OPEN CALL: Monitoring Internet Email
Novell Cool Solutions: Tip
Digg This -
Updated: 4 Jan 2006
Tim H. wrote: We have had a request to either find a product that would monitor Internet email (I know...what will managers think of next!!!) or a tech spec so our developers can write something.
I had thought that a GW account that sends to a yahoo or gmail account with a rule to reply would be one way...we would just have to get/write something that would check the account (other than a live body...those aren't allowed here) and notify if something goes wrong.
Then I thought...maybe those Cool people at Cool Solutions might know of something that would do this for me. So.....do you?
OPEN CALL: Anyone out there know of a way Tim can meet this need? Let us know.
- Tim Hansen
- Colleen Hernandez
- Chris Premo
- Curtis Parker
- Dave Strickler
- Diane Gorman
- Kent Wicker
- Shane Davies
- Rick Ketcham
- Milton F. Christ
- Thomas Salzman
- Norma Steeves
- Jason Mitchell
- Phil Holdstock
- Jim Sepanik
- Mark Shimonek
- Martin Arman-Addey
- James Walker
- Eddy Coopmans
- Sangita Patel
- Sandie Hogenson
- Thomas Bargfrede NEW
Try the GroupWise Monitor app that ships with GroupWise. I have it poll the statuses of my MTAs, POAs, WebAccess and GWIA every 5 minutes. It can monitor many aspects of the GWIA and you can set thresholds on these to generate notifications. For example, it will notify me when GWIA's send queue exceeds 20 messages - for our site, if 20 messages are waiting to go out we know to start looking for a problem. You can also monitor the number of messages sent or received during the last poll interval, so you could have it notify you when no messages have been received (gwiaStatIntervalMsgsIn=0) for the last 5, 10, 20 minutes - or whatever length of time makes sense for your site. There are also controls on the notifications so you don't receive repeats too often, and it also has a notification to tell you that it is still up and monitoring.
We use 3rd-party software to accomplish this task. Currently we are using Message Inspector and it monitors internet email for each user. I can generate a report on a user's name and specify how many hours/days I'm looking for, and the report will track the mail for me. It will show the recipient's name, the date/time it was sent and what the subject was.
I have a recurring report generated each Monday that shows me the amount of email coming and going for the previous week.
Does Tim require more information than is currently given in the "Acct.txt" file? If not, he could use my CoolTool called GroupWise Accounting Data Report 1.79. (Not that I'm tooting my own horn!!!)
Lightspeed Total Traffic Control can monitor inbound and outbound email.
Call me biased, but tons of our customers use MailWise to do this.
MailWise allows you to scan inbound and outbound email in GroupWise for one or more employees. You can filter email by blocking it, but often our customers like to use "big brother" mode, and allow the email through, but send a copy to the H.R. department if it uses certain words or text strings.
Also, the Admin, H.R. person, etc can "Audit" peoples mailboxes simply by using our Portal. No need to set up and maintain GroupWise Proxies, etc. A web browser is all they need to search for emails and view the contents. This really helps for HIPPA auditing.
For more info they can email firstname.lastname@example.org or call (800)999-5412
Purchase GWAVA. It's awesome!
If you get a steady flow of incoming internet email you can set up the GroupWise monitor (included with 5.5, 6.0, 6.5, and 7.0) to alert you when the 10 minute sliding window of incoming messages falls below a certain number such as 1. If you haven't received 1 message in 10 minutes, something must be wrong.
If your volume of mail is not high enough to keep this alert from triggering, persuade your boss to buy you a computer and pay for a high speed internet connection at your house. You then configure this computer at your house to send email every 5 minutes which would keep your GWIA above the threshold unless there is a problem.
Alternatively, you could partner with another business. You could send them email every 5 minutes and they could send you email every 5 minutes. With any method, if using the GW monitor, there is no need to actually check the mail box because as long as it is passing through the GWIA internet mail is working.
Have you looked into GWAVA's Email Archival and Retention? This may suit your needs with archiving selection based on email address, specific words, attachments and more.
There is a product from SpectorSoft that will allow monitoring of email and all functions on a workstation. I have this in many clients and they find it very useful when looking at an employee's habits.
Intellireach makes a product called Exray that is perfect for this task. I believe they even have an echo email site, but you can set up your own. Works for Exchange and Lotus Notes too. Monitors internal email routes as well.
Guinevere with or without GWAVA can capture all internet email - Incoming and outgoing - either by archiving the RAW MIME email or having a certain person's email forwarded to someone else. Besides, of course, the virus and spam features.
The Barracuda Spam Firewall takes care of it for us.
We have two solutions in place, both of them being free.
Me.Ri.Quota is a small utility to check folders' usage. It allows you to set the maximum quota of a folder and to perform the relative check either manually or automatically. I have this program installed on a computer with speakers in a central location at the helpdesk. It currently watches the following folders:
WPCSIN with a quota of 1 meg
WPCSOUT with a quota of 1 meg
WPCSOUT\Problem with a quota of 1 meg
WPGATE\GWIA\DEFER with a quota of 1 meg
WPGATE\GWIA\Dnshold with a quota of 50 meg
WPGATE\GWIA\Gwprob with a quota of 1 meg
WPGATE\GWIA\Receive with a quota of 1 meg
WPGATE\GWIA\THIRD\Receive (For Guinevere) with a quota of 1 meg
WPGATE\GWIA\THIRD\Result (For Guinevere) with a quota of 5 meg
WPGATE\GWIA\THIRD\Send (For Guinevere) with a quota of 1 meg
I have it automatically checking the folder every minute. When a quota is met, an Audible Alarm goes off and a pop-up shows up on the console. Then the helpdesk technician can see exactly what folder his email is hanging up in. They can actually drill down into the folder from the program and see if it is just an overly large email or if it is a build up. This really helps us to figure out if it's something wrong with Guinevere processing or GroupWise.
This is only specifically for those who have a Symantec Firewall Solution. It will parse your firewall log and tell you the top 10 receiving email participants or those who send the most, or email by size. It is highly configurable. We run the report every night and make it part of our opening procedures. So let's say a computer inside gets infected with a mass mail virus, we should be able to tell by this report.
GWAVA Redline GroupWise Monitoring is able to monitor and report on email going through the GWIA and it gives some pretty good reports.
GroupWise Monitor does a good job of watching the GWIA, but it is not a true end-to-end test of the system. It also does not work well in our environment since internal servers send mail through the GWIAs. GW Monitor will not know the difference between the internal and external mail.
This is similar to Kent Wicker's solution of partnering with another company. We take advantage of the fact that we have two GWIAs running in separate locations. We use ROUTE.CFG files with entries that point to fictitious domains on the other GWIA. On GWIA1 we have configured a foreign domain mailcheck1.com. On GWIA2 it is mailcheck2.com. We have a mailbox called "gwia_test" where the test e-mail ends up.
Here is how it works: Every 15 minutes, a Unix server running a Perl script generates an e-mail to email@example.com. It sends it through GWIA2. The ROUTE.CFG entry tells GWIA2 to deliver it to GWIA1 via its internet address. GWIA1 receives it and delivers it to the "gwia_test" mailbox. The Unix server also generates an e-mail to firstname.lastname@example.org and sends it through GWIA1. The entry in ROUTE.CFG tells it to deliver to GWIA2 via the internet. GWIA2 delivers the e-mail to the "gwia_test" mailbox.
The Unix server then accesses the "gwia_test" mailbox via IMAP4, looks for each of these e-mails and if it finds them, everything is good. This test has told me that the internet connection, firewall, Spam filtering system, GWIAs, MTAs and POAs in this path.are working and we have an end to end test. If either of the e-mails are missing, it sets a flag on our enterprise monitoring system and we know that there is a problem. At that point someone calls me in the middle of the night and tells me that internet e-mail is not working.
I have a program (GwiaAsst) that I wrote for my company that does exactly what you are asking for. We have 29 physical offices connected in a hub-and-spoke fashion. Each office has been assigned a "review box" which takes the form of a GroupWise resource. When an outbound email hits GWIA, GwiaAsst opens it and determines the sender's email address. GwiaAsst then does a SQL query to determine what office the sender is located in. This information is used to forward a copy of the email to the proper review box. Each office has assigned someone the task of monitoring that office's review box. Since the proper review box is determined by using a SQL query you could change this to fit the structure of your own company. You might want a review box for sales and another for R&D.
I am also keeping a copy of all of the MIME files that pass through GWIA. For example, when I send this email a copy of it will be placed in \\fs1\vol1\archive\other\december\09\send. If a client were to send an email to a member of our Wealth Advisor team a copy would be placed in the \\fs1\vol1\archive\wa\december\09\receive folder. This process is of course completely automated so the folder name changes each evening.
GwiaAsst also has some other nice features such as:
- appending a legal footer to each outgoing email
- graphing incoming/outgoing traffic
- sending you an email alert to an external account if the send/receive rates drop to zero for any reason
If you would be interested in licensing a copy I can be reached at email@example.com.
All outgoing mail gets a copy sent to a review mailbox. We have 20+ locations, each with their own review mailbox. The proper review box is determined using a database lookup.
We use TFS secure mail server.
This sits between the GWIA and the internet and is an SMTP server running on a Windows 2000/XP workstation.
In here we have a set of rules that blind copy every internet email into a central account that we can then monitor. It's also useful because we can setup rules to prevent file types being sent/received, block URLs, etc.
We monitor GroupWise email by hourly relaying 5 emails from sendmail on a Solaris server into our GroupWise system. In the GroupWise system an account receives all 5 emails, forwards them to our systems group, and forwards them to 5 different gmail accounts (free forwarding). These 5 accounts forward to our 5 different gateways and the 5 emails are destined for the same GroupWise account which forwards to the systems group. So, we get 10 emails an hour and we are able to also monitor the speed of the transactions.
I would suggest looking at MailMarshal by NetIQ. It's extremely flexible in setting up monitoring keywords and rules. I've used it with great success, and it can handle a heavy workload without bogging down. It also offers reporting, the ability to add a BCC to flagged messages and header rewrites, to mention just a few.
I use MailWise. MailWise allows you to scan inbound and outbound email in GroupWise for entire postoffice. You can create a report from MailWise as well. Various reports can be generated for user or postoffice.
Have the acct log (Agent Accounting Data file) sent to you (postmaster) automatically. This file contains one line of information per internet email incoming and outgoing. You can feed it into excel or any database product (it's sent in .csv format) to compile and monitor (I personally use Access linking to a SQL table).
You can find the file layout and how to set it up in the "Setting up Accounting" under Internet Agent in the documentation.
We monitor the GWIA with SNMP queries that can be send out by tools like openRelax, nagios etc.
You can check counters for "Mails in Queue" etc. and then generate alarms.