qmail-monitor is a small modification to the qmail-smtpd daemon bundled with qmail 1.03, written by dr. dj berenstein. It adds the feature to ‘sniff’ all incoming and outgoing mail messages that meet specific search criteria. all sniffing is done transparently, (server side) so headers are not affected. search criteria can fall under 3 categories. 1) specific email addresses, 2) generic hostmasks, 3) ‘catch all’. qmail-monitor also selectively monitors mail to keep from having duplicate monitor messages sent to the target mail address. qmail-monitor will also automatically open a relay to send mail to a target address if needed; please note that this method is not recommended on larger servers as you will be effectively doubling the bandwidth that the server normally consumes. INOW, it is strongly advised that the target account reside on the server it monitors.
Top Read : Get All The Latest Nordvpn Coupons to save 70% on This Top VPN Service
Please note that this software can have serious legal implications, so be VERY aware of the law before you install this on a public mail server!
Control File Format
The domains to be monitored are located in a control file called ‘monitor’ in the /var/qmail/control directory (or other location thereof). There are no comments, whitespaces/newlines allowed, i did not add these features as there is no need for them IMHO, but will most likely be included in future releases. The syntax to the control file is as follows:
you may also sniff a specific mail account by:
as of version 0.03b there is now support to have a ‘catch all’ account. this option will sniff all mail that passes thru that is not matched by previous rules regardless of pattern. this is enabled by adding the line:
please view the monitor.sample file that was included in the distribution if you need more help.
once you have edited the monitor control file to your satisfaction, execute the mkmdb.pl script that came with this distribution; (if you ran the install.sh script, it was copied to /var/qmail/bin). it takes no arguments, and will display information concerning the cdb parsing. if you get the message:
./mkmdb.pl: 12 records parsed successfully.
then the parse was successful. it is VERY important to do this, otherwise your monitor control file will be ignored! please note that you must have a working binary of ‘cdbmake’ (distributed in djb’s cdb) in the working path.
rules are matched in the following order:
1) mail address, 2) hostmask, and finally 3) ‘catch all’
a rule is based on a ‘first match first win’ basis. if you had the following rules:
mail sent to firstname.lastname@example.org would only be caught by email@example.com and not firstname.lastname@example.org; even if the mask fulfills both rules. all rules are searched this way, entry order in the control file has no effect on this.
These steps assume that you already have qmail compiled and a running server in place, as well as having installed the cdb distribution. To install, you must be root:
1) unpack this package in the same level as the qmail source tree cp qmail-monitor-xxx.tar.gz /usr/src/ (or where qmail-1.03 resides) tar xvfz qmail-monitor-xxx.tar.gz
2) change to this directory, read this file…
3) simply run the ‘sh install.sh’ script. if you have problems, just pick apart the script, it is VERY basic. (for this very reason!)
5) you may use qmail-monitor w/o monitoring at this point, or you may edit the ‘monitor’ control file to turn it on.
NOTE: the ‘qmail-smtpd.c’ file created by applying the patch to a clean qmail-1.03 tree is included in the distribution if you need help with patching a previously patched distribution.
NOTE: if you edit the monitor control file, you must run the ‘/downloads/mkmdb.html’ perl script that came with this distribution to compile it to a cdb before you can use it! you must have a working binary of cdbmake in your path to use it! (see ENABLING MONITORING above)
if you decide to use this, please email me! id love to see how useful this really is 🙂