  mailspy mail logger
  Andrew McGill, andrew at ledge dot co.za
  $Revision: 1.6 $ $Date: 2004/05/04 12:58:13 $

  mailspy is a sendmail milter program (mail filter).  For each mail
  that is filtered, the the sender, recipient, subject line and attach-
  ment names are logged.  Complete mail headers can be logged.
  ______________________________________________________________________

  Table of Contents


  1. Introduction

  2. Installation

  3. Usage

  4. Questions (without answers)

  5. Legal issues



  ______________________________________________________________________

  11..  IInnttrroodduuccttiioonn

  mailspy is a sendmail milter program (mail filter).  For each mail
  that is filtered, the the sender, recipient, subject line and
  attachment names are logged.

  mail headers can be logged to a file.

  mailspy can also pipe messages to a process.  You can use procmail to
  archive selected message headers or bodies.  If you can concieve of
  something else useful that you can do with a stream of message headers
  and bodies, you can do that too.


  22..  IInnssttaallllaattiioonn

  Check that you have MILTER support in your distribution of sendmail
  otherwise, obtain a version of sendmail with milter support. You
  should have something like this.


       foo:~ $ sendmail -d < /dev/null | grep -A5 "Compiled"
        Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
                       MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
                       NETUNIX NEWDB NIS PIPELINING SASL SCANF STARTTLS TCPWRAPPERS
                       USERDB USE_LDAP_INIT





  The main targets for the make file are:

     mmaakkee aallll
        Compile C source to executable.  Requires sendmail libmilter
        header files and libraries.

     mmaakkee iinnssttaallll
        Install files in /usr/local/bin.  You can set the DESTDIR
        variable if you want to install files in a different root
        directory.

     mmaakkee ssttaarrtt
        Try to mangle your /etc/mail/linux.mc (m4 source file) into
        /etc/sendmail.cf and start mailspy.  This appends mailspy filter
        rules to /etc/mail/linux.mc and run it through m4 to produce
        /etc/sendmail.cf.  Also installs and creates links in
        /etc/init.d and /etc/init.d/rc3.d.

     mmaakkee ddiisstt
        Make distribution in tar.gz format.

  If make start doesn't do it for you on your system, you might be using
  something other than SuSE Linux 7.2 / 7.3.  Send me a patch that makes
  it work for your system, and I'll see what I can do.  make install
  installs the binaries, but does not configure sendmail to use the
  filter, and does not create links in /etc/init.d to make sure that the
  program works.

  If you don't have sendmail libraries and header files installed, you
  are going to struggle just a little.  You will have to install
  sendmail-devel (d4 series on SuSE 8.0) in order for this to work.  If
  you are using sendmail-8.11 or so, you will need to uncomment -lsfio
  in the Makefile.

  The program installs in /usr/local/bin by default (and you can't
  change this either).  The default mailspy startup file listens on a
  unix socket /var/run/mailspy/milter and logs mail details to
  /var/log/mailspy.  If you want to log mail headers, you have to
  specify a log file yourself.

  The program appends to the end of the log files.  To rotate the log
  files there is a program called cronspy.sh which should do the trick,
  and which should be runnable as a user `mailspy', although this has
  never really been established.


  33..  UUssaaggee

  The usage for mailspy is:


       ./mailspy -p socket [-f logfile] [-h headerlog] [-P pipe-msg-to-cmd]




  The items are:

     --pp //vvaarr//rruunn//mmaaiillssppyy//mmiilltteerr
        The socket specifies how mailspy connects to the sendmail
        process it is spying on, you can specify a unix socket (a named
        pipe) or an IPV4 or IPV6 socket.

     --ff //vvaarr//lloogg//mmaaiillssppyy
        The log file records messages in terms of the envelope sender
        and recipient, and also the subject and attachment names.  The
        particular log format is only understood by htmlspy.pl.

     --hh //vvaarr//lloogg//mmaaiillssppyy--hheeaaddeerrss
        If you want to log only headers of each message, then this is
        one way to do it.

     --PP pprrooccmmaaiill
        All mail can be piped to a process. If mailspy is running as the
        user `mailspy', then the contents of ~mailspy/.procmailrc will
        determine what happens with each message. Using procmail rules
        you can archive messages, forward selected messages to arbitary
        recipients, and do any amount of interesting things.  NNoottee:: IIff
        tthhee pprroocceessss ffaaiillss ttoo hhaannddllee tthhee mmeessssaaggee,, tthhee eerrrroorr iiss iiggnnoorreedd..

        If you use procmail delivery together with a global
        /etc/procmailrc, you may find that procmail does not deliver the
        mail quickly enough, and you get sporadic 451 message failures.
        This happens if you use the anomy sanitizer from procmail.  The
        solution is not to do this.


  44..  QQuueessttiioonnss ((wwiitthhoouutt aannsswweerrss))

  Coming soon to this paragraph (erm), answers to your questions --

  +o  Why would I want this program (to see who's talking to whom, and
     what they are up to)

  +o  Can I use this with my anti-virus program (yes) (but don't ask us
     about anti-virus).

  +o  Can I use this with other mail programs than sendmail (no, unless
     you set up sendmail as an intermediate relay)

  +o  Can I archive message bodies (yes, using procmail)

  +o  What program can I use to process the log files (htmlspy). If you
     logged the message bodies, you can use imap to read the log files.

  +o  Is it morally right to spy on people's mail (of course not)

  +o  Are there legal issues (not just a few)

  +o  It doesn't work on my system - will you fix it (we may if you will
     pay)

  +o  I used your program and sendmail says ``4.7.1 Try again later'' -
     when is later? (sendmail can't talk to the mailspy program ...
     you'll have to fix it - see previous question.)

  +o  Help, I broke my system! (You broke your system.)


  55..  LLeeggaall iissssuueess

  Does your company, country, state, municipality or local mafia boss
  permit the logging of e-mail?  Do you have to notify people that their
  e-mail is being logged?  Does logging the e-mail imply a responsibilty
  on you to read the log?  It turns out we don't know.

  No statement is made about the legal implications of using this
  program (except for this statement, which says there is nothing to
  say).  If you need to know, consult a real live legal practitioner.  I
  am not a lawyer.  (And the chances are there is some really great page
  out there will all of this information on for all countries...)

  Another thing -- this program is licenced under the GNU General Public
  License.







