  mailspy mail logger
  Andrew McGill, andrew at ledge dot co.za
  Revision 0.1, 29 September 2001

  mailspy is a sendmail milter program (mail filter).  For each mail
  that is filtered, the the sender, recipient, subject line and attach-
  ment names are logged.  Complete mail headers can be logged.
  ______________________________________________________________________

  Table of Contents


  1. Introduction

  2. Installation

  3. Usage

  4. Questions (without answers)

  5. Legal issues



  ______________________________________________________________________

  11..  IInnttrroodduuccttiioonn

  mailspy is a sendmail milter program (mail filter).  For each mail
  that is filtered, the the sender, recipient, subject line and
  attachment names are logged.

  mail headers can be logged to a file.

  mailspy can also pipe messages to a process.  You can use procmail to
  archive selected message headers or bodies.  If you can concieve of
  something else useful that you can do with a stream of message headers
  and bodies, you can do that too.


  22..  IInnssttaallllaattiioonn

  The main targets for the make file are:

     mmaakkee aallll
        Compile C source to executable.  Requires sendmail libmilter
        header files and libraries.

     mmaakkee iinnssttaallll
        Install files in /usr/local/bin.  You can set the DESTDIR
        variable if you want to install files in a different root
        directory.

     mmaakkee ssttaarrtt
        Append mailspy filter rules to /etc/mail/linux.mc and run it
        through m4 to produce /etc/sendmail.cf.  Also installs and
        creates links in /etc/init.d and /etc/init.d/rc3.d.

     mmaakkee ddiisstt
        Make distribution in tar.gz format.

  If make start doesn't do it for you on your system, you might be using
  something other than SuSE Linux 7.2 / 7.3.  Send me a patch that makes
  it work for your system, and I'll see what I can do.  make install
  installs the binaries, but does not configure sendmail to use the
  filter, and does not create links in /etc/init.d to make sure that the
  program works.

  The program installs in /usr/local/bin by default (and you can't
  change this either).  The default mailspy startup file listens on a
  unix socket /var/run/mailspy/milter and logs mail details to
  /var/log/mailspy.  If you want to log mail headers, you have to
  specify a log file yourself.

  The program appends to the end of the log files.  To rotate the log
  files there is a program called cronspy.sh which should do the trick,
  and which should be runnable as a user `mailspy', although this has
  never really been established.


  33..  UUssaaggee

  The usage for mailspy is:


       ./mailspy -p socket [-f logfile] [-h headerlog] [-P pipe-msg-to-cmd]




  The items are:

     --pp //vvaarr//rruunn//mmaaiillssppyy//mmiilltteerr
        The socket specifies how mailspy connects to the sendmail
        process it is spying on, you can specify a unix socket (a named
        pipe) or an IPV4 or IPV6 socket.

     --ff //vvaarr//lloogg//mmaaiillssppyy
        The log file records messages in terms of the envelope sender
        and recipient, and also the subject and attachment names.  The
        particular log format is only understood by htmlspy.pl.

     --hh //vvaarr//lloogg//mmaaiillssppyy--hheeaaddeerrss
        If you want to log only headers of each message, then this is
        one way to do it.

     --PP pprrooccmmaaiill
        All mail can be piped to a process. If mailspy is running as the
        user `mailspy', then the contents of ~mailspy/.procmailrc will
        determine what happens with each message. Using procmail rules
        you can archive messages, forward selected messages to arbitary
        recipients, and do any amount of interesting things.  NNoottee:: IIff
        tthhee pprroocceessss ffaaiillss ttoo hhaannddllee tthhee mmeessssaaggee,, tthhee eerrrroorr iiss iiggnnoorreedd..


  44..  QQuueessttiioonnss ((wwiitthhoouutt aannsswweerrss))

  Coming soon to this paragraph (erm), answers to your questions --

  +o  Why would I want this program (to see who's talking to whom, and
     what they are up to)

  +o  Can I use this with my anti-virus program (yes) (but don't ask us
     about anti-virus).

  +o  Can I use this with other mail programs than sendmail (no, unless
     you set up sendmail as an intermediate relay)

  +o  Can I archive message bodies (yes, using procmail)

  +o  What program can I use to process the log files (htmlspy). If you
     logged the message bodies, you can use imap to read the log files.
  +o  Is it morally right to spy on people's mail (of course not)

  +o  Are there legal issues (not just a few)

  +o  It doesn't work on my system - will you fix it (we may if you will
     pay)

  +o  I used your program and sendmail says ``4.7.1 Try again later'' -
     when is later? (sendmail can't talk to the mailspy program ...
     you'll have to fix it - see previous question.)

  +o  Help, I broke my system! (You broke your system.)


  55..  LLeeggaall iissssuueess

  Does your company, country, state, municipality or local mafia boss
  permit the logging of e-mail?  Do you have to notify people that their
  e-mail is being logged?  Does logging the e-mail imply a responsibilty
  on you to read the log?  It turns out we don't know.

  No statement is made about the legal implications of using this
  program (except for this statement, which says there is nothing to
  say).  If you need to know, consult a real live legal practitioner.  I
  am not a lawyer.  (And the chances are there is some really great page
  out there will all of this information on for all countries...)

  Another thing -- this program is licenced under the GNU General Public
  License.





































