procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Can I Do this?

2003-07-17 12:24:37
from [Paul Chvostek] [Permanent Link] 
On Thu, Jul 17, 2003 at 12:58:07PM -0600, Scott Miller wrote:


Hi all, I'm new to this list, and have just one question.

I'm wondering if anyone can help me configure Procmail.  I have a
very unique situation here - and can't go into too much detail.  I have a
customer who is under investigation, and I've received a court order to log
all incoming and outgoing mail for this particular user for a set period of
time.  I was wondering if Procmail would help me to do this.  Basically I
just need to dump all incoming into one file (while also delivering the mail
to the user), and outgoing into another, then at the end of the time period,
hand over the file.


You can do this by giving the user a .procmailrc file that includes
something like:

  :0 c:
  /var/tmp/bigbrother

which will store every message, but allow whatever other delivery is
happening to proceed normally.

Note that you can probably also capture his inbound mail with settings
in your MTA.  For example, if you use Sendmail, you could add a line to
your /etc/mail/aliases file with:

  baduser:      baduser,/var/tmp/bigbrother

then `touch /var/tmp/bigbrother; chmod 666 /var/tmp/bigbrother` or use
whatever permissions will work in your environment.

In terms of capturing outbound mail, you've got two problems -- first,
procmail doesn't normally get called to filter anything except mail
that's being *delivered*, and second, the user may use other SMTP
servers besides yours.

If you can restrict (or redirect) your outbound port-25 traffic so that
you can guarantee his mail will move through your SMTP server, you'll
eliminate the second problem.  To deal with the first, you will have to
refer to the instructions for your MTA.  There are folks who shunt
outbound mail through procmail and other things (spamassassin, virus
scanners, etc), so it's certainly possible to apply the filter ... but
you'll still have the problem of identifying your user's email.  (If he
spoofs a head line you're relying on to recognize his mail, you've got a
problem.)

I'll be interested to hear what solution you eventually come up with,
especially if it's based on procmail.  :-)

-- 
  Paul Chvostek                                             
<paul(_at_)it(_dot_)ca>
  Operations / Abuse / Whatever
  it.canada, hosting and development                   http://www.it.ca/


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Can I Do this?, Scott Miller
Next by Date:  Re: Can I Do this?, Professional Software Engineering
Previous by Thread:  Can I Do this?, Scott Miller
Next by Thread:  Re: Can I Do this?, Professional Software Engineering
Indexes:  [Date] [Thread] [Top] [All Lists]