Saving copies of all email using Exim

24 Mar 2006

I've often seen questions on lists by people who want to save all incoming and outgoing mail on a specific server in an archive, this is usually due to some auditor requesting it or corporate legal types requesting it.

The Exim documentation says it can be done but does not give examples neither does any of the two Exim books, the mailing lists are short of working examples and Google does not help either! Eventually came across a russian language site that had a working setup so I figured I'd document it here in English.

The basic idea is I want a maildir made that has sub folders for each user containing incoming and outgoing mail.

You'll need to use 2 types of Exim configuration, one being a System Filter and one being a Shadow Transport.

Handling outgoing mail is done using the system filter, I'll set this up to only affect mail matching domain.com. In the main Exim configuration configure the basics of system wide filters by simply adding the following to the top section:

system_filter = /etc/exim/systemfilter.txt
system_filter_directory_transport = local_copy_outgoing

This defines the file where the filter will live as well as a transport that will be used to delivery the mails created by the filter. You could potentially use one of your existing transports, I like using a separate one for clarity, in your transports section add the local_copy_outgoing:

local_copy_outgoing:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add
  group = exim
  user = exim
  mode = 0660
  maildir_format = true
  create_directory = true

NOTE: This is using user exim and group exim, you want to adjust it for your local needs.

Now simply create the filter in /etc/exim/systemfilter.txt:

if $sender_address_domain is domain.com
then
unseen save /var/mail/domain.com/mailarchive/.${tr{$sender_address}{.}{_}}.outgoing/
endif

This filter will save the mail in a maildir under /var/mail/domain.com/mailarchive/ the mailbox for a name.surname@domain.com user will be name_surname@domain_com.outgoing using this format means most IMAP clients will display it nicely since .'s tend to confuse them a bit. You can adjust this to taste.

Incoming mail is easier, Exim provides a shadow_transport facility that lets you call another transport for each local delivery, this transport will get a copy of the mail and its result won't affect the further deliver of the actual email, perfect for calling vacation type commands or doing this kind of mail copying.

My needs are only for intercepting mail that reaches the Maildir's so I'll only need to hook into my address_directory transport, if you have other needs like intercepting actual real unix account emails then you can hook into the local_delivery transport using the same method. My address_directory transport looks like the one below, the last 2 lines are the important ones.

address_directory:
  driver = appendfile
  create_directory
  delivery_date_add
  directory_mode = 770
  envelope_to_add
  maildir_format
  return_path_add
  shadow_transport = local_copy_incoming
  shadow_condition = ${if eq {$domain}{domain.com}{yes}{no}}

This calls a transport called local_copy_incoming to deliver the copy of the email, just add the following into your transports again adjusting user id, group id and file paths to your liking. This will do the file name expansion in a similar format I'm just using a slightly more complex form of the text replace here as a different example of things you can do, end result is the same.

local_copy_incoming:
  driver = appendfile
  directory = /var/mail/domain.com/mailarchive/ \
      .${tr {$local_part}{.}{_}}@${tr {$domain}{.}{_}}.incoming/
  delivery_date_add
  envelope_to_add
  return_path_add
  group = exim
  user = exim
  mode = 0660
  maildir_format = true
  create_directory = true

NOTE: The above line that ends in "\" is a continuation onto the next, remove the "\" and join the two lines in your config.

You can now restart your Exim server, if you've done it all right and created the main Maildir where this all live under your incoming and outgoing mail for domain.com will all be saved on a per user basis.

Posted by R.I.Pienaar on Friday, March 24, 2006 at 11:27 AM

Filed in

1 Comment

You don't need a system filter. You can do this more simply using a router with "unseen" or "seen = false" set. That router can then do anything it likes with the messages it intercepts because "unseen" means that a copy of the message is passed on to the routers after it.

Bruce | May 23, 2006 11:51 AM | Reply

Leave a comment

Recent Entries

  • flashpolicyd 2.0

    I wrote a multi threaded server for Adobe Flash Policy requests, some background from Adobe:Since policy files were first introduced, Flash Player has recognized /crossdomain.xml...

  • Adventures with Ruby

    Some more about my continuing experiences with ruby, in my last post I saidthe language does what you'd expect and as you'll see in my...

  • New programming language of choice - Ruby

    I have fallen out of love with Perl some time ago, I cannot point to one specific thing about it that put me off, I...

  • On working from home

    I've not been posting much here, work has been incredibly manic the last while, especially I need to still finish off my SSO posts with...

  • Rework of puppet facts for /etc/facts.txt

    Previously I blogged a custom fact that reads /etc/facts.txt to build up some custom facts for use in Puppet manifests, well I've since learned a...

Close