<div dir="ltr">So just to follow up with this thread. I did set up MailPiler using their OVA, and imported into XenServer, added some extra storage and extended the LVM volumes. Seems to be working fairly well. Being that I don't know the code and my day job makes me fairly paranoid, I also disabled SSH from all but a handful of IP addresses, firewalled everything but 443 25 22, put allow rules to only allow SMTP connections from the Office 365 IP ranges (this particular org uses O365, and to archive mail from there with Mailpiler and other solutions, you enable a journaling address which causes O365 to send a copy of all in/out mail to said address). I also tightened up the SSL ciphers, added diffie hellman params and stuff (and checked it with Qualys), disable nginx version display. And just to be extra paranoid I forced the requirement for a client to possess a client certificate signed by my private CA, which should virtually eliminate bruteforcing or PHP exploits. Client still need to provide credentials in addition to the cert.<div><br></div><div>I didn't try Enkive; Mailpiler seems to be more actively developed and ticks all of the boxes. All in all, it was pretty easy to set up (except that I changed a lot of the default passwords, broke stuff, and then had to track down all the other places those passwords had to be changed), total of about 2-3 hours work I think.</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><b>Mark Steffen</b><div><font size="1">Office Direct: +1.226.476.1240 | Mobile/WhatsApp: +1.226.600.0464</font></div><div><i style="font-size:x-small">"Don't believe everything you read on the Internet." -Abraham Lincoln</i></div><div><br><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Mon, Mar 20, 2017 at 9:36 AM, Mark Steffen <span dir="ltr"><<a href="mailto:rmarksteffen@gmail.com" target="_blank">rmarksteffen@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Nice. There isn't a real legal/regulatory requirement for this other than CYA (contracts gone bad, "well the sales guy said..." so we can dig through the email) but also as a backup to O365 (I can't see Microsoft losing their emails, but.. you never know). The budget is very low, they don't want to use Proofpoint etc. -- if there WAS a budget that is what I'd recommend doing rather than hosting it in house where there is always the question of fiddling down the road.</div><div class="gmail_extra"><span class="HOEnZb"><font color="#888888"><br clear="all"></font></span><div><div class="m_-1761291006217016630gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><span class="HOEnZb"><font color="#888888"><b>Mark Steffen</b></font></span><span class=""><div><font size="1">Office Direct: <a href="tel:(226)%20476-1240" value="+12264761240" target="_blank">+1.226.476.1240</a> | Mobile/WhatsApp: <a href="tel:(226)%20600-0464" value="+12266000464" target="_blank">+1.226.600.0464</a></font></div></span><span class=""><div><i style="font-size:x-small">"Don't believe everything you read on the Internet." -Abraham Lincoln</i></div><div><br><br></div></span></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><div><div class="h5">
<br><div class="gmail_quote">On Mon, Mar 20, 2017 at 2:09 AM, Bob Jonkman <span dir="ltr"><<a href="mailto:bjonkman@sobac.com" target="_blank">bjonkman@sobac.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
I've done this 1 1/2 times for a large organization, but with<br>
commercial software (think RFPs, pre-sales engineers, committee<br>
meetings).<br>
<br>
Don't forget about retention periods for different classifications of<br>
messages. Something dealing with finance or personnel may have a life<br>
of 7 years, and be *required* to be destroyed after that (for privacy<br>
reasons); something trivial like "Let's do lunch" might be destroyed<br>
after three years (so when legal discovery for corruption takes place<br>
the organization can legitimately say their policies don't retain mail<br>
that long -- yes, I've experienced that).<br>
<br>
- --Bob.<br>
<span><br>
<br>
On 2017-03-19 06:19 PM, Mark Steffen wrote:<br>
> I'm going to work on installing MailPiler first, it seems to be<br>
> more actively developed. Will let everyone know how it goes.<br>
> Mailpiler also can act as a "mail backup" where you can have it<br>
> flood your mail server with old messages if for some unknown reason<br>
> your mail server dies and you want to fill in the emails since your<br>
> last backup, so that's kind of neat.<br>
><br>
</span><span>> *Mark Steffen* Office Direct: <a href="tel:%2B1.226.476.1240" value="+12264761240" target="_blank">+1.226.476.1240</a> | Mobile/WhatsApp:<br>
</span>> <a href="tel:%2B1.226.600.0464" value="+12266000464" target="_blank">+1.226.600.0464</a> *"Don't believe everything you read on the<br>
> Internet." -Abraham Lincoln*<br>
<span>><br>
><br>
><br>
> On Sun, Mar 19, 2017 at 6:14 PM, B. S. <<a href="mailto:bs27975@gmail.com" target="_blank">bs27975@gmail.com</a>> wrote:<br>
><br>
>> Mark is thinking / talking about a different thing.<br>
>><br>
>> I've seen this sort of thing particularly around Sarbanes-Oxley<br>
</span>>> ( <a href="https://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act" rel="noreferrer" target="_blank">https://en.wikipedia.org/wiki/<wbr>Sarbanes%E2%80%93Oxley_Act</a>) -<br>
<div><div class="m_-1761291006217016630h5">>> it's not about email 'backups', but an archive of all email<br>
>> segregated off into a black hole. Hopefully never to be needed,<br>
>> but required to be there in case of later litigation. Think<br>
>> WorldCom and Enron, and document shredding being illegal. Email<br>
>> never dies any more - but may, hopefully, disappear forever when<br>
>> you would like it to, for your own immediate purposes and<br>
>> perception - but don't be fooled with out of sight and out of<br>
>> mind, there's a copy of it somewhere. And someone, in this case<br>
>> Mark, has to actually implement it.<br>
>><br>
>> In essence, every message coming and going is echoed into this<br>
>> black hole.<br>
>><br>
>> Bear this in mind the next time you send a nastygram to a<br>
>> corporation or lawyer. Especially if you're a director or a<br>
>> decision maker or otherwise have a fiduciary duty.<br>
>><br>
>> For that matter, everyone should bear this in mind with every<br>
>> email they send.<br>
>><br>
>> I've only ever seen this with Exchange Servers, myself, but I<br>
>> can appreciate the need for a Linux solution. Especially as we<br>
>> see companies come and go, particularly in the proprietary world.<br>
>> At least with FOSS you have the source code. Not only can you<br>
>> security check it, but you'll always be able to get it out - may<br>
>> be painful, but at least possible.<br>
>><br>
>> Please let us know how you make out Mark - I don't expect it will<br>
>> be too long before such will be required of everyone. And even if<br>
>> not for oneself, one's provider will be doing so.<br>
>><br>
>><br>
>> On 03/19/2017 05:13 PM, Chamunks wrote:<br>
>><br>
>>> I've also wanted to archive my email offline. My problem is I<br>
>>> don't wish to lose convenience at the same time. Grumble.<br>
>>><br>
>>><br>
>>> On Sun, Mar 19, 2017, 5:11 PM Mark Steffen<br>
>>> <<a href="mailto:rmarksteffen@gmail.com" target="_blank">rmarksteffen@gmail.com</a> <mailto:<a href="mailto:rmarksteffen@gmail.com" target="_blank">rmarksteffen@gmail.com</a><wbr>>><br>
>>> wrote:<br>
>>><br>
>>> Hi Cranky,<br>
>>><br>
>>> Yes, I mean for a smallish organization's email; they want all<br>
>>> of their org's incoming and outgoing email bcc'd into an<br>
>>> archival system that is read-only and they can designate<br>
>>> someone to have credentials to go through it if needed. Mainly<br>
>>> for potential legal issues down the road (not that they expect<br>
>>> any of course, just a CYA thing).<br>
>>><br>
>>> *Mark Steffen* Office Direct: <a href="tel:%2B1.226.476.1240" value="+12264761240" target="_blank">+1.226.476.1240</a> |<br>
>>> Mobile/WhatsApp: <a href="tel:%2B1.226.600.0464" value="+12266000464" target="_blank">+1.226.600.0464</a> /"Don't believe everything you<br>
>>> read on the Internet." -Abraham Lincoln/<br>
>>><br>
>>><br>
>>><br>
>>> On Sun, Mar 19, 2017 at 5:06 PM, CrankyOldBugger<br>
>>> <<a href="mailto:crankyoldbugger@gmail.com" target="_blank">crankyoldbugger@gmail.com</a> <mailto:<a href="mailto:crankyoldbugger@gmail.com" target="_blank">crankyoldbugger@gmail.<wbr>com</a>>><br>
>>> wrote:<br>
>>><br>
>>> Maybe I'm not understanding your question correctly, but I<br>
>>> "archive" my emails via Thunderbird/download to local HDD.<br>
>>> It's just an add-on. Then I have a .eml file for each email.<br>
>>><br>
>>> I imagine that you're thinking of something more from the<br>
>>> server side of things, though...<br>
>>><br>
>>><br>
>>><br>
>>> On Sun, 19 Mar 2017 at 15:28 Mark Steffen<br>
>>> <<a href="mailto:rmarksteffen@gmail.com" target="_blank">rmarksteffen@gmail.com</a> <mailto:<a href="mailto:rmarksteffen@gmail.com" target="_blank">rmarksteffen@gmail.com</a><wbr>>><br>
>>> wrote:<br>
>>><br>
>>> I have a friend with a need for email archiving and a limited<br>
>>> budget. I prefer an open source solution, since "archiving" by<br>
>>> it's very nature implies a very long term relationship. There<br>
>>> seem to be no shortage of companies that like to jack prices up<br>
>>> once they have you "stuck."<br>
>>><br>
>>> The two leading solutions I've found with Google seem to be<br>
>>> Enkive and Mailpiler. I'm leaning towards Mailpiler I think,<br>
>>> but I thought I'd ask here in case anyone else has already<br>
>>> solved this problem.<br>
>>><br>
>>> *Mark Steffen* Office Direct: <a href="tel:%2B1.226.476.1240" value="+12264761240" target="_blank">+1.226.476.1240</a><br>
>>> <tel:(226)%20476-1240> | Mobile/WhatsApp: <a href="tel:%2B1.226.600.0464" value="+12266000464" target="_blank">+1.226.600.0464</a><br>
>>> <tel:(226)%20600-0464> /"Don't believe everything you read on<br>
>>> the Internet." -Abraham Lincoln/<br>
>>><br>
>>><br>
>>> ______________________________<wbr>_________________ kwlug-disc<br>
>>> mailing list <a href="mailto:kwlug-disc@kwlug.org" target="_blank">kwlug-disc@kwlug.org</a><br>
>>> <mailto:<a href="mailto:kwlug-disc@kwlug.org" target="_blank">kwlug-disc@kwlug.org</a>><br>
>>> <a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" rel="noreferrer" target="_blank">http://kwlug.org/mailman/listi<wbr>nfo/kwlug-disc_kwlug.org</a><br>
>>><br>
>>><br>
>>> ______________________________<wbr>_________________ kwlug-disc<br>
>>> mailing list <a href="mailto:kwlug-disc@kwlug.org" target="_blank">kwlug-disc@kwlug.org</a><br>
>>> <mailto:<a href="mailto:kwlug-disc@kwlug.org" target="_blank">kwlug-disc@kwlug.org</a>><br>
>>> <a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" rel="noreferrer" target="_blank">http://kwlug.org/mailman/listi<wbr>nfo/kwlug-disc_kwlug.org</a><br>
>>><br>
>>><br>
>>> ______________________________<wbr>_________________ kwlug-disc<br>
>>> mailing list <a href="mailto:kwlug-disc@kwlug.org" target="_blank">kwlug-disc@kwlug.org</a><br>
>>> <mailto:<a href="mailto:kwlug-disc@kwlug.org" target="_blank">kwlug-disc@kwlug.org</a>><br>
>>> <a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" rel="noreferrer" target="_blank">http://kwlug.org/mailman/listi<wbr>nfo/kwlug-disc_kwlug.org</a><br>
>>><br>
>>><br>
>>><br>
>>> ______________________________<wbr>_________________ kwlug-disc<br>
>>> mailing list <a href="mailto:kwlug-disc@kwlug.org" target="_blank">kwlug-disc@kwlug.org</a><br>
>>> <a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" rel="noreferrer" target="_blank">http://kwlug.org/mailman/listi<wbr>nfo/kwlug-disc_kwlug.org</a><br>
>>><br>
>>><br>
>> ______________________________<wbr>_________________ kwlug-disc<br>
>> mailing list <a href="mailto:kwlug-disc@kwlug.org" target="_blank">kwlug-disc@kwlug.org</a><br>
>> <a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" rel="noreferrer" target="_blank">http://kwlug.org/mailman/listi<wbr>nfo/kwlug-disc_kwlug.org</a><br>
>><br>
><br>
><br>
><br>
> ______________________________<wbr>_________________ kwlug-disc mailing<br>
> list <a href="mailto:kwlug-disc@kwlug.org" target="_blank">kwlug-disc@kwlug.org</a><br>
> <a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" rel="noreferrer" target="_blank">http://kwlug.org/mailman/listi<wbr>nfo/kwlug-disc_kwlug.org</a><br>
><br>
<br>
</div></div>- --<br>
<br>
<br>
- --<br>
Bob Jonkman <<a href="mailto:bjonkman@sobac.com" target="_blank">bjonkman@sobac.com</a>> Phone: <a href="tel:%2B1-519-635-9413" value="+15196359413" target="_blank">+1-519-635-9413</a><br>
SOBAC Microcomputer Services <a href="http://sobac.com/sobac/" rel="noreferrer" target="_blank">http://sobac.com/sobac/</a><br>
Software --- Office & Business Automation --- Consulting<br>
GnuPG Fngrprnt:04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA<br>
<br>
<br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2<br>
Comment: Ensure confidentiality, authenticity, non-repudiability<br>
<br>
iEYEARECAAYFAljPcgUACgkQuRKJsN<wbr>LM5eoQGQCg/dBUaIYwCuQrbDolEUdp<wbr>iXGd<br>
TuoAnj6KfH557ehy7387whxcwQE3mt<wbr>ch<br>
=E5Cb<br>
-----END PGP SIGNATURE-----<br>
<div class="m_-1761291006217016630HOEnZb"><div class="m_-1761291006217016630h5"><br>
______________________________<wbr>_________________<br>
kwlug-disc mailing list<br>
<a href="mailto:kwlug-disc@kwlug.org" target="_blank">kwlug-disc@kwlug.org</a><br>
<a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" rel="noreferrer" target="_blank">http://kwlug.org/mailman/listi<wbr>nfo/kwlug-disc_kwlug.org</a><br>
</div></div></blockquote></div><br></div></div></div>
</blockquote></div><br></div>