[K12OSN] Archiving Email

Jim Kronebusch jim at winonacotter.org
Tue Oct 23 21:04:08 UTC 2007 

On Tue, 23 Oct 2007 12:17:54 -0400, Shawn Powers wrote
> If you are archiving every incoming and outgoing email in your  
> network, how are you doing it?  We've had too many instances that  
> have required searching, and my current email backup scheme doesn't  
> really lend itself to forensics.
> 
> Is it possible to pipe all emails (again, incoming and outgoing) into  
> something like pipermail that mailman uses?  Ideally with searching  
> and sorting abilities...
> 
> I'm currently using sendmail and dovecot with maildir folders.  I'm  
> willing to change MTAs, but I'm really scratching my head to come up  
> with the best way to accomplish the task.  I'm looking for any advice  
> you can offer.
> 
> (No, I'm not looking for ethical or political responses, we're way  
> past that...)

Well, here is something I've been using for a few years now.  My business has ran into
companies that we serve mail for who have wanted archives of all incoming or outgoing
mail for reference in court trials if necessary.  Now it is actually a law that archives
must be kept.  So that eliminates any of the ethical or political responses :-)

I run postfix, but I assume there is something very similar for sendmail.  First you
need to create the lookup files.  First is /etc/postfix/sender_bcc_maps.  This would
have a list of email addresses or domains in order of from to like so:

@yourdomain.com archive at yourdomain.com
specific_sender at yourdomain.com specific_user at yourdomain.com

Just create a text file with the syntax above and save it.  The run "postmap
/etc/postfix/sender_bcc_maps" to create the database file.  Anytime this file is
modified you'll have to run the postmap command to update the database.  This will catch
all outgoing email.

Then you can create a /etc/postfix/recipient_bcc_maps file with the same syntax to catch
all incoming email:

@yourdomain.com archive at yourdomain.com
specific_sender at yourdomain.com specific_user at yourdomain.com

Save that and run the postmap command.

Then modify your /etc/postfix/main.cf and add the following to the end of the file:

# Archive mail from specific Sender
sender_bcc_maps = hash:/etc/postfix/sender_bcc_maps

# Archive mail to specific recipient
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc_maps

Then reload the postfix configuration with "/etc/init.d/postfix reload".  Of course
create your archive users in advance.  Now you have all archive mail in a single mailbox
for future reference.  You can browse this with webmail or download periodically to an
email client and then backup the client data.  You can also use this for many other
purposes.  Basically this just adds a bcc at the server level to all sent/received email
to the specified addresses.  Very handy. 

Hope this helps someone.

Jim

-- 
This message has been scanned for viruses and
dangerous content by the Cotter Technology 
Department, and is believed to be clean.

More information about the K12OSN mailing list