Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Copy of All email incoming and outgoing
- Thread starter bmeche
- Start date
cisconewbee
Programmer
I just started a similar project for our company. I assume this is for Sarbanes-Oxley/SEC compliance. Maybe we can collaborate and come up with a compliant solution that does not cost an arm and a leg. The challenges are that the sys admins have to be able to show that they cannot tamper with the messages (along with some other issues)
I already looked at Oracle's solution. Too expensive and then we'd need an army of DBAs. My env is Redhat
My thought is to mirror the spool using a few mods to the sendmail.cf, I'll be testing the mirror today and can share that with you. If you do this, then the feds cannot say the CEO deleted messages from their mailbox. (Some off the shelf packages have the user forward the emails from their outlook to an archiver@mydomain.com...what if the CEO or CFO never forwards the messages?)
Once I have the mirror, a daemon will process each message and store it in a relational database. This is to make it easy if there is a demand for information from the suits to find messages pertaining to the inquiry. I was planning to only store the full message header per the RFC and the full message text. Need to deal with messages that have attachments though...don't want to store all of that.
Lastly, we'd use a tool like mcrypt to encrypt the original message and store it on disk. And store the key and filename reference in the database.
It seems the SEC requirement is you have to log an entry in the database each time a person searches, views, prints or downloads a message and there needs to be some access levels. Example: can the receptionist access the CEO's email archives?
Auditting: they say that you should be able to send reports to the managers of various areas where suspicious activity is detected such as, insider trading. I was planning to create key words that can scan the emails and flag the suspicious activity for the managers to review. They can then investigate or clear the flag.
Lastly, you have to archive it to "approved" media. And it looks like the only approved media is WORM. I bought an AIT drive to do this.
This was a project that seemed relatively simple until I started to dig into the requirements. Oh, and if you can't produce the emails in the time frame the feds want them in, you can find yourself with an obstruction of justice charge.
On the flip side, there can be some other good uses for such an archive, such as in patent defenses.
Thank you Worldcom, Enron, Global Crossing!
I already looked at Oracle's solution. Too expensive and then we'd need an army of DBAs. My env is Redhat
My thought is to mirror the spool using a few mods to the sendmail.cf, I'll be testing the mirror today and can share that with you. If you do this, then the feds cannot say the CEO deleted messages from their mailbox. (Some off the shelf packages have the user forward the emails from their outlook to an archiver@mydomain.com...what if the CEO or CFO never forwards the messages?)
Once I have the mirror, a daemon will process each message and store it in a relational database. This is to make it easy if there is a demand for information from the suits to find messages pertaining to the inquiry. I was planning to only store the full message header per the RFC and the full message text. Need to deal with messages that have attachments though...don't want to store all of that.
Lastly, we'd use a tool like mcrypt to encrypt the original message and store it on disk. And store the key and filename reference in the database.
It seems the SEC requirement is you have to log an entry in the database each time a person searches, views, prints or downloads a message and there needs to be some access levels. Example: can the receptionist access the CEO's email archives?
Auditting: they say that you should be able to send reports to the managers of various areas where suspicious activity is detected such as, insider trading. I was planning to create key words that can scan the emails and flag the suspicious activity for the managers to review. They can then investigate or clear the flag.
Lastly, you have to archive it to "approved" media. And it looks like the only approved media is WORM. I bought an AIT drive to do this.
This was a project that seemed relatively simple until I started to dig into the requirements. Oh, and if you can't produce the emails in the time frame the feds want them in, you can find yourself with an obstruction of justice charge.
On the flip side, there can be some other good uses for such an archive, such as in patent defenses.
Thank you Worldcom, Enron, Global Crossing!
- Thread starter
- #3
This is for a financial institution (S&L) and we are regulated by OTS (office of thrift services), most full service banks are regulated by FDIC. I am very interesed in working with you on this project as I do not see any simple solution to accomplish this.
cisconewbee
Programmer
Well we are not that far apart in our regulatory. I need to consider banking as well since we have a bank charter, state insurance department regulatory, plus we are public so Sarbanes-Oxley and SEC rules apply.
The question is, if you home brew a solution, does that pass your auditors? And for how many users? Right now, I only have 12 people I need to archive for. So I am going with a home-grown solution as the Oracle solution starts at around $550 per email account just for the software. Then you have to get the hardware, have a sys admin and DBA staff.
As far as other solutions, I have looked at features and functions, but not pursued pricing.
What do you see as next steps?
The question is, if you home brew a solution, does that pass your auditors? And for how many users? Right now, I only have 12 people I need to archive for. So I am going with a home-grown solution as the Oracle solution starts at around $550 per email account just for the software. Then you have to get the hardware, have a sys admin and DBA staff.
As far as other solutions, I have looked at features and functions, but not pursued pricing.
What do you see as next steps?
- Thread starter
- #5
- Status
Similar threads
- Locked
- Question
- Locked
- Question