I've been asked the feasibility of doing something similar. There are also commercial products which work by snooping the network traffic.
Previous replies in this thread have suggested using add_recipient() and resend_message(). However, neither of these methods will preserve the actual recipients. That doesn't seem to meet the intent of a wiretap effort. Presumably, the results of the wiretap will need to be something that is easily searchable by someone in a legal department or security department. They'll probably want to use off-the-shelf tools that were designed for scanning a live Exchange or Notes server. It seems to me that you need to create new headers to show what was in the envelope. I'm thinking that a wiretap on a transit server needs to send the copies to some back-end mailbox system where searches and analyses can be run. This doubles the amount of outbound e-mail. You don't want to re-check for viruses or spam. You might need separate queues or a separate configuration for the wire-tap queue. Of course, the back-end system may go down or get bogged down. I envision a design where a separate sendmail listener is used to receive the wiretap copies. (But that's mostly because I'm currently doing virus scanning with commercial milter.) I see "repairing" the from, to, and cc headers to reflect what is really in the envelope and adding x-wiretap-xxx headers to record what the original from, to, and cc headers were. I'm looking at using Net::SMTP for the wiretap. Using the datasend() method, it's easy to send the real, munged, or created headers. The body can be sent with $entity->stringify(). I suspect that stringify() is a bit expensive, though. It would be nice to use some sort of connection caching on the SMTP connections to the wiretap, but I don't know if that's possible. At any rate, it seems somewhat expensive to do a wiretap properly and anyone requesting one should be asked to provide the additional mailserver resources. Comments or flames on this design? _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
