[Snort-sigs] capture email

Ricardo Londono rlondono at ...1999...
Tue Nov 4 07:01:14 EST 2003


I run Postfix.  I looked at ProcMail but I can't seem to find any info when running PostFix as MTA or Relay...  I don't perform any local delivery at all.  Mail gets forward to GroupWise server.

Ricardo


>>> Robert Wagner <rwagner at ...447...> 11/4/2003 8:26:33 AM >>>
Look at sendmail milter.  Create a milter rule the routes messages based on
keywords.

-----Original Message-----
From: Ricardo Londono [mailto:rlondono at ...1999...] 
Sent: Tuesday, November 04, 2003 7:59 AM
To: snort-sigs at lists.sourceforge.net 
Subject: Re: [Snort-sigs] capture email


The legal question is not a problem.  But after thinking about this and
reading the various responses I have to agree that snort is not the right
tool.

I will look at doing this at the MTA level or Mail Server level.

thanks for all responses!

Ricardo


>>> Brian Howard <drivah at ...1821...> 11/4/2003 1:55:37 AM >>>
Snort is really not the appropriate tool for the job of email monitoring.
Before you even head down this road you need to get really good legal
opinion from school district legal dept. on privacy rights and various
federal and depending on your state laws that might apply.

Ricardo Londono wrote:

> I saw the following question in the archives and was wondering if this is
possible?  I work for a school  district and we have a student sending
threats via email to a teacher.  The student is using web-based email...
>
> ***************************************************************
> EMAIL FROM James...
> "Wouldn't it be nice to be able to capture an _entire SMTP session_ based
on
> a key word embedded somewhere in the SMTP message?  This could easily be
> used to look for messages with a specific email address on them, with a
> specific key word inside them, etc.
>
> Anyone want to write an SMTP protocol handler?"
> ***************************************************************
>
> I'm interested in capturing email from a specific email.
>
> thanks for any help.
>
> Ricardo Londoño
>
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it
> help you create better code?   SHARE THE LOVE, and help us help
> YOU!  Click Here: http://sourceforge.net/donate/ 
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net 
> https://lists.sourceforge.net/lists/listinfo/snort-sigs 




-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/ 
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net 
https://lists.sourceforge.net/lists/listinfo/snort-sigs





More information about the Snort-sigs mailing list