[Snort-sigs] capture email

Ricardo Londono rlondono at ...1999...
Tue Nov 4 06:00:08 EST 2003

The legal question is not a problem.  But after thinking about this and reading the various responses I have to agree that snort is not the right tool.

I will look at doing this at the MTA level or Mail Server level.

thanks for all responses!


>>> Brian Howard <drivah at ...1821...> 11/4/2003 1:55:37 AM >>>
Snort is really not the appropriate tool for the job of email monitoring.
Before you even head down this road you need to get really good legal
opinion from school district legal dept. on privacy rights and various
federal and depending on your state laws that might apply.

Ricardo Londono wrote:

> I saw the following question in the archives and was wondering if this is possible?  I work for a school  district and we have a student sending threats via email to a teacher.  The student is using web-based email...
> ***************************************************************
> EMAIL FROM James...
> "Wouldn't it be nice to be able to capture an _entire SMTP session_ based on
> a key word embedded somewhere in the SMTP message?  This could easily be
> used to look for messages with a specific email address on them, with a
> specific key word inside them, etc.
> Anyone want to write an SMTP protocol handler?"
> ***************************************************************
> I'm interested in capturing email from a specific email.
> thanks for any help.
> Ricardo Londoño
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it
> help you create better code?   SHARE THE LOVE, and help us help
> YOU!  Click Here: http://sourceforge.net/donate/ 
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net 
> https://lists.sourceforge.net/lists/listinfo/snort-sigs 

More information about the Snort-sigs mailing list