Wietse: > If you need the entire SMTP session, your options are > > - A network-level sniffer (tcpdump -s 0 -w /file/name ...). > > - An SMTP-level splitter (configured using Postfix's smtpd_proxy_filter) > that sends one copy of the SMTP stream to an archival server, and > one copy to Postfix itself. > > Either way, no turn-key solution.
Rafael Azevedo: > Hi Wietse, > Could you please give me more details about option 2 (SMTP-level splitter) ? This is work that Viktor Dukhovni (also on this mailing list) did some 10+ years ago. The basic idea is a small "y" splitter that is configured as a content filter (using smtpd_proxy_filter or content_filter). This receives SMTP commands from Postfix, and connects to Postfix like any content filter does, but it also connects to an achive server. The splitter copies its SMTP command inputs to the achive server, and then to the after-filter Postfix SMTP server. A special case is the 'end-of-data' stage: here, the splitter sends '.' to the archive server, and only if the archive server responds with a 2XX status, the splitter sends the '.' to the after-filter Postfix SMTP server. Otherwise the splitter just closes the Postfix connection. I did not build this myself, so I have no details. ` Wietse
