[comp.mail.misc] Summary: Spy mail

wolf@grasp1.univ-lyon1.fr (Christophe Wolfhugel) (04/15/91)

Thanks for all input a received to my query. As it may be of general 
interest for system administrators, I post a summary of the received
answers:

First one important point that I forgot:

|From: rickert@cs.niu.edu (Neil Rickert)
|Then there is the problem of whether you can be 'caught' if the sender of
|the message adds a 'Return-Receipt-To:' header, or if the local sender just
|does an occasional 'mailq' or 'sendmail -bp' or routinely uses 
|the '-v' (verbose) option to monitor his outgoing mail.

Based on local user (ie incoming mail).

|From: karl.kleinpaste@osc.edu
|In S0 of sendmail.cf, just before whatever rule it is that detects
|local delivery and invokes the $#local mailer, add a rule which
|notices that user specifically, and sends to both that user and
|yourself:
|Rbaduser<@$D>           $#local $:baduser wolf

I tried this, only on the SysV but it seems that the local mailer only
accepts one argument.
It seems to be equivalent to an alias:
baduser: baduser,spy

|From: ken@csis.dit.csiro.au
|fred: \fred,"|/usr/adm/bin/checkfornaughtymail"

(same as above except that a clever script does mail filtering for the spy).

-- 
Christophe Wolfhugel (on irc: Zolf)  |  Email: wolf@grasp1.univ-lyon1.fr
INSA Lyon - Departement Informatique |  "Ecole publique, ecole fauchee. Encore"
69621 Villeurbanne Cedex             |  "une tradition francaise dont on se"
France                               |  "passerait bien."

mjo@irie.ais.org (Mike O'Connor) (04/16/91)

In article <1991Apr15.161643.5558@grasp1.univ-lyon1.fr> wolf@grasp1.univ-lyon1.fr (Christophe Wolfhugel) writes:
:Thanks for all input a received to my query. As it may be of general 
:interest for system administrators, I post a summary of the received
:answers:

Just as a point: unless a sysadmin tells a user in advance that the user's
account and mail may be snooped at without notice, I see such action
as ethically WRONG, and so would a lot of others.  I would encrypt
anything I deemed truly confidential in E-Mail, but many people aren't
that protective.  (Then again, many people shouldn't read over my
shoulder -- it annoys me to no end.  You know who you are. :) )
Unless someone cites the Federal Communications Act of 1986 (or some
equivalent non-U.S. law) or system policy in advance, mail is
generally presumed to be confidential.



====
Mike O'Connor (mjo@ais.org)

andys@ulysses.att.com (Andy Sherman) (04/24/91)

In article <1991Apr16.125442.28160@engin.umich.edu> Mike O'Connor <mjo@ais.org> writes:
>Just as a point: unless a sysadmin tells a user in advance that the user's
>account and mail may be snooped at without notice, I see such action
>as ethically WRONG, and so would a lot of others.

It sort of depends upon who owns the system.  If it is a company
resource and you suspect industrial espionage, do you really have an
ethical responsibility to tip off the suspects?  All data on our
systems belong to the company, not to the users.  All of our
administrators sign a privileged users' code of conduct which
prohibits egregious snooping, but I think it has a few outs to cover
contingencies like this.

>Unless someone cites the Federal Communications Act of 1986 (or some
>equivalent non-U.S. law) or system policy in advance, mail is
>generally presumed to be confidential.

Most company owned computers at AT&T give the following greeting:

  This system is restricted to AT&T authorized users for legitimate AT&T
  business purposes and is subject to audit.  The unauthorized access, use,
  or modification of computer systems or the data contained therein or in
  transit to/from, is a criminal violation of federal and state laws.

I suppose we've met your objections with the "subject to audit"
notice.
--
Andy Sherman/AT&T Bell Laboratories/Murray Hill, NJ
AUDIBLE:  (908) 582-5928
READABLE: andys@ulysses.att.com  or att!ulysses!andys
What? Me speak for AT&T?  You must be joking!