> On Jun 11, 2019, at 1:31 PM, Wietse Venema <wie...@porcupine.org> wrote:
>
> This is work that Viktor Dukhovni (also on this mailing list) did
> some 10+ years ago.
>
> The basic idea is a small "y" splitter that is configured as a
> content filter (using smtpd_proxy_filter or content_filter). This
> receives SMTP commands from Postfix, and connects to Postfix like
> any content filter does, but it also connects to an achive server.
>
> The splitter copies its SMTP command inputs to the achive server,
> and then to the after-filter Postfix SMTP server. A special case
> is the 'end-of-data' stage: here, the splitter sends '.' to the
> archive server, and only if the archive server responds with a 2XX
> status, the splitter sends the '.' to the after-filter Postfix SMTP
> server. Otherwise the splitter just closes the Postfix connection.
>
> I did not build this myself, so I have no details.
My code for this was never open-sourced, but someone else may have
released something similar since then. It may be worth noting
that if one just wants to log the protocol chatter, and not the
message content, one does not need a Y proxy. It suffices to
have a simple linear SMTP proxy that logs the commands.
Mind you, in either case the commands logged would be *internal*
traffic *within* Postfix, not commands received from or sent to
external systems.
I really don't see what SMTP command logging has to do with an
audit. This sounds most peculiar.
My unreleased code did log the message "MIME skeleton",
consisting of the primary headers, all MIME headers and
nested message headers. This was useful in understanding
what sort of content was traversing the MTA. Unlike the
SMTP commands, the message content is largely the same
regardless of whether it is captured coming in, on an
internal hop (simple with content_filter), or going out.
--
--
Viktor.
