OUTLOOK <---> Exchange comms is in MAPI i.e rpc and not SMTP.
-----Original Message-----
From: Eric McCarty [mailto:eric@piteduncan.com]
Sent: Saturday, January 29, 2005 3:28 AM
To: Doll, Josh; security-basics@securityfocus.com
Subject: RE: Exchange <--> Outlook Monitoring
Since SMTP is plain text it can be pulled off the wire @ the
gateway, if your patient enough to use ethereal w/a filter
you can pull all SMTP from a certain IP. Or you can use a
graphical IDS like the Etrust product which isn't free but
provides an easier and cleaner interface for such things.
E.
-----Original Message-----
From: Doll, Josh [mailto:Doll@pbworld.com]
Sent: Friday, January 28, 2005 8:27 AM
To: security-basics@securityfocus.com
Subject: Exchange <--> Outlook Monitoring
Is there any effective way of capturing exchange / outlook
data from a 3rd party machine? We have a number of sub
consultants with email access from our company, who's email
needs to be monitored / archived for breech of contract and
sharing of company secrets. Problem is, we don't maintain
our exchange server here in this office, and the office that
does is unwilling to cooperate in this matter (Read: upper
management catfight). Therefore we need a way to ensure that
what they send and receive is legit. It is a relatively
small number of users
(~5) that are still on our LAN that need to be monitored, the
rest have been moved to another subnet without company email.
My understanding is that it is nowhere near as easy to
capture these emails when it is an exchange environment vs..
the options available when using POP or others.
Any help, or nudges in the right direction would be helpful.
C. Josh Doll
Network Administrator - Houston
Parsons Brinckerhoff
