Link to home
Create AccountLog in
Avatar of CProp

asked on

System Administrator reading users email

Is there a product to monitor or alert if system administrator are reading employee emails without permission from senior management?
Some of the VP's in my company are worried that they are doing this and would like a solution to monitor this.
We use both Lotus Domino and Microsoft Exchange.

Thank you

Avatar of Stelian Stan
Stelian Stan
Flag of Canada image

If you are using Exchange 2010 turn on journaling (
Avatar of expert_advisor

This is can be done through server monitoring tools. By that your senior management can check the activities on server by administrators if anything suspicious activity found senior management can track those.
This is quite hard to really check.  Since the administrators by definition have a lot of access, including access to account, userids and backups. If really stealthy, they could restore a tape to a private hidden server, and read mail on that.  Even if monitoring is installed on the production server and on clients, that would circumvent all those checks.

Bottom line is the issue of trust. To really secure stuff, you need to find a trustworthy third party and let them design a secure environment and procedures. Depending on the level of hints of misbehaviour, you might consider employing the services of a bureau specializing in industrial espionage.
The VP could enable encrypting every incoming mail, so only he (or his id) will be able to read the mail. :-)
And then the admin restores the backup to a private machine, and using the VPs ID reads all mail anyway.

My point: you need a comprehensive solution, weighing a lot of options.  Random application of a couple of hints will give you grief, not a solution.
@Lars: I tend agree with umeli, 98% can be achieved using mail encryption. Backups of the IDs have to be stored in a vault under control of the VP. Keeping a copy is a reason to be fired instantly.

@CProp: Journaling on Domino would only make things worse, because mails would also be stored in a Journal database, hence be more accessible.

@Lars: did you write that thread??
@lars: You can set encryption keys to be securely stored - by setting a password on the s/mime key and requiring it for access, not even a sysop can gain access without knowing the password.  The email is protected by the s/mime key, and the s/mime key is encrypted to the password.

Most email clients support s/mime :)
I miss the good old days of the M: drive though - having every user's email as a separate .eml file in a dir structure made backup and individual-level restores so much easier :)
@Sjef: I didn't write the thread, just thought to note it supports my ideas.

@David Howe: Almost exactly how Domino operates.  You should give Domino more attention, you might like it. (Each user has their own mail database).
  Would love to, although my own preference is for exim. However, I suspect my employers are too wedded to Exchange (having spent a fortune on the upgrade mill there to keep on the latest and greatest) so that wouldn't go down too well :)

  I used to like the Groupwise solution - no way for an administrator to gain access to another user's mailbox without resetting the password, short of restoring an entire mailstore and changing it there.... right up to the point they created the idea of an SDK "key" that had universal access, and could be supplied to a generic desktop client with a trivial bit of vbscript coding (Security Fail)
First off, if you're concerned about this, you've got bigger HR problems, most of which can't be fixed with technical solutions..  Having said that, your Exchange admins should not have Domain admin rights.  It can be configured so that the Exchange admins have control of the mailbox itself, and can move/manage it, while not having access to the content.  That's how we have it configured where I work.  

Now, that being said, I do have the rights to GRANT myself access to the content, but we have auditing turned on to discourage that, and a strict policy that creates a paper trail that requires me to document who gave me permission to do so if needed.

So..  I guess the bottom line is that even in my sensitive government agency world, there's no way to PREVENT it - You need to trust your admins, and even while trusted, there has to be enforcement policies that have teeth and are enforced.
@172pilotSteve: Actually, the problem isn't the sysadmin looking at the mail - its the senior management being paranoid about it (and no amount of HR action can fix that :)
I get your point, but if there was some policy that the management actually TRUSTED was doing the job, it might aleviate their concerns..

Doesn't sound like a fun place to be a technical person though, all in all..  :-)
@172pilotSteve: Sounds like most gigs, to me. However, you have to wonder what the management are up to that they are so paranoid about their own senior technical staff....
Hehehe... :-)
Theres really no way to do this

A cunning sys or exchange admin could simply open an Mailbox as the user and read mail,, as the user

However, if they are accessing the mailbox remotely or from their outlook profile

All you need to do is check the MailBox Store
There is an column for last access by along with date and time

If they are doing it, you could see their name here

however, this wont stand up to scrutiny

This field is also populated if they simply check another users Calendar

As has been indicated above

If the executive staff dont trust the IT Staff, they shouldnt be employeed

However, comming from the other foot

Not really fair to terminate an employee due to their own personal trust issues
Avatar of Sjef Bosman
Sjef Bosman
Flag of France image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
One could use the 'honeypot' approach but it only works if the admin acts upon the honeypot. As an admin myself I have more than enough to do that casual perusing of another's mailbox looking for juicy details would be taking time away from my already overloaded work load that and I have absolutely no interest.. If you don't trust the admin then don't discuss items via anything that the admin has access to.  No matter what controls you put in the admin by definition has access to the physical media.. Easy enough to duplicate a backup and take it home.  This would eliminate most other controls that you put in.