Re: [Exim] Meeting guidelines on Mail archiving / monitor

Top Page
Delete this message
Reply to this message
Author: David Wilson
Date:  
To: Doug Block
CC: exim-users
Subject: Re: [Exim] Meeting guidelines on Mail archiving / monitor
On Fri, May 07, 2004 at 11:46:08AM -0500, Doug Block wrote:

> I may have to archive all Mail that goes thru our exim 4.3X server to
> meet Government requirements (lawyers are still checking on it) is
> there good way to do this is exim.


> I know about the monitor Filter but is there a good way to break it
> down so that all of the I/O-bound mail for a user is sorted to a
> directory.


Hello there,

I implemented something similar recently with Exim-Python as a helper,
but I'm sure you could do it with the perl extension, or even without
either if you really wanted to.

It was done in a hurry, and it's probably not the best way of going
about it, but it works. Basically, all incoming and outgoing mail gets
placed into a /.../mail-incoming/<to_addr>/ maildir, and a
/.../mail-outgoing/<from_addr>/ maildir.


It looked something like this in exim.py:

    import email.Utils


    def determine_log_maildir(envelope_from, recipients):
        '''
        Break up the from address to determine if it originated with a YourCorp
        domain name.
        '''


        realname, addr = email.Utils.parseaddr(envelope_from)
        addr_s = addr.split('@')


        user = addr_s[0]
        domain = addr_s[-1]


        if domain in ( 'yourdomain.co.uk', 'yourdomain.com' ):
            return "/home/other/mail-logs/mail-outgoing/" + user



        # If not, then it's to at least one YourCorp address. Find the first.


        for realname, addr in email.Utils.getaddresses(recipients.split(', ')):
            addr_s = addr.split('@')
            user = addr_s[0]
            domain = addr_s[-1]


            if domain in ( 'yourdomain.co.uk', 'yourdomain.com' ):
                return "/home/other/mail-logs/mail-incoming/" + user



        # If not, then store it somewhere for later perusal.
        return '/home/other/mail-logs/mail-unknown/'




And this in exim.conf:

    begin routers


    # Kludgish way of logging e-mail.


    log_mail:
        driver = accept
        transport = log_mail
        unseen



    begin transports


    # Store all processed e-mail in a log.


    log_mail:
        driver = appendfile
        maildir_format
        create_directory


        directory = ${python {determine_log_maildir} {$sender_address} {$header_To:}}
        user = yourcorp
        group = mail-logs


        directory_mode=0750
        mode=0640


        # Add some useful headers.
        envelope_to_add
        return_path_add
        delivery_date_add



This is dependant on certain headers being present which is not always
the case, especially if someone is trying to get around the logging.
That's not a problem as stuff ends up in mail-unknown anyway.

Again, there is probably a much nicer way of doing this, but this way
worked for me.


David.

--
Silence speaks.