Many users asked about email monitoring and recording features of WFilter. Actually, WFilter, including “WFilter Enterprise” and “WFilter NG firewall”, all are able to record SMTP, POP3, IMAP and web-based emails on network. However, there are some limitations of this feature.
This post will discuss WFilter’s email monitoring features and solutions.
1. Monitoring of email clients
An email client receives emails via POP/IMAP protocols, sends emails via SMTP protocol. In today, SSL encryption is widely used for email clients. There are two kinds of SSL encryption: “SSL Connection” and “STARTTLS”. With WFilter, you can:
- Monitoring emails via plain SMTP/POP/IMAP.
- Email attachments can also be recorded.
For SMTP/POP/IMAP over SSL, you have two solutions:
Solution 1: block SSL email connections to force email clients using plain email protocols.
When blocking is applied, email clients need to be re-configured to disable SSL encryption.
Solution 2: Enable “SSL Email Inspection” with “WFilter NG Firewall”.
This feature can intercept SSL connections and record SSL emails. However, “STARTTLS” still can not be recorded, even “SSL Email Inspection” is enabled. Please check: SSL Email Inspection
2. Monitoring of Web Emails
Web email means receiving and sending emails within a web browser. Please note that web emails received can not be recorded, while http outgoing emails can be recorded by WFilter. Please note:
- Outgoing http web emails can be recorded.
- Https web emails can not be recorded.
- Not all http attachments can be recorded. It depends on the uploading protocol.
- For http web emails not recorded, you may contact us for a web email format upgrade.