Medozas
July 20th, 2004, 20:11
Hi!

I have a little special need in a postfix manner :-)

My Problem is, i would like to use postfix as a relay, which is not my big problem, but i'd like to save every message running over postfix as a file.

Reason is, we need proof that someone in one of our customers company is really sending bad stuff into the net (virus-stuff, etc.). we would like to get this special one, but we need proof. a lot of stuff is sent by email, running over the customers own mail-server. is there maybe some king of howto, or something similar?

Help would be greatly appreciated!

Thank you very much

Best regards,

Michael Mensik :let_it_al

elmore
July 20th, 2004, 20:28
What you want to do is setup your postfix server to be a selective relay. Essentially you'll wanna configure /etc/postfix/virtual to look similar to the following:



user@badcompany.com user
user@badcompay.com user@badcompany.com



Which would capture e-mail fom that user into a mailbox and continue delivery to its final destination @badcompany.com. You could alternatively do that in the /etc/aliases file as well. If you don;t know who the user is you could just collect all mail from @badcompany.com into a file monitor it and requeue it for delivery later, though you may not have that option.

In either case an excellent book which explains how to do this is the Richard Blum Postfix book, probably around page 246 and going through around page 262 or so. Don;t quote me on those page numbers!


ISBN for the book: 0-672-32114-9


Let us know how it turns out! Good Luck!

*EDIT*
Now that I think about it a little more you could build a special call in the master.cf file and then send incoming from the @badcompany domain through that which would call a script that looks for the malicious content before sending it on its way. That's probably a little overkill for this though. There's probably 1000 other ways to do this as well, Postfix is so darn flexible. I'll let some of the other postfix guys like krusty, minion and bmw answer as they are all the real postfix guru's on the board...
*EDIT*

bmw
July 20th, 2004, 21:29
Brute-force answer: using the "always_bcc" Postfix feature copy all mail sent thru the relay to a local mailbox address, use procmail to filter what you send to that address, then use a normal mailer to read the mailbox.

From the Postfix docs:

always_bcc (default: empty)

Optional address that receives a "blind carbon copy" of each message that
is received by the Postfix mail system.

NOTE: if mail to the BCC address bounces it will be returned to the sender.

NOTE: automatic BCC recipients are produced only for new mail.
To avoid mailer loops, automatic BCC recipients are not generated for mail
that Postfix forwards internally, nor for mail that Postfix generates itself.


So you could send mail to the user "sneaky" and use procmail (invoked from sneaky's .forward file) to discard all but the mail of interest. Then you use an ordinary IMAP mail reader (eg Thunderbird) to read "sneaky's" mail.

elmore
July 20th, 2004, 21:38
hey I didn;t know about that always bcc feature. Cool!

Medozas
July 21st, 2004, 04:18
Hi again!

Thank you for you incredibly fast answer!

This bcc feature sounds better to me than the other one,
maybe i didn't understand correctly, what you ment elmore - you must now, actually i have no knowledge in mail handling (server-based). Normally I'm Software Developer, and not System Administrator, i was just thrown into this.....

this bcc feature sounds to me, i can send every mail sent to another account with a custom e-mail-adress, and that is exactly, what i want

BAD SENDER --> RECEIPENT
BAD SENDER --> Custom E-Mail (BCC)

Did i understand this correctly?

Thanks a lot in advance

P.S.: Sorry for my partially bad english.... I'm from Germany :icon_smil

Michael Mensik

Medozas
July 21st, 2004, 07:19
Hi Again!

Well, after working everything out now, I've found the best way to get that working - the solution bcc was the best for now - my only problem might be for the future: how do i get this only user-based, and not system-wide.

what i mean is, i'd like to use this server as a in-house smtp-server-relay in future, but i only want to get copys from the single person, which i need to view, the rest i don't.

i've already looked through the web, but didn't find something i could need...

any suggestions?

Thank you very much for your help!!!


Michael Mensik

by the way: i'm really increadibly impressed, of what postfix is capable of, the "framework" is absolutely great, in my opinion.

bmw
July 21st, 2004, 07:57
"always_bcc" is not selective, it BCC's *all* the mail. But you can use a simple filter (and I highly recommend procmail) to remove all but the mail you need from the stream.

Yes Postfix is great; and it keeps on getting better. It's perfect for somebody like yourself who is not a full-time admin because it works very well right "out of the box".

Cheers!