINADMIN_CAN_SEE_DANGEROUS_CONTENTS && $_SESSION['user_type'] === 'D' && $item['dangerous'] === 'Y')
) && preg_match('!message/rfc822!', $item['type'])
Code: Select all
if (
$_SESSION['user_type'] === 'A'
&& preg_match('!message/rfc822!', $item['type'])
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Protect privacy
Good point indeed, thanks.shawniverson wrote: ↑16 Nov 2017 23:41 If I were attempting this, I would...
1) Create domain admins for your mail domain (not full admins).
2) Modify the code in detail.php starting on line 533 by removing most of the logic and restrict to admin only:
I would however like a possibility to block all admins - myself included - from reading any emails. There really is not need for us to be able to do this.
Re: Protect privacy
Further elaborating on this topic: would it be possible to encrypt the content in any way?
Re: Protect privacy
What are trying to gain from that? E-Mail in itself isn't encrypted and sending confidential information via non-encrypted e-mail is a failure right from the start. I think the appropriate way to handle these issues are policies and audits. Don't try to turn eFa into something is isn't meant to be and deal with your security concerns in other appropriate ways. You can do so much wrong, when ramping up the complexity of a setup.
In the end any admin can get to any information eventually, given enough determination as long as these messages are not encrypted clientside by S/MIME or PGP.
In the end any admin can get to any information eventually, given enough determination as long as these messages are not encrypted clientside by S/MIME or PGP.
Re: Protect privacy
What budy says.
As long as the message is not end-to-end encrypted, you cannot stop someone in the middle from reading the message.
That said, you can minimize the exposure by:
- restricting access to your efa appliance to only those who need it
- never store messages on the efa box (which does limit spam training/retraining)
- disable message viewing functionality in EFA so admins cannot browse messages.
- restrict root access to the EFA box, while keeping in mind that anyone with root access will always have full access to all the messages - unless you no longer store them (and even then, a root user can still capture the messages)
You'll need to strike a balance between security, convenience and trust.
I'd suggest that if you are having problems with trust and your admins, you have more serious problems to deal with.
As long as the message is not end-to-end encrypted, you cannot stop someone in the middle from reading the message.
That said, you can minimize the exposure by:
- restricting access to your efa appliance to only those who need it
- never store messages on the efa box (which does limit spam training/retraining)
- disable message viewing functionality in EFA so admins cannot browse messages.
- restrict root access to the EFA box, while keeping in mind that anyone with root access will always have full access to all the messages - unless you no longer store them (and even then, a root user can still capture the messages)
You'll need to strike a balance between security, convenience and trust.
I'd suggest that if you are having problems with trust and your admins, you have more serious problems to deal with.
Re: Protect privacy
Budy, I fully agree with your statements.
I do however think that discussing what a product can and cannot do is healthy and can lead to enhancing it if done properly.
True indeed.
Good point - and one that is often neglected or left out.
Thanks for replying guys and for pointing me down other avenues in terms of mitigating my security concerns. Highly appreciated.
//UlfThomas