IdeaJam(tm) : Disable to open or copy mails in the mail.box

Domino Server / Security: Disable to open or copy mails in the mail.box

Thu, 17 Dec 2009 11:34:49 +0000

Author: Marius Jaeger
Tags: mail disable mail.box
Idea:

Any domino administrator can open mails in the mail.box or can copy mails from the mail.box into an other database.

It is not necessary for any administrator to do this.

So disable open documents and copy documents in the mail.box.

re: Disable to open or copy mails in the mail.box

Thu, 17 Dec 2009 13:59:40 +0000

Author: Craig Wiseman
Comment: From an admin perspective, this is so massively useful in troubleshooting that I can't click the Demote button hard enough.

That's what the ACL on the mail.box(es) is for.

Darn it, guess I need a new mouse. Apparently I CAN click the demote button hard enough.....

re: Disable to open or copy mails in the mail.box

Thu, 17 Dec 2009 14:55:34 +0000

Author: Peter Presnell
Comment: Craig is right, the ACL should provide the necessary protection without inventing additional functionality.

I would also like to point out that a primary role of Administrators is to keep the mail flowing in an organization. At the end of the day you need to trust someone to do that job. Almost every administrator has rights to edit server documents and hence can give themselves Full Access Administrations rights even if they don't already have it. Most already do, which means they can read any mail file and generate any e-mail message they want even without the need to access the Mail.Box directly. I think its implicit that we must trust that Administrators are doing the right thing by your company. If you have sensitive mail you don't want someone else to be reading Encrypting the e-mail is perhaps the only way to ensure privacy.

re: Disable to open or copy mails in the mail.box

Thu, 17 Dec 2009 16:00:45 +0000

Author: Gregg Eldred
Comment: I agree with Craig and Peter's argument. I've demoted this.

re: Disable to open or copy mails in the mail.box

Thu, 17 Dec 2009 19:14:17 +0000

Author: Marius Jaeger
Comment: For troubleshooting you never must read the body and attachments of a mail in the mail.box.

Encrypting sensitive mails isn't the solution when you want that the routing is secure for any mails.

re: Disable to open or copy mails in the mail.box

Thu, 17 Dec 2009 19:34:46 +0000

Author: Craig Wiseman
Comment: @4 There have been hundreds of times when I cut/copied email from one server's mail box to another's in order to assist in troubleshooting mail delivery issues.

The act of cutting/copying the email to the clipboard makes it possible to paste it anywhere, including a mail file for review. Encrypting the mail does stop this use.

Hire trust-worthy folks, and properly secure your environment from untrustworthy ones. Basic security.....

re: Disable to open or copy mails in the mail.box

Fri, 18 Dec 2009 08:22:16 +0000

Author: Rob Goudvis
Comment: I agree with those who state that the ACL should handle this.

But I understand the thoughts behind this Idea. I have worked in an organization where there were over 40 people with full admin rights to the whole system. That is of course far more than required.

re: Disable to open or copy mails in the mail.box

Fri, 18 Dec 2009 08:51:37 +0000

Author: Marius Jaeger
Comment: @5 I see, you need the possibility to copy mails form one mail.box into other an other mail.box

Would it be a solution when we encrypt the notes network trafik, that the mails in the mail.box are automatically encrypted by the router task.

When the router task store the mail into an other database it should decrypt the mail.

re: Disable to open or copy mails in the mail.box

Fri, 18 Dec 2009 13:15:07 +0000

Author: Craig Wiseman
Comment: @7 - I understand the situation you've outlined, and it's hard to deal with it. It's essentially a "people problem" we're trying to solve with a technology solution.

The encryption idea is a start, but I can think of a number of situations where that might not work as we'd like.

Shining a bright light is a useful way to deal with this is. Perhaps via much more detailed logging of admin access to the mail.boxes. If every time you read/copied an email from the mail.box logged an entry like
"12/15/2009 03:43:32 AM Bob Evilman read/copied a message from mail1.box FROM Bill Boss, subject 'Employee Reviews'"
that might cut down on any inappropriate activity, without restricting valid admin uses.

re: Disable to open or copy mails in the mail.box

Mon, 21 Dec 2009 09:52:54 +0000

Author: Marius Jaeger
Comment: I work in a cluster of different companys with hundreds of domino servers.
The servers are administrated from the companys itself on different locations.

Only what we want is a secure mail routing without mail encryption.

There are many reasons why we can't use mail encryption.
For example: We can't scanning encrypted attachment for viruses.