This is probably a too complex solution but I mention it anyway. In late July there was a discussion here about rewriting the subject line. I'm using an external spam filtering service (Katharion), and if I choose spams to be delivered (rather than quarantined), they're tagged with "**SPAM**" in front of the original subject. That is ugly, so I wanted to remove it from the subject line and create "X-Spam: yes" header instead so that the spam mail could be deposited into the original recipient's "Spam" folder for easy searching for false positives.
So... by using smtpprox it is possible to pull each email out of the queue for processing/mangling/investigating before re-injecting it back into the queue. It works for the inbound mail, so perhaps it would work for the outbound as well. That way you could write a small perl routine that would detect a credit card number anywhere in a message, record it in the log (or even in a database), and also make sure that c/c info is not stored in plaintext. It could even be expanded further to prevent the emails containing c/c info from going out and instead returning them to the sender with the c/c starred out and with a warning that c/c info should not be sent via emails. Ville
