apt get life

Life around technology

You are here: Home / Archives for auditing

Auditing Postfix, Adding sender BCC to monitor outgoing email

by Leave a Comment

copy sent mail to inbox in postfix

My scenario is this: A customer has hosted email with me, and they had a problem with one of their members of staff. They suspected he was emailing confidential information to third parties. As a result they wanted all emails inbound and outboud forwarded to one of their senior managers for review without the member of staff knowing. I run a system using postfix, so it’s quite simple to setup the inbound redirects.

Inbound Redirects (aliases) in postfix

Inbound redirects in postfix should be very straight forward. You’ll already have a /etc/postfix/virtual file.

Edit the /etc/postfix/virtual file and find the email account you want. Then change the line so has the detectives mailbox after the suspects. My file looks like the example, but depending on your setup it might be slightly different. The important thing is to leave the suspect in both places and simply add a comma followed by your detectives details in the same format.

#Emails to this address #Go to these inboxes (seporate by comma)
suspect@domain.com suspect@domain.com, detective@domain.com

Save the file, you might need to run the postfix reload command to make this work.

Inbound Redirects (aliases) in Courier MTA

Courier MTA operates in a similar way when setting up inbound redirects, so I thought I’d detail that for you too. You’ll need to edit /etc/courier/aliases/domain.com so make a backup for it first!

Edit /etc/courier/aliases/domain.com and find the line with suspect@domain.com in it. The way this file works is that it takes the email address on the left and sends it to the place on the right, in my case that’s the Maildir folder for that user

#Emails to this address #go to these folders
suspect@domain.com suspect, detective

You’ll probably need to restart the mta in order for it to recognise the new entries file.
Update: You’ll need to run makealiases to get this to work!

Outbound Auditing sender BCC in postfix

This doesn’t work on older versions. We will need to edit the /etc/postfix/main.cf file and create a /etc/postfix/sender_bcc file. As always make a backup of the files we’re editing first, incase it all goes wrong! (cp /etc/postfix/main.cf /etc/postfix/main.cf.old)

Edit the /etc/postfix/main.cf file and add the line:
sender_bcc_maps = hash:/etc/postfix/sender_bcc

Create the file /etc/postifx/sender_bcc

#emails from #BCC to
suspect@domain.com detective@domain.com

You then need to run the commands:
postmap /etc/postfix/sender_bcc
postfix reload