I was eagerly waiting for the responses you would get for your query. Looks
like experts have given their opinion and what all we know is
sendmail/procmail's inbound email capturing is very strong; it is good enough
if the TO or one of the TO/cc addresses belongs to your office's (on LAN) email
address BUT emails just bounce or untraceable if those are for your
enterprise's WAN or internet.
Let me tell you about myself, I am a newbie in sendmail/procmail, I have
Linux/sendmail/procmail and outlook express 5.0 at clients and I have been
facing similar scenario. Earlier I thought it was BCC route then the 8 bit
header route some 1 is sending information outside people which is costing my
I have developed work around way for this problem at which most of the experts
are going to scoff/laugh though it requires final touches.
it is some what like this.
any email which leaves your LAN has to be in a queue (mailq), be it 8 bit
header mail or bcc or wan/internet mail. So in sendmail.cf set MinQueueAge to
Set DeliveryMode to deffered. Now every email has to ferment in a queue. I
have tested this and it works fine.
Now run a shell which mailq | grep 'culprit'sID' | cut -c1-8 which will give
you Q-ID of culprit's email being fermented in the queue.
Next is cp *Q-ID from /var/spool/mqueue to a specific location.
autorun the above shell using 'at' command at interval of 5 minutes.
This way I have captured almost all the communication of culprit.
Only problem is, well I feel guilty of slowing down my email server due to
these over heads.
Truely speaking I am still touching up the settings to avoid mail delivery as
although 6 minutes delay is set, it is more than 30 minutes.
I shall be happy if experts do help us in touching up sendmail.cf for this
Thanking you all for reading thru this un conventional solution,
procmail mailing list