Open source mail archiving software compared
Locked Away
By law, enterprises are required to retain email for a certain period of time. The archiving solutions discussed here, Piler, Benno MailArchiv, and MailArchiva, promise both legally compliant storage and added benefits for corporations.
Many countries provide a comprehensive system of legal regulations for governing the delivery and storage of email. For instance, some mail might contain commercial correspondence or tax-relevant information that forms an official legal record and must stay around for a predetermined time for auditing purposes.
The auditability requirement often dictates that the archived email be immutable and thus protected against access by staff – even the omnipotent administrator. The laws governing email pose several technical problems: Many messages are stashed away in local mailboxes of mail clients where they are stored in an unstructured way so that pertinent messages cannot easily be distinguished from other mail. Targeted searching thus involves a large amount of manual work. The requirements for digital auditing, and possibly also internal compliance policies, are thus not met. Additionally, the daily flood of spam that swamps mailboxes makes it very difficult to sort the digital chaff from genuine content and hugely bloats the data volumes.
More Than Compliance
State-of-the-art archiving solutions address these tasks and problems with a varying degree of internal overhead. They take care of automated, permanent email storage, make the content easy and quick to find through centralized search solutions, and ensure auditable storage of the data. Ideally, these solutions will integrate seamlessly with the enterprise network, collaborate nicely with all popular mail servers, offer web-based access, provide granular authorization, and be able to store any kind of data transparently on any popular kind of storage medium, or even on specialized archiving systems. Ideally, too, the operator will have a choice of infrastructure between on-premises or cloud storage.
A positive side effect of such a solution is the reduced storage space requirement, because mail can be compressed and deduplicated. Additionally, it will be beneficial for business continuity, because mail remains in the archive even if mail servers fail or mail data is lost. Full-text searching against mail content and in mail attachments also makes it possible to find mail content years after archiving a message. See the "Legal Framework Example" box for more information.
Legal Framework Example
Requirements for electronic archiving:
- Original electronic data must be archived electronically.
- Storage in hard copy is not permissible
- Electronically evaluable data must remain electronically evaluable.
- Attachments must be kept in the original format (e.g., Word files).
- Format conversions are not permissible (e.g., storage as PDF).
Features of auditable archiving:
- No retroactive loss of data.
- No retroactive (unnoticed) modification of data.
- Data changes must be reversible.
Technical requirements:
- It must be possible to make data available within a reasonable period of time.
- Migration to new storage technologies must be possible.
- The storage must be capable of handling growth in the long term.
Powerful Open Source Applications
In this article, I examine three standalone mail archiving products from the open source camp: Piler, Benno, and MailArchiva; Table 1 compares the features of these archiving tools.
Table 1
Overview of the Test Candidates
Features | Benno MailArchiv | MailArchiva | Piler |
---|---|---|---|
Test version | 2.1.0 | 4 | 1.1.0 |
Variant | Community Edition, Commercial Version | Open Source Edition, Enterprise Edition | Open Source Edition |
SaaS model | Via partners, Hosting Edition | Cloud Edition | No, but multitenant capable |
Operating systems | Debian, Ubuntu, SLES, RHEL, UCS | Windows, Linux, Solaris, BSD, OS X | Linux, Solaris |
License | GPL1 | GPLv2 | GPL |
Mail server | Postfix, Exim, Sendmail, Qmail | Yes | Yes, all SMTP |
Microsoft Exchange | 2003/2007/2010 | 5.5/2000/2003/2007/2010/2013 | 2003/2007/2010/2013 |
Google apps | No | Yes2 | Yes |
Others | Zarafa, Open-Xchange | Lotus Notes, Kerio, CommuniGate Pro, Scalix | Lotus Notes, Zimbra, Office 365 |
Archiving | |||
Mail standards | POP3, IMAP, SMTP, Maildir, Milter | POP3, IMAP, SMTP, Maildir, Milter | POP3, IMAP, SMTP, Maildir, Milter |
Archiving rules | No | Yes | Yes |
Retention rules | No | Yes2 | Yes |
Encryption | No | AES-256 | Blowfish |
Demonstrable immutability | Checksums and log | Signature,2 log signature,2 and log | Signature and log |
Compression | Yes, bzip | Yes, zip | Yes, Zlib |
Import | POP3, IMAP, Maildir | Maildir, PST, EML, MSG, Exchange, Google, Office 365 | EML, Mailbox, PST |
Export | EML | EML, PDF2 | EML |
Clustering search | No | Yes2 | No |
Multitenanting | Hosting Edition | Yes2 | No |
Deduplication | Yes, email and attachments | Yes, email and attachments2 | Yes, email and attachments |
CLI | Yes | Yes2 | Yes |
Client/Search | |||
Web client | Yes, Ajax | Yes, Ajax | Yes, responsive |
Full-text search | Yes | Yes | Yes |
Multilingual search | Yes | Yes | Yes |
Forwarding | Yes | Yes | Yes |
Search in attachments | Word, PPT, Excel, PDF, RTF, OpenOffice, zip, gzip, bzip2, tar, cpio, ar, JPEG metadata, Flash, mp3 | Word, PPT, Excel, PDF, RTF, ZIP, tar, gz, OpenOffice | Word, PPT, Excel, PDF, RTF, ZIP, OpenOffice |
Permissions | Yes | Yes2 | Yes |
Auditing | Yes | Yes | Yes |
Integration/Adaptation | |||
Authentication Web GUI | LDAP, MS AD, Univention Corporate Server (UCS), Novell eDirectory | LDAP, MS AD, NTLM, Google, iMail | LDAP, MS AD, Google, NTLM |
Storage | Filesystem | Filesystem | Filesystem |
Localization | German | German, English, Portuguese, Czech, Chinese, Greek, French, Dutch, Russian, Japanese, Korean, Thai | German, English, French, Spanish, Hungarian, Portuguese, Russian |
APIs | REST, XML, Web service API with JSON support | Web services | No |
Antivirus scanner | No | Yes: ClamAV | Yes: ClamAV |
Backup | No | Yes1 | Yes |
Themes/skins | No | Yes1 | Yes |
Price | |||
Licenses | EUR80 per year incl. five mailboxes (Small Business Edition); EUR12.50 per mailbox a year for 20 mailboxes (Standard Edition) | Free up to 20 mailboxes; EUR23 per mailbox one-off, at least 25 mailboxes must be licensed. | Free |
Support | Software maintenance in first year, free, can be purchased separately for additional years | 20 percent of license costs per year | Not available |
1 Community Edition only. 2 Commercial versions only. |
All of these products have a fundamentally similar approach: Email is either actively transmitted to the archive (using SMTP) or passively polled by the archive system, that is, retrieved from the mail or groupware server – typically using POP3 or IMAP calls to a journaling mailbox. As you can see in Figure 1, the messages are permanently stored either on the archive filesystem or in the database, including attachments.
All systems can be managed using a web client and support audits. The tools come with rights management features, including optional directory integration. The systems listed here all claim to be audit-proof and legally compliant. Of course, any technical solution must be accompanied by appropriate organizational policies to guarantee it as a compliant and comprehensive solution. Also, different jurisdictions have different rules for mail archiving. You should familiarize yourself with laws for your own country: Don't depend on the software to know your legal requirements.
Piler
Piler [1] is completely open source software from Hungary; its feature scope has grown immensely in the past two years so that it can now be regarded as a complete solution for mail archiving.
Email can be retrieved from SMTP servers by a variety of manufacturers, including Microsoft Exchange, and imported from different formats. The data is encrypted using the Blowfish algorithm and stored on the filesystem as compressed files. The matching metadata is stored in a MySQL database. The duplication rules are applied to both messages and attachments. Searching is handled by a Sphinx search engine.
The software takes legal requirements into consideration for the most part: Auditing options are in place, as is logging throughout. When saved, email is digitally signed to be able to check for manipulation or demonstrate a lack of it. Piler can connect to a large number of mail servers, including Lotus Notes, Zimbra, Google Apps, and Office 365. Authentication can be handled by LDAP or Active Directory or controlled by an IMAP server.
Buy this article as PDF
(incl. VAT)