Topic: smtp spool archive

[kadybee]

I have heard/read of a solution to create an archive of mail (in/outbound) by creating a second spool to a file.

Has anyone tried this - or anything else which would archive all mail through the server?

Any suggestions to achieve such an archive would be welcome.


Thanks

Klaus

[Franco]

Purpose :
To capture mails coming into and out of your SME server via POP3 and SMTP for archiving or auditing.
1. Download the mailarch.zip file. Then find and download Pegasus Mail 4.02. You will also need to find and download dsniff-2.3-2.i386.rpm. You will need to extract the mailsnarf program from this rpm, the rest isn’t needed for the purpose of this how-to.

2. Unzip the file and copy the files into the following locations (if any folders don’t currently exist, create them):

Copy mailarchive and mbextract to /opt/mailarch
Copy mailarch to /etc/rc.d/init.d

Extract the mailsnarf program from the dsniff package, then

Copy mailsnarf to /sbin

3. Create symbolic links to automatically start mailarchive upon a reboot and to perform daily mail processing.

ln -s /etc/rc.d/init.d/mailarch /etc/rc.d/rc7.d/S99mailarch
ln -s /opt/mailarch/mailarchive /etc/cron.daily/mailarchive

4. Create an ibay called marchive. You will need to give access to this ibay to the user account which will access the mail archives via Pegasus Mail from a Windows PC.

5. Map a drive on your Windows desktop to the marchive ibay (eg. Map M: to \\sme\marchive).

6. Install Pegasus Mail into your Windows PC. When starting Pegasus Mail for the first time and set the mail directory when prompted to M:\

7. Start mailarchive by typing the following at the server console :-

/etc/rc.d/init.d/mailarch start

That’s it ! Your mails (not webmail unless it generates SMTP traffic through the monitored interface !) will be captured and then processed and dropped into the marchive ibay. The mbextract script was modified to specifically create filenames compatible with Pegasus Mail. You can review / audit the mails using Pegasus without needing to “collect” the mail from the server. The reason for all this is because if you merely dropped the processed mail into an existing SME user mailbox, the process of collecting the mail will result in all the mails being captured again ! By using Pegasus (or any other mail program which works in a similar fashion), you do not need to actually deliver the mails to view / review them. Note if you were monitoring the external interface, this would not normally be a problem, but you won’t capture any local / internal mails.

[kadybee]

Many thanks for that.  Looks exactly what i need.

I can't find the "mailarch.zip" anywhere though.  Any suggestions as to where to look for it?


Thanks

[Franco]

Email me and I'll reply with it!

[NickR]

For an alternative method, take a look at this thread:

http://forums.contribs.org/index.php?topic=21237.0

I use this method on several servers & it works really well.  It has the advantages of not needing to run another process and the messages are in standard format, so no need to use pmail to retrieve them.

[kadybee]

Thanks for that Nick.

I'm sure I spent a day looking for that thread!  I tried just about every relevant search term I could think of with no result ... and there it is!!

I guess the search process of contribs.org could make for another thread, but I would have thought that (eg) "email archive" would bring up that thread .. it don't


Regards

Klaus

[Franco]

For an alternative method, take a look at this thread:

http://forums.contribs.org/index.php?topic=21237.0

I use this method on several servers & it works really well.  It has the advantages of not needing to run another process and the messages are in standard format, so no need to use pmail to retrieve them.

NickR,
This is a much easier solution and I really liked it. On which distribution are you using it?

[NickR]

It did work on 5.6, but now I only use SME 6.0.1 with lots of update patches applied.  I see no reason why it wouldn't work on 6.5 though.

I haven't looked at SME 7 in much detail yet, but I guess Charlie will be able to tell us if it is possible there also.

[gordonr]

I haven't looked at SME 7 in much detail yet, but I guess Charlie will be able to tell us if it is possible there also.

Yes, but not in the same way. Release 7 uses qpsmtpd instead of mailfront and there is a 'bcc' (capture copies of mail) plugin for qpsmtp. The plugin is installed, but not enabled by default.

If you'd like to raise a New Feature Request in the SourceForge bug tracker, I'll work out the magic so that it can easily be enabled.

Thanks,

Gordon

[NickR]

If you'd like to raise a New Feature Request in the SourceForge bug tracker, I'll work out the magic so that it can easily be enabled.

Done as request ID 1317487

Thanks Gordon, I feel this would be a valuable feature to many.

[Franco]

Testing on a 6.5 reveals that I have the latest mailfront [mailfront-0.91-8es.i386.rpm] but I don't have the "env" directory under var/service/smtpfront-qmail/ [Where shoul I add the environment variable in this case?]

Thanks guys

[NickR]

Err, have you tried doing

mkdir -p /var/service/smtpfront-qmail/env/

[mrjhb3]

This feature seems to be broke in 6.5.  I have tried to get it to work, but no go.  It works on 6.0.1, upgraded to 6.5 - no workie.  Loaded 6.5 fresh, added the same entries as 6.01 - still no workie.  If someone gets it to work, you will get my thanks.  
 
JB

[Franco]

Nope, couldn't get it to work under 6.5 either! Even after

Err, have you tried doing

mkdir -p /var/service/smtpfront-qmail/env/

Mail system under 6.5 is very different from 6.0.