E-discovery best practices?

Tom Metro blu at vl.com
Fri Jan 26 12:19:49 EST 2007 

John Abreau wrote:
> I could just mirror everyone's Maildir directories and ensure that nothing
> ever gets deleted...  I could roll my own scripts to analyze the Maildirs
> and try to avoid saving multiple copies of each message.

To me it seems like the logical point of interception is the local 
delivery agent. Depending on the agent, that might involve adding some 
global rules (if it is an agent that processes rules) or wrapping it in 
a shell script that provides the added functionality. (I'd probably use 
Berkeley mailbox files instead of Maildir, as they're more optimal for 
archives.)

The second link Daniel provided shows one way to do this at the LDA level.

This may not be comprehensive, though, and may not catch mail sent to 
mailing lists and other programs. (For example, Daniel's write up 
mentions it doesn't catch mail processed through a .forward file. This 
can probably be addressed by wrapping the "program" mailer in addition 
to the regular LDA.) You also will likely need a solution to handle 
outbound mail.


> But this is exactly the sort of ad-hoc kludge I'm trying to avoid.
> What I'm looking for is a decent description of Best Practices in
> this area.

I'm surprised you've had difficulty digging up this info, given that 
there seems to be such frequent mention of it on mailing lists for MTAs. 
I haven't followed the sendmail community in many years, but there's 
been lots of talk about how to do this for Sarbanes-Oxley[1] compliance 
on the Postfix list[2] in recent years. Actually, running a search on 
"Sarbanes" or "Oxley" against the archives turns up only one message, so 
I must be misremembering, but there are indeed plenty of messages that 
address both inbound and outbound archiving[3]...of course in a 
Postfix-specific way.

1. http://en.wikipedia.org/wiki/Sarbanes-Oxley_Act
2. http://groups.google.com/group/mailing.postfix.users/topics
3. 
http://groups.google.com/groups?as_q=archive+all&num=30&scoring=r&as_epq=&as_oq=&as_eq=&as_ugroup=mailing.postfix.users&as_usubject=&as_uauthors=&lr=&as_drrb=q&as_qdr=&as_mind=1&as_minm=1&as_miny=1981&as_maxd=26&as_maxm=1&as_maxy=2003&safe=off


Daniel Feenberg wrote:
> Also consider this:
> http://www.technoids.org/procmailfilter.html

With respect to archiving it actually says:
http://www.technoids.org/procmailfilter.html#Archiving

   A solution similar to this one is addressed by sendmail FAQ 4.20...
   The solution below is not optimal...if you really want to do this, a
   milter is probably a better solution!

This suggests trying a search on "milter archive" at Sourceforge. That 
turns up nothing specific to archiving, but Chainmail milter[4] lets you 
add recipients to messages, among other things, so it could be set to 
(effectively) bcc all messages to an archive user.

You probably wouldn't want to do the archiving itself at the milter 
stage anyway, as that might mean you'd end up archiving messages before 
they went through spam filtering. But the Bcc trick should allow spam 
filtering to proceed normally.

4. http://sourceforge.net/projects/chainmail/

  -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Discuss mailing list