Koozali.org: home of the SME Server

Maillog missing BCC messages

Offline magwm

  • *
  • 159
  • +0/-0
  • SmeLover
    • Gadis Tourist Service Italia SRL
Maillog missing BCC messages
« on: August 16, 2024, 10:00:05 AM »
I am using the BccUser maillog system to import all email sent and received to our logistics software.
Now since the beginning it was quite clear that messages sent as BCC would not be acquired by the system, for instance
message to:external@external.com;BCC:internal@internal.it
the message to external@external.com would be logged in the maillog mailbox, but the message to internal@internal.it is not present nor is there any mention of it in the external message (as bcc headers get stripped).

Now can any of you think of a method to make BCC messages be copied BCC to maillog as well, in a way that would permit to recognize the bcc'ed recpient ?

I think it is not possible with a procmail filter http://www.iki.fi/era/procmail/mini-faq.html as the bcc header will not be present to be filtered upon. but maybe
 
Alternatively or even better would be to not strip the bcc header in the copy of the first message so that in the maillog  mailbox it retains the to and bcc header. (which defies the bcc purpose, i understand.. )

thanks for your thoughts and have a good day good people!
Michel
MagWm

Offline mmccarn

  • *
  • 2,647
  • +10/-0
Re: Maillog missing BCC messages
« Reply #1 on: August 16, 2024, 02:25:58 PM »
Changing the Bcc "mode" from "bcc" to "cc" adds a header to each email with "X-Copied-To: maillog@..."

If you want to know if users are using bcc to copy emails to other addresses -
* You can see *all* recipients in /var/log/maillog/current and /var/log/qpsmtpd/current (but you can't tell if they are To:, Cc:, or Bcc:)
* You can find Bcc information from the actual message in the users "Sent" folder

As long as users are all configured to save Sent messages on your SME you could write a daemon to monitor users' mail  "Bcc" headers.  A quick search came up with a possible way to do this using "inotify"

* Install inotify-tools from the epel repository
  yum install inotify-tools

* write a script to log email headers, something like this (taken from https://stackoverflow.com/questions/8699293/how-to-monitor-a-complete-directory-tree-for-changes-in-linux#19733629 and https://unix.stackexchange.com/questions/24952/tool-to-monitor-folder-for-new-files-and-run-command-whenever-new-file-is-detect):

Code: [Select]
#!/bin/bash
while true; do

inotifywait -e create -r /home/e-smith/files/users/*/Maildir | \
  while read path action file;
    do egrep "^From:|^To: |^Cc: |^Subject: |^Bcc: " "${path}${file}" |tr "\n" "\t"; printf "\n" ;
  done >> /var/log/inotify.log
done

[caveat]
This monitor process may fail miserably on a busy server, and would not work if users are not saving copies of sent mail on the server...

Offline mmccarn

  • *
  • 2,647
  • +10/-0
Re: Maillog missing BCC messages
« Reply #2 on: August 16, 2024, 03:12:54 PM »
Here's a slightly more polished version of the mail watch script.

* Only log output for files (messages) that include the qmail "helohost" in the filename
* Only log output for files that actually include a Bcc header
* Include the date header
* Include the Message-ID header
* Re-order the output fields so "Bcc" comes first

Code: [Select]
#!/bin/bash
while true; do

inotifywait -q -e create -r /home/e-smith/files/users/*/Maildir | \
  while read path action file;
    do
      echo "$file" |grep "$(cat /var/qmail/control/helohost)" >/dev/null 2>&1  && \
      grep "^Bcc: " "${path}${file}" >/dev/null 2>&1 && \
      egrep "^Date: |^From: |^To: |^Cc: |^Subject: |^Bcc: |^Message-ID: " "${path}${file}" |sort |tr "\n" "\t"; printf "\n" ;
  done >> /var/log/mailwatch.log
done

Offline mmccarn

  • *
  • 2,647
  • +10/-0
Re: Maillog missing BCC messages
« Reply #3 on: August 16, 2024, 03:22:29 PM »
One more thought -

It may be possible to write a script that compares the messages in maillog with the entries in the qmail or qpsmtpd logs to extract any people who received the message who were not listed in "To:" or "Cc:" in the message itself...


Offline magwm

  • *
  • 159
  • +0/-0
  • SmeLover
    • Gadis Tourist Service Italia SRL
Re: Maillog missing BCC messages
« Reply #4 on: August 27, 2024, 01:06:01 PM »
Thank you so much! So I tried to do this. it does put a lot of strain on the server just to show a log of the messages. this is a fairly busy server with ~50K messages per month from 30 users. complicating this is that many use imap and shuffle messages around in their mailtree directories. I will try to make the script you mention.. will post here if I have anything :)
MagWm