How to monitor users emails

[christobol]

We have been having problems with employees committing fraud, and harassing other people within the company. Is it possible to force exchange to save all emails that pass through the server? Both internet and external? That way we can look for evidence of possible fraud that is being planned or occurring.

Any help would be great. Thanks

 

[vectrisk]

There is a Microsoft Q article that referrs to message Journaling. (wse did it but it escapes me at the moment)
It is a registry entry that forces each message even
the ones sent by users on the same server to go through the
MTA, of course there is a performance hit but it is alway logged and there is no way around it. Also think about enabling deleted Item retention on all folders not just deleted Items. this mean that even if the user does a shift delete you should be able to get the message back when doing an exmerge.

 

[Grenage]

Or alternatively you could set each mailbox to send a copy of any mail it receives into another mailbox. Under the users mailbox properties if you go to "delivery options" you an choose an alternate address to deliver the mail too, while still sending a copy to the original recipient.

Aside from this there are some third party products that do what you are asking.

 

[RamasamyRathnam]

For only incoming mails, you can follow
Grenage's posting.

If you need outgoing mails also,
check this link for journaling

http://support.microsoft.com/default.aspx?scid=kb;en-us;239427

 

[christobol]

Okay well I'm now able to monitor emails within our Exchange network. However I am not able to capture outgoing internet emails.

Here is a quick description of our setup. We have our website hosted at a hosting company, so our internet mail is routed through that hosted server. We have it setup that way in order to be more reliable, as we have had issues with our T1s. The clients, and the Exchange server are behind a NAT server. The clients go out and check their mail accounts to receive mail. Since we are on exchange all of the outgoing smtp mail is routed through the Exchange server (I know this from looking at received headers). Is it possible to receive copies of these outgoing emails too?

 

[Griffyn]

Message Journaling captures everything and makes a copy of every message that Exchange sees in another mailbox. Which can be hidden.

So all incoming mail, outgoing mail and intra-office mail will get copied. This means that you will quickly double your entire Information Store.

When you say 'clients go out and check their mail accounts', do you mean they are retrieving mail via POP3 from your website host? or are they still accessing the Exchange server. What program are you using? Outlook? Outlook Express? something else?

If you're using Outlook Express, then you probably have it configured that the SMTP server is your webhoster's server, and not your Exchange server. In this case, it's not possible to grab a copy of that because it never passes through the Exchange server.

 

[Marcs41]

If you have someone harassing other people within the company, just go to the victim's pc, read the headers and track it down.
If it was sent from inside, surely they know who sent it??
If from Hotmail or so, just block that address in your Exchange.
If you use a proxy, enable all tracking and you can see in the log which PC logged on to what hotmail (or other) account). Compare the sent time of the mail to get an idea where to look. If the solution is out there, let us know it was helpful, so others can benefit from it as well..