I’ve often seen questions on lists by people who want to save all incoming and outgoing mail on a specific server in an archive, this is usually due to some auditor requesting it or corporate legal types requesting it.
The Exim documentation says it can be done but does not give examples neither does any of the two Exim books, the mailing lists are short of working examples and Google does not help either! Eventually came across a russian language site that had a working setup so I figured I’d document it here in English.
The basic idea is I want a maildir made that has sub folders for each user containing incoming and outgoing mail.
You’ll need to use 2 types of Exim configuration, one being a System Filter and one being a Shadow Transport.
Handling outgoing mail is done using the system filter, I’ll set this up to only affect mail matching domain.com. In the main Exim configuration configure the basics of system wide filters by simply adding the following to the top section:
system_filter = /etc/exim/systemfilter.txt system_filter_directory_transport = local_copy_outgoing
This defines the file where the filter will live as well as a transport that will be used to delivery the mails created by the filter. You could potentially use one of your existing transports, I like using a separate one for clarity, in your transports section add the local_copy_outgoing:
local_copy_outgoing: driver = appendfile delivery_date_add envelope_to_add return_path_add group = exim user = exim mode = 0660 maildir_format = true create_directory = true
NOTE: This is using user exim and group exim, you want to adjust it for your local needs.
Now simply create the filter in /etc/exim/systemfilter.txt:
if $sender_address_domain is domain.com
then
unseen save /var/mail/domain.com/mailarchive/.${tr{$sender_address}{.}{_}}.outgoing/
endif
This filter will save the mail in a maildir under /var/mail/domain.com/mailarchive/ the mailbox for a name.surname@domain.com user will be name_surname@domain_com.outgoing using this format means most IMAP clients will display it nicely since .’s tend to confuse them a bit. You can adjust this to taste.
Incoming mail is easier, Exim provides a shadow_transport facility that lets you call another transport for each local delivery, this transport will get a copy of the mail and its result won’t affect the further deliver of the actual email, perfect for calling vacation type commands or doing this kind of mail copying.
My needs are only for intercepting mail that reaches the Maildir’s so I’ll only need to hook into my address_directory transport, if you have other needs like intercepting actual real unix account emails then you can hook into the local_delivery transport using the same method. My address_directory transport looks like the one below, the last 2 lines are the important ones.
address_directory:
driver = appendfile
create_directory
delivery_date_add
directory_mode = 770
envelope_to_add
maildir_format
return_path_add
shadow_transport = local_copy_incoming
shadow_condition = ${if eq {$domain}{domain.com}{yes}{no}}
This calls a transport called local_copy_incoming to deliver the copy of the email, just add the following into your transports again adjusting user id, group id and file paths to your liking. This will do the file name expansion in a similar format I’m just using a slightly more complex form of the text replace here as a different example of things you can do, end result is the same.
local_copy_incoming:
driver = appendfile
directory = /var/mail/domain.com/mailarchive/ \
.${tr {$local_part}{.}{_}}@${tr {$domain}{.}{_}}.incoming/
delivery_date_add
envelope_to_add
return_path_add
group = exim
user = exim
mode = 0660
maildir_format = true
create_directory = true
NOTE: The above line that ends in “\” is a continuation onto the next, remove the “\” and join the two lines in your config.
You can now restart your Exim server, if you’ve done it all right and created the main Maildir where this all live under your incoming and outgoing mail for domain.com will all be saved on a per user basis.
You don’t need a system filter. You can do this more simply using a router with “unseen” or “seen = false” set. That router can then do anything it likes with the messages it intercepts because “unseen” means that a copy of the message is passed on to the routers after it.
Instead of
unseen save /var/mail/domain.com/mailarchive/.${tr{$sender_addr
you can use
unseen deliver archive_$sender_address
There’s also a way to save everything from one unseen router and one transport:
routers:
# Make sure to keep the following router on top of your routers declaration, so it’s always processed.
traffic_tap:
unseen
no_expn
no_verify
transport = local_copy
driver = accept
transports:
local_copy:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
maildir_format = true
create_directory = true
directory = /var/mail_archive/${$tod_log}/
And voila ! You will find /var/mail_archive/YYYYMMDD/ maildirs containing your day’s outbound and inbound messages. 🙂
But really, I was looking for a way to forward both inbounds and outbounds to an archive server (like the postfix always-bcc command basically)
Using this solution, I can manage to move my daily archives to the actual archive server, but it’s not real-time.
The issue with doing this in a router/transport is that if there is multiple recipients you’re making multiple copies. Not sure how to work around that one just yet.
In Selt Mitchell config use $tod_logfile instead of $tod_log to create YYYYMMDD directories.
I am interested in doing something similar, except I’d really like to have both incoming and outgoing mail directed to a file, i.e.:
Outgoing mail goes into file ‘/var/mail/outgoing/from@me.org’
Incoming mail goes into file ‘/var/mail/incoming/to@me.net’
I also still haven’t figured out how to locally deliver mail from/to any domain. I am attempting to set up EXIM as a sort of “catch all” for testing purposes.
Does anyone have any idea how to accomplish this sort of setup?