I've just been made aware of a situation where the kids on the help desk can read everyone's emails when they pass thru an eFa gateway. I think they do this by clicking on the "Path to message" link in the GUI.
My question here is, can this be stopped? Should eFa even store HAM messages that are successfully relayed to company mailservers at all?
Reading other peoples mails?
Re: Reading other peoples mails?
That is correct. Admins can read email that has been saved in the system.
There are several possible solutions:
1/ don't net untrustworthy people manage your mail gateway or have admin access to your mail gateway
2/ change the code to disable the view message functionality in the gui. See here for an example of how to do this: viewtopic.php?t=2749
I think this would make a good feature request for new MailScanner versions
As for whether efa should store HAM - that entirely depends on the administrators of the system. I store the HAM, because some ham is spam, and I want to train the system when it doesn't get it right.
Another advantage is a "poor man's backup". Should there ever be an issue in my real mail server, I have access to the last 30 days of mail that I could potentially resend to my user/users should I need to.
Anyway, if those kids are untrustworthy, disable the mail viewing functionality, but keep in mind it will be reenabled when eFa updates because the changed files will be overwritten.
Let us know what you decide to do.
There are several possible solutions:
1/ don't net untrustworthy people manage your mail gateway or have admin access to your mail gateway
2/ change the code to disable the view message functionality in the gui. See here for an example of how to do this: viewtopic.php?t=2749
I think this would make a good feature request for new MailScanner versions
As for whether efa should store HAM - that entirely depends on the administrators of the system. I store the HAM, because some ham is spam, and I want to train the system when it doesn't get it right.
Another advantage is a "poor man's backup". Should there ever be an issue in my real mail server, I have access to the last 30 days of mail that I could potentially resend to my user/users should I need to.
Anyway, if those kids are untrustworthy, disable the mail viewing functionality, but keep in mind it will be reenabled when eFa updates because the changed files will be overwritten.
Let us know what you decide to do.
Re: Reading other peoples mails?
Thanks for responding.
I have a similar setup as described in that thread you referenced. Except there was no security breach. Here when people want attachments/emails released from the queue they open a ticket. This ticket gets routed to the helpdesk and they evaluate why it's not allowed and take action accordingly.
I think granting everybody access to eFa to release their own mails is not a very wise idea as to many people wont care why it was stopped to begin with.
Properly trained helpdesk staff is another matter.
Usually I do trust the helpdesk staff but having this ability could be very tempting for some to abuse.
I will change the code and disable the link. I will flag the anacron "Updates applied" emails from my eFa boxes so I can make sure this feature does not get reactivated.
One last thing. Can I stop eFa from storing HAM completely?
I have a similar setup as described in that thread you referenced. Except there was no security breach. Here when people want attachments/emails released from the queue they open a ticket. This ticket gets routed to the helpdesk and they evaluate why it's not allowed and take action accordingly.
I think granting everybody access to eFa to release their own mails is not a very wise idea as to many people wont care why it was stopped to begin with.
Properly trained helpdesk staff is another matter.
Usually I do trust the helpdesk staff but having this ability could be very tempting for some to abuse.
I will change the code and disable the link. I will flag the anacron "Updates applied" emails from my eFa boxes so I can make sure this feature does not get reactivated.
One last thing. Can I stop eFa from storing HAM completely?
Re: Reading other peoples mails?
Yes, I see where you are coming from.
> One last thing. Can I stop eFa from storing HAM completely?
Absolutely! In your mailscanner configuration file, search for the following entry:
In my system, I set it to "store deliver header "X-Spam-Status:No"" which means store a copy of the message, deliver the message, and set an X header that the email client can use for filtering. Remove "store" if you don't want to save the message.
You may also want to look at the following as well
The mailscanner configuration file is really well documented, and tells you all the settings you can use with those options.
> One last thing. Can I stop eFa from storing HAM completely?
Absolutely! In your mailscanner configuration file, search for the following entry:
Code: Select all
Non Spam Actions =
You may also want to look at the following as well
Code: Select all
Spam Actions =
High Scoring Spam Actions =