OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: backup every incoming mail to file

From: mouss (moussnetoyen.net)
Date: Tue Jul 01 2008 - 10:45:05 CDT


Leo wrote:
> Hello,
>
> we want to replace our current mail server (sendmail) with a new one
> (postfix). For security reasons we want to make a backup of every
> incoming mail (including envelope information) to the filesystem
> (simple text file, e.g. mails_2008-07-01.txt, ...).
>
> Current setup:
> postfix + amavisd-new + clamav + spamassassin
>
> Postfix receives mail for a virtual domain, delivers it through the
> "content_filter" parameter to amavisd-new (clamav+spamassassin) and
> gets it back from amavisd-new on a second smtpd daemon. This is the
> default setup for amavisd-new.
>
> Our problem is to save every mail BEFORE it will be filtered by
> amavisd-new.

why? why not configure your amavisd-new to pass all mail so that you can
do the copy AFER filtering. This is simpler and has the advantage of
putting the filter decison (amavisd-new and SA headers) in the archived
copy.

> Is there a possibility to do this? Or is the only way to patch the
> amavisd-new source code?

you can use recipient_bcc_maps with pcre: something like

/(.)/ $1bcc.example.com

but you need some care (think of enabled/disabled address rewrite,
loops, ... etc).

you may need to setup an additionnal smtpd (with its own cleanup
service) before amavisd-new.