andrew at mcgill.org.za
mailspy is a sendmail milter program (mail filter). For each mail that is filtered, the the sender, recipient, subject line and attachment names are logged.
mail headers can be logged to a file.
mailspy can also pipe messages to a process. You can use procmail to archive selected message headers or bodies. If you can concieve of something else useful that you can do with a stream of message headers and bodies, you can do that too.
Check that you have MILTER support in your distribution of
otherwise, obtain a version of
sendmail with milter support. You should
have something like this.
foo:~ $ sendmail -d < /dev/null | grep -A5 "Compiled" Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASL SCANF STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT
The main targets for the make file are:
Compile C source to executable. Requires sendmail libmilter header files and libraries.
Install files in
/usr/local/bin. You can set the
variable if you want to install files in a different root directory.
Try to mangle your
/etc/mail/linux.mc (m4 source file) into
/etc/sendmail.cf and start mailspy.
This appends mailspy filter rules to
/etc/mail/linux.mc and run
m4 to produce
Also installs and creates links in
Make distribution in tar.gz format. You'll need linuxdoc and friends.
make start doesn't do it for you on your system, you
might be using something other than SuSE Linux 7.2 / 7.3. Send me a patch that
makes it work for your system, and I'll see what I can do.
install installs the binaries, but does not configure sendmail to use the
filter, and does not create links in /etc/init.d to make sure that the program works.
If you don't have sendmail libraries and header files installed, you are going to struggle just a little. You will have to install sendmail-devel (d4 series on SuSE 8.0) in order for this to work. If you are using sendmail-8.11 or so, you will need to uncomment -lsfio in the Makefile (sorry).
The program installs in
/usr/local/bin by default (and
you can't change this either). The default mailspy startup file
listens on a unix socket
logs mail details to
/var/log/mailspy. If you want to
log mail headers, you have to specify a log file yourself.
The program appends to the end of the log files. To rotate the log files there is a program called cronspy.sh which should do the trick, and which should be runnable as a user `mailspy', although this has never really been established.
The usage for mailspy is:
The items are:
./mailspy -p socket [-f logfile] [-h headerlog] [-P pipe-msg-to-cmd]
The socket specifies how mailspy connects to the sendmail process it is spying on, you can specify a unix socket (a named pipe) or an IPV4 or IPV6 socket.
The log file records messages in terms of the envelope sender and
recipient, and also the subject and attachment names. The particular
log format is only understood by
If you want to log only headers of each message, then this is one way to do it.
All mail can be piped to a process. If mailspy is running as the user
`mailspy', then the contents of
determine what happens with each message. Using procmail rules you
can archive messages, forward selected messages to arbitary recipients,
and do any amount of interesting things. Note: If the process
fails to handle the message, the error is ignored.
If you use procmail delivery together with a global
/etc/procmailrc, you may find that procmail does not deliver
the mail quickly enough, and you get sporadic 451 message failures.
This happens if you use the anomy sanitizer from procmail. The
solution is not to do this.
Coming soon to this paragraph (erm), answers to your questions --
Does your company, country, state, municipality or local mafia boss permit the logging of e-mail? Do you have to notify people that their e-mail is being logged? Does logging the e-mail imply a responsibilty on you to read the log? It turns out I don't know.
No statement is made about the legal implications of using this program (except for this statement, which says there is nothing to say). If you need to know, consult a real live legal practitioner. I am not a lawyer. (And the chances are there is some really great page out there with all of this information for all countries...)
Another thing -- this program is licenced under the GNU General Public License.