On Wed, Jun 12, 2019 at 09:51:45AM -0300, Rafael Azevedo wrote:
> We're being requested to give the detailed messages between the
> servers to validate the message delivery.
One can usually push back on what appear to be misguided requests
from auditors. I fail to see the point of this request. The SMTP
commands sent by clients are of precious little interest. The
message content can be captured downstream, via always_bcc or
recipient_bcc_maps. What is the point of the exercise?
Are the auditors asking to do this on an ongoing basis even after
the audit, or just during the audit? Surely there's another way
to address whatever underlying need is driving this request, or
even set the underlying issue aside as an accepted risk.
--
Viktor.
