OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Bennett Todd (bet_at_rahul.net)
Date: Mon Feb 03 2003 - 13:14:52 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    2003-02-03T13:52:12 Eli Klein:
    > I have a need to basically match a source or destination e-mail
    > address on incoming or outgoing e-mail. This is very easy with
    > content filtering, however I need to save a copy of that message
    > and then deliver it normally.

    The least-work solution, adequate in some settings, is to set
    always_bcc to a mailbox that then uses procmail or something like it
    to save only the messages you want to preserve. This has two
    defects, for some people one or the other may make this
    unacceptable. First, this approach duplicates _all_ transit email,
    incoming and outgoing, then tosses everything except what you want
    to keep. The performance consequence of that may or may not be
    tolerable, depends on how close your server is to the well. And
    second, if for any reason that Bcc delivery fails, the sender will
    get a distinctly suspicious bounce that may alert them that
    someone's playing games with their email. I can't say that one would
    worry me much, but then I'd set up such a mailbox to be pretty
    darned reliable, and have enough monitoring on the box to prevent
    the usual suspects (full disks) from triggering bounces.

    For a bit more work, you could go the content-filtering route. If
    you used my <URL:http://bent.latency.net/smtpprox/>, you could do
    e.g. a manual maildir delivery directly open-coded in Perl, at the
    point where the mainloop has caught "." --- at that point the server
    data structure has member variables $from and to (envelope) and
    $data (a filehandle whose file you can rewind and read for the
    contents of the message). I'd tuck the envelope into some extra
    headers, barf them out, then the body.

    Hm. Now that I describe it, this sounds awfully familiar. Ahh, I see
    why, I already wrote that. Here it is, smtp-tee, ready to use as a
    content filter, it's built on the same helper modules as my
    above-cited smtpprox, so you'll want to score that as well. NB that
    this currently delivers basically the same functionality as
    always_bcc, to turn it into the filtering saver you want you'll have
    to add some code to limit which messages it keeps. That shouldn't be
    too painful, I wouldn't think.

    -Bennett

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)

    iD8DBQE+Pr+rHZWg9mCTffwRAiUXAJ95hhOcwc2rMm+7zWgT8JmS+4dlBwCgqKbJ
    W3amrD5bnh8Xtw0HOI/+jAw=
    =Eh8D
    -----END PGP SIGNATURE-----