# Monitoring email server mails



## gkontos (Apr 9, 2012)

I have a recent request by a client to implement a mail server solution where the administrator (client) will be able to monitor all incoming and outgoing emails.

I am trying hard to come up with a solution and frankly I haven't found anything yet. I was wondering if anyone has any experience regarding that matter. 

So far I have looked all the combinations of postfix, dovecot, mysql and postfixadmin without any success 

Thanks


----------



## novemberico (Apr 9, 2012)

Do you mean monitor in the sense that all outgoing/incoming mails will need to be saved somewhere for later review? Or do you mean monitoring in the sense that you're looking for "buzzwords" or certain details to collect on?

In either sense, your best bet might be to use a sniffer for this task - simply span (if your switch has that capability) the switchport that your mailserver is using to a server you want to use as a collector, and sniff for smtp traffic - that way you keep your collecting infrastructure separate from your actual serving infrastructure.

Sniffing emails can easily and very quickly get out of hand - good luck.


----------



## derekschrock (Apr 9, 2012)

I think procmail will do what you want.


----------



## gkontos (Apr 9, 2012)

novemberico said:
			
		

> Do you mean monitor in the sense that all outgoing/incoming mails will need to be saved somewhere for later review? Or do you mean monitoring in the sense that you're looking for "buzzwords" or certain details to collect on?.



No buzzwords or anything like this. Just an option for the client to monitor all incoming-outgoing communication.
Of course, anyone using the system will be aware that this is being recorded.



			
				novemberico said:
			
		

> In either sense, your best bet might be to use a sniffer for this task - simply span (if your switch has that capability) the switchport that your mailserver is using to a server you want to use as a collector, and sniff for smtp traffic - that way you keep your collecting infrastructure separate from your actual serving infrastructure.
> 
> Sniffing emails can easily and very quickly get out of hand - good luck.



Not an option and certainly not what I was looking for, thanks anyway.


----------



## gkontos (Apr 9, 2012)

derekschrock said:
			
		

> I think procmail will do what you want.



Looks like it, I am just reading the FAQ now.


----------



## gkontos (Apr 10, 2012)

It turns out to be very easy to implement:


```
recipient_bcc_maps = hash:/usr/local/etc/postfix/recipient_bcc
sender_bcc_maps = hash:/usr/local/etc/postfix/sender_bcc_maps
```


----------

