Intercepting Email via an IMAP Server¶

The Grabber, connects to an email server and downloads all emails to the Staffcop server. Emails are collected as Mail events.

How It Works: An administrator creates a service mailbox on the IMAP server with access to email correspondence.

The Staffcop server connects to the mailbox and intercepts all emails. Unlike an agent, which only sees emails on users’ PCs, the Grabber collects all incoming corporate email and provides organization-wide control over correspondence.

Note

The grabber intercepts emails only from the Inbox folder. Check the forwarding, filtering, and sorting rules settings to make sure all emails are sent to the Inbox. Emails should remain in the Inbox folder. The grabber will not capture emails that are automatically sorted to other folders.

For the grabber to work:

Configure the IMAP server to connect to the Staffcop server.
Enable and configure the Mail Grabber.

IMAP Server Configuration ¶

Setting up an Exchange server ¶

Setting up a server consists of several steps. Expand each step for detailed instructions.

Step 1. Create an empty mailbox from which the server will intercept emails.

Open Exchange admin center.
Go to Recipients → Mailboxes.
Select + → User mailbox. The New user mailbox window will open.

Provide the details of the new mailbox:

Select Additional parameters….
In the General section, turn on the Do not display in address list option.

In the Mailbox Features section, go to Message size restrictions.

Set the Maximum message size field to 0 kB:

Save all changes.

Step 2. Set up email interception rules.

Open Exchange admin center and go to Security and compliance → Messaging records management.
Select +. The New rule window will open.
Fill in the following fields:
- Send reports to email address — address of the mailbox
- Name — rule name
- Sending or receiving a message from … — select Apply to all messages
- Log the following messages… — select All messages
Select Save.

Step 3. Enable IMAP protocol in Exchange settings.

Go to Servers and open Exchange admin center.
Select your server and then select Edit. The settings window will open.

Go to IMAP4 and fill in the following fields:

TLS connections or unencrypted connections → All available IPv6 addresses — specify port 143

SSL connections → All available IPv6 addresses — specify port 993

Save all changes.

Step 4. Start the Microsoft Exchange IMAP4 and Microsoft Exchange Internal IMAP4 services.

Enter the following command into Powershell:

Start-Service MSExchangeIMAP4; Start-Service MSExchangeIMAP4BE

You can configure these services through the interface. In Services select:

Microsoft Exchange Internal IMAP4 Service:

Microsoft Exchange IMAP4:

Setting up a Gmail mailbox for email interception ¶

To intercept emails from a Gmail inbox, create an app password. Without a password, the server will not be able to connect to the mailbox.

Set up two-step authentication for your account.

Setting up a Zimbra mailbox for email interception ¶

Open the Zimbra mail server configuration file in a text editor:
- /opt/zimbra/postfix/conf/main.cf
- for version 8.8 — /opt/zimbra/common/conf/main.cf
Add the following line to the file:

always_bcc = service_mail@domen.ru

Save all changes.

Copies of all emails will be sent to service_mail@domen.ru, after which Staffcop will collect them via the IMAP grabber.

Grabber Setup ¶

The grabber has two modes:

single-thread — processes up to 10,000 emails per day
multi-thread — up to 100,000 emails per day

Attention

The grabber cannot operate in two modes at the same time.

Single-threaded Grabber ¶

A single-threaded grabber can process up to 10,000 emails per day.

To enable the Mail grabber:

In the Policy tab, go to Policies → System Policies.
Select Mail grabber. The policy settings window will open.

Turn on the Policy is enabled option.
Fill in the following fields:

IMAP Server — the mail server address

IMAP Server Port — the mail server port, 993 by default

IMAP Login — the mail server login

IMAP Password — the mail server password

If necessary, select the following options in the Mail message deletion policy section:

Do not delete — nothing will be deleted

Delete immediately upon receipt — delete emails immediately after interception

Delete messages after (days) — delete emails immediately after a set number of days

Select Save.

All incoming emails to the IMAP server will be collected as Mail events Unlike regular events, mail events from an IMAP server are not tied to a user.

To make sure the interception is working, run the following command in the server console:

staffcop grab --server=imap.gmail.com --login=test@gmail.com --password=XXXXX

Asynchronous grabber ¶

Starting with Staffcop Enterprise version 5.7, an asynchronous mail grabber is available. It operates in multi-threaded mode and can process over 100,000 emails per day, provided the server meets system requirements.

Installation ¶

The asynchronous grabber is installed onto a Staffcop Enterprise server or onto a separate server.

Attention

It is recommended to install the asynchronous grabber onto a separate server. A multi-threaded mail grabber is resource-intensive and requires additional dependencies to be installed.

Install python3.7:

sudo apt update && sudo apt upgrade
sudo apt install software-properties-common
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt install python3.7

Download the installation package:

wget -O - https://distr.staffcop.su/stable5.7/staffcop.gpg | sudo apt-key add -
echo "deb https://distr.staffcop.su/stable5.7 stable5.7 non-free" | sudo tee /etc/apt/sources.list.d/staffcop.list

Install the grabber:

sudo apt-get update
sudo apt-get install staffcop-mail-grabber

Restart Staffcop:

sudo systemctl restart staffcop

Setup ¶

Attention

Disable the single-threaded grabber before enabling the asynchronous grabber.

To turn on the asynchronous grabber:

Open the configuration file:

sudo nano /etc/default/mail-grabber

Add the following parameters to the file:
- SERVER_HOST — SCE server address
- IMAP_HOST — IMAP server address
- IMAP_USER — IMAP server login
- IMAP_PASSWORD — IMAP server password
Additional parameters:
- IMAP_USE_SSL — use SSL to connect to the IMAP server
- IMAP_IGNORE_CERT — ignore SSL certificate verification. This option only works if IMAP_USE_SSL=True.
Note

If IMAP_USE_SSL=True and IMAP_IGNORE_CERT=True, the grabber ignores SSL verification and can use self-signed certificates.
- FILES_PATH — path to the emails folder
Create a folder, add the user sc-mailgrabber to the user group, and allow the user access to the folder — for example, for FILES_PATH=/home/user/mail:
mkdir /home/user/mail sudo usermod -aG user sc-mailgrabber sudo chown sc-mailgrabber:user /home/user/mail sudo chmod 775 /home/user/mail
where user is the original user of the created folder.
- WORKERS_DOWNLOADERS — number of threads for downloading emails
- WORKERS_PARSERS — number of threads for processing emails
- REPORT_BATCH_SIZE — amount of emails sent to Staffcop at a time
- DOWNLOAD_BATCH_SIZE — amount of emails downloaded from the IMAP server at a time
- PROCESSES_LIMIT — maximum number of grabber processes
- THREADS_LIMIT — maximum number of grabber threads.
Expand to see a sample configuration file
SERVER_HOST=10.10.10.10 IMAP_HOST=10.10.10.11 IMAP_USER='testmail@domain.ru' IMAP_PASSWORD='12345Password' IMAP_USE_SSL=True IMAP_IGNORE_CERT=True FILES_PATH="/home/user/mail" WORKERS_DOWNLOADERS=5 WORKERS_PARSERS=10 REPORT_BATCH_SIZE=500 DOWNLOAD_BATCH_SIZE=500 PROCESSES_LIMIT=20 THREADS_LIMIT=20
Save all changes.
Restart the mail grabber service.

sudo systemctl restart mail-grabber.service

Events will now be sent from the IMAP server to the Staffcop server.

Checking Service Status ¶

Service status:

sudo systemctl status mail-grabber.service

View logs:

tail -f /var/log/sc-mailgrabber/mail_grabber.log

Last Updated: 01.12.25