Lead Image © Alexander Dedrin, 123RF.com

Lead Image © Alexander Dedrin, 123RF.com

Open source mail archiving software compared

Locked Away

Article from ADMIN 28/2015
By
We compare three mail archiving tools: Piler, Benno MailArchiv, and MailArchiva.

By law, enterprises are required to retain email for a certain period of time. The archiving solutions discussed here, Piler, Benno MailArchiv, and MailArchiva, promise both legally compliant storage and added benefits for corporations.

Many countries provide a comprehensive system of legal regulations for governing the delivery and storage of email. For instance, some mail might contain commercial correspondence or tax-relevant information that forms an official legal record and must stay around for a predetermined time for auditing purposes.

The auditability requirement often dictates that the archived email be immutable and thus protected against access by staff – even the omnipotent administrator. The laws governing email pose several technical problems: Many messages are stashed away in local mailboxes of mail clients where they are stored in an unstructured way so that pertinent messages cannot easily be distinguished from other mail. Targeted searching thus involves a large amount of manual work. The requirements for digital auditing, and possibly also internal compliance policies, are thus not met. Additionally, the daily flood of spam that swamps mailboxes makes it very difficult to sort the digital chaff from genuine content and hugely bloats the data volumes.

More Than Compliance

State-of-the-art archiving solutions address these tasks and problems with a varying degree of internal overhead. They take care of automated, permanent email storage, make the content easy and quick to find through centralized search solutions, and ensure auditable storage of the data. Ideally, these solutions will integrate seamlessly with the enterprise network, collaborate nicely with all popular mail servers, offer web-based access, provide granular authorization, and be able to store any kind of data transparently on any popular kind of storage medium, or even on specialized archiving systems. Ideally, too, the operator will have a choice of infrastructure between on-premises or cloud storage.

A positive side effect of such a solution is the reduced storage space requirement, because mail can be compressed and deduplicated. Additionally, it will be beneficial for business continuity, because mail remains in the archive even if mail servers fail or mail data is lost. Full-text searching against mail content and in mail attachments also makes it possible to find mail content years after archiving a message. See the "Legal Framework Example" box for more information.

Legal Framework Example

Requirements for electronic archiving:

  • Original electronic data must be archived electronically.
  • Storage in hard copy is not permissible
  • Electronically evaluable data must remain electronically evaluable.
  • Attachments must be kept in the original format (e.g., Word files).
  • Format conversions are not permissible (e.g., storage as PDF).

Features of auditable archiving:

  • No retroactive loss of data.
  • No retroactive (unnoticed) modification of data.
  • Data changes must be reversible.

Technical requirements:

  • It must be possible to make data available within a reasonable period of time.
  • Migration to new storage technologies must be possible.
  • The storage must be capable of handling growth in the long term.

Powerful Open Source Applications

In this article, I examine three standalone mail archiving products from the open source camp: Piler, Benno, and MailArchiva; Table 1 compares the features of these archiving tools.

Table 1

Overview of the Test Candidates

Features Benno MailArchiv MailArchiva Piler
Test version 2.1.0 4 1.1.0
Variant Community Edition, Commercial Version Open Source Edition, Enterprise Edition Open Source Edition
SaaS model Via partners, Hosting Edition Cloud Edition No, but multitenant capable
Operating systems Debian, Ubuntu, SLES, RHEL, UCS Windows, Linux, Solaris, BSD, OS X Linux, Solaris
License GPL1 GPLv2 GPL
Mail server Postfix, Exim, Sendmail, Qmail Yes Yes, all SMTP
Microsoft Exchange 2003/2007/2010 5.5/2000/2003/2007/2010/2013 2003/2007/2010/2013
Google apps No Yes2 Yes
Others Zarafa, Open-Xchange Lotus Notes, Kerio, CommuniGate Pro, Scalix Lotus Notes, Zimbra, Office 365
Archiving
Mail standards POP3, IMAP, SMTP, Maildir, Milter POP3, IMAP, SMTP, Maildir, Milter POP3, IMAP, SMTP, Maildir, Milter
Archiving rules No Yes Yes
Retention rules No Yes2 Yes
Encryption No AES-256 Blowfish
Demonstrable immutability Checksums and log Signature,2 log signature,2 and log Signature and log
Compression Yes, bzip Yes, zip Yes, Zlib
Import POP3, IMAP, Maildir Maildir, PST, EML, MSG, Exchange, Google, Office 365 EML, Mailbox, PST
Export EML EML, PDF2 EML
Clustering search No Yes2 No
Multitenanting Hosting Edition Yes2 No
Deduplication Yes, email and attachments Yes, email and attachments2 Yes, email and attachments
CLI Yes Yes2 Yes
Client/Search
Web client Yes, Ajax Yes, Ajax Yes, responsive
Full-text search Yes Yes Yes
Multilingual search Yes Yes Yes
Forwarding Yes Yes Yes
Search in attachments Word, PPT, Excel, PDF, RTF, OpenOffice, zip, gzip, bzip2, tar, cpio, ar, JPEG metadata, Flash, mp3 Word, PPT, Excel, PDF, RTF, ZIP, tar, gz, OpenOffice Word, PPT, Excel, PDF, RTF, ZIP, OpenOffice
Permissions Yes Yes2 Yes
Auditing Yes Yes Yes
Integration/Adaptation
Authentication Web GUI LDAP, MS AD, Univention Corporate Server (UCS), Novell eDirectory LDAP, MS AD, NTLM, Google, iMail LDAP, MS AD, Google, NTLM
Storage Filesystem Filesystem Filesystem
Localization German German, English, Portuguese, Czech, Chinese, Greek, French, Dutch, Russian, Japanese, Korean, Thai German, English, French, Spanish, Hungarian, Portuguese, Russian
APIs REST, XML, Web service API with JSON support Web services No
Antivirus scanner No Yes: ClamAV Yes: ClamAV
Backup No Yes1 Yes
Themes/skins No Yes1 Yes
Price
Licenses EUR80 per year incl. five mailboxes (Small Business Edition); EUR12.50 per mailbox a year for 20 mailboxes (Standard Edition) Free up to 20 mailboxes; EUR23 per mailbox one-off, at least 25 mailboxes must be licensed. Free
Support Software maintenance in first year, free, can be purchased separately for additional years 20 percent of license costs per year Not available
1 Community Edition only. 2 Commercial versions only.

All of these products have a fundamentally similar approach: Email is either actively transmitted to the archive (using SMTP) or passively polled by the archive system, that is, retrieved from the mail or groupware server – typically using POP3 or IMAP calls to a journaling mailbox. As you can see in Figure 1, the messages are permanently stored either on the archive filesystem or in the database, including attachments.

Figure 1: Mail archiving solutions store all incoming and outgoing mail in a central archive.

All systems can be managed using a web client and support audits. The tools come with rights management features, including optional directory integration. The systems listed here all claim to be audit-proof and legally compliant. Of course, any technical solution must be accompanied by appropriate organizational policies to guarantee it as a compliant and comprehensive solution. Also, different jurisdictions have different rules for mail archiving. You should familiarize yourself with laws for your own country: Don't depend on the software to know your legal requirements.

Piler

Piler [1] is completely open source software from Hungary; its feature scope has grown immensely in the past two years so that it can now be regarded as a complete solution for mail archiving.

Email can be retrieved from SMTP servers by a variety of manufacturers, including Microsoft Exchange, and imported from different formats. The data is encrypted using the Blowfish algorithm and stored on the filesystem as compressed files. The matching metadata is stored in a MySQL database. The duplication rules are applied to both messages and attachments. Searching is handled by a Sphinx search engine.

The software takes legal requirements into consideration for the most part: Auditing options are in place, as is logging throughout. When saved, email is digitally signed to be able to check for manipulation or demonstrate a lack of it. Piler can connect to a large number of mail servers, including Lotus Notes, Zimbra, Google Apps, and Office 365. Authentication can be handled by LDAP or Active Directory or controlled by an IMAP server.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs



Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>
	</a>

<hr>		    
			</div>
		    		</div>

		<div class=