[Marius]

This has nothing to do with spam filtering.

I work in an organization where the privacy of our clients is of the up most importance. We send outgoing mail through our spam filter to the internet, so all mail traffic flows through it. My IT director asked me if it was possible to store a copy of ALL mail to a directory on the filter or on another server
for future analysis, if necessary. Personally, If I'm going to store mail, I'd rather copy/store mail after it has been scanned to keep from archiving spam mail.

I did some looking around on the internet, and didn't really find any answers. I'm wondering if anyone here may know how to do this, or at least tell me where to look.

Thanks.

[mr88talent]

This is not too complex to picture, but fairly complex to implement. I start with this in amavisd.conf (I think you need version 2.4.4 or newer):

$archive_quarantine_to = 'dec2006@archive.sample.com';
$archive_quarantine_method = 'smtp:[127.0.0.1]:50025';

I change the local part of the address each month.

archive.sample.com is the hostname of a server on my internal network (running Postfix) which houses the archived messages. 50025 is the port of a second copy of Postfix running on the spamfilter. What happens is this: the mail comes in the spamfilter and amavis creates a copy and sends it to the second Postfix instance (on the same server). The second Postfix instance relays it to the archive server. I create a new user on the archive server at the beginning of each month. It stores the mail in Maildir format.

The reason for the second instance of Postfix on the spamfilter has to do with bounces. You never want to bounce mail addressed to the archive. So, if the archive server goes down, the second copy of Postfix will queue the mail (for 100 days).

The first copy of the Postfix config (/etc/postfix/main.cf):
myhostname = mail.spamfilter.com
alternate_config_directories = /etc/postfix2
message_size_limit = 20971520

Here are pertinent details of postfix2 (/etc/postfix2/main.cf) on the spamfilter:
bounce_queue_lifetime = 100d
config_directory = /etc/postfix2
inet_interfaces = 127.0.0.1
mail_name = Postfix2
maximal_queue_lifetime = 100d
message_size_limit = 90971520
mydestination =
myhostname = archive.spamfilter.com
mynetworks = 127.0.0.0/8
myorigin = spamfilter.com
queue_directory = /var/spool/postfix2
relay_domains = archive.sample.com
soft_bounce = yes
syslog_name = postfix2
transport_maps = hash:/etc/postfix2/transport

The master.cf for postfix2 is basic except it listens on port 50025 instead of 25 (iptables is not configured to allow connections to port 50025 from the Internet):

# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
50025 inet n - n - - smtpd

Transport map for postfix2:
archive.sample.com smtp:[ip.address.of.archive.sample.com]

and on archive.sample.com (the remote archive server):
home_mailbox = Maildir/
inet_interfaces = all
mailbox_size_limit = 0
message_size_limit = 99971520
mydestination = archive.sample.com, localhost.sample.com, localhost
myhostname = archive.sample.com
mynetworks = 127.0.0.0/8
myorigin = mail.spamfilter.com
relayhost = [ip.address.of.spamfilter]
transport_maps = hash:/etc/postfix/transport

transport map:
spamfilter.com smtp:[ip.address.of.spamfilter]:50725

If I need to rescue a message, I would use sendmail and send it to the spamfilter. The spamfilter has a listening port 50725 that bypasses amavisd-new (otherwise mail would get archived again).

cat message | sendmail user(at)spamfilter.com

Code: Select all

50725   inet    n       -       n       -       -       smtpd
        -o smtpd_use_tls=no
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o mynetworks=127.0.0.0/8,(ip.address.of.archive.sample.com)
        -o smtpd_client_restrictions=permit_mynetworks,reject
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_data_restrictions=
        -o smtpd_end_of_data_restrictions=
        -o receive_override_options=no_address_mappings,no_header_body_checks,no_unknown_recipient_checks

See
http://www.advosys.ca/papers/postfix-instance.html
http://archives.neohapsis.com/archives/ ... /0695.html
http://archives.neohapsis.com/archives/ ... /0977.html

For the archive server I used a crummy old Celeron 466 computer with an ATA100 320GB hard drive (newegg.com) and a Promise Ultra133 TX2 controller (eBay).

Looking in my Maildir's, I see that typically there are 7,000 messages in each month. A busier site would probaly have to break this down into smaller chuncks. Probably not a good idea to keep more than 10,000 files in any one directory.