Under the menu 'search messages', enter in to a message and it's possible to read the contents.
As this is a serious privacy issue, is there any way to disable this ?
Privacy Issues
Re: Privacy Issues
If you are referring to MailControl in the MailScanner Front-End, if you disable storage of all emails in quarantine (this setting is under MailScanner Performance), the content of emails will not be available in MailControl (and nor will you be able to release them from quarantine or train spamassassin about spam or ham).
Re: Privacy Issues
Releasing them from quarantine, or having the ability to forward them to someone else is a feature we use frequently.
My concern is that anyone who has root access has the ability to abuse the confidentaility.
When it's only me with root access, then this is of no concern really, however, i'll be stepping down soon.
My concern is that anyone who has root access has the ability to abuse the confidentaility.
When it's only me with root access, then this is of no concern really, however, i'll be stepping down soon.
Re: Privacy Issues
I'm afraid we have no other solution for you. As you say, it is only people with root access who can access the mailcontrol interface, people can logon to the server anyway and read those emails directly if they wanted to, so the added risk seems fairly minimal.
Re: Privacy Issues
Maybe a difference is possible between
1/ people have root access (and then of course they will *always* be able to see everything if the want (even in WHM or CPANEL if they are the virtual domain user), or the MTA has to apply encryption, but then antispam will have some problems too... or the key has to be stored somewhere and then root can find it... )
and
2/ the people without root access but just using the MSFE web interface to monitor and sometime correct the spam/notspam tagging.
There an option (to be set by root outside the webinterface) could be to only show the "Headers" text-area, but not the "Contents" text-area and the "View full message" or "Download Full Message", but then "Forward" should be removed too....
And all this would make "human-driven spam-tuning as a service" difficult !
A solution can be to put in your legal contract with your client a paragraph saying that technical staff *is* able to access the maildata, but that the number of such people is strictly limited, and that they are bind in their work-contract to professional secrecy.
But yes General Data Protection Regulation (GDPR) is tricky : but you can write down what data is stored, for how long, and for what intention.
Technical monitoring and human-driven spam-monitoring can be an intention if the client agrees. (to be confirmed by a legal competent someone)
1/ people have root access (and then of course they will *always* be able to see everything if the want (even in WHM or CPANEL if they are the virtual domain user), or the MTA has to apply encryption, but then antispam will have some problems too... or the key has to be stored somewhere and then root can find it... )
and
2/ the people without root access but just using the MSFE web interface to monitor and sometime correct the spam/notspam tagging.
There an option (to be set by root outside the webinterface) could be to only show the "Headers" text-area, but not the "Contents" text-area and the "View full message" or "Download Full Message", but then "Forward" should be removed too....
And all this would make "human-driven spam-tuning as a service" difficult !
A solution can be to put in your legal contract with your client a paragraph saying that technical staff *is* able to access the maildata, but that the number of such people is strictly limited, and that they are bind in their work-contract to professional secrecy.
But yes General Data Protection Regulation (GDPR) is tricky : but you can write down what data is stored, for how long, and for what intention.
Technical monitoring and human-driven spam-monitoring can be an intention if the client agrees. (to be confirmed by a legal competent someone)