In case someone follows this thread in the future, I want to mention that I used the technique referenced via http://cr.yp.to/qmail/faq/admin.html#copies successfully for years. Then I decided to implement virtual domains via vpopmail, and couldn't make it work in the virtual environment, even to a single log for all domains. I don't recall all the tests I ran, but I eventually gave up trying to make it work. There's no logic that I can find to make it support a log per virtual domain in any case.
Because the sender of the infected mails is the Texas Court system, normal logic rules don't apply. If the courts have a record of sending a particular email, they record it as successfully contacting the attorneys for the case. If the receiving MTA trashes that email due to a virus, and some court date is missed or document isn't filed as a result, the courts are blameless. Therefore, only something that warns the recipient (clerk @ attorney's office) is of any value, and that warning MUST at a minimum contain the Subject: line as that's the only identifier for what case is involved.
If there were a way of eliminating only that portion of the email payload that was infected, and allowing the remainder to hit the recipients inbox, that would be the best solution. Rebuilding an email of only the clean portions isn't something that exists as far as I'm aware.
As an aside, how would you like being on the receiving end of this set up? Your case is before the courts, and a virus or anything else disrupts the flow of email. You are, in effect, "guilty" because something didn't happen as it should have because the courts have declared that email is a guaranteed delivery mechanism. This system is coming to your state, as Texas was used as the test site. This idea is so bad that foreign governments are also likely to pick it up.
-- Bill Gradwohl [EMAIL PROTECTED] http://www.ycc.com SPAMstomper Protected email