# Filtering outgoing e-mail through procmail?

## sokeravia

Is there a way to set up Postfix (or another MTA) to just run outgoing e-mail through procmail before delivering it?

Basically, I don't want to prevent the message from being delivered in any case, I just want to be able to look at the message and if it matches certain criteria (like the domain it's being sent to) then I want to send a copy of the message to another recipient.

The box that will be doing this is going to receive all incoming mail, run it through procmail, and then send it along to our Exchange server (*duck*).  Then we are going to set up the Exchange server to route all outgoing mail through this box again so that we can (hopefully) run the outgoing mail through the same procmail before sending it along to the appropriate hosts.

The simpler the solution the better, so if I don't even need procmail that might be good, although I'm pretty comfortable dealing with procmailrc's.

Thanks!

-Jesse

----------

## jstubbs

I can give you pointers to a solution without procmail but I'm not too sure it is simpler. In fact, I'm certain it's not.

If you're really that eager to do it, check out sendmail and it's rulesets. You can do pretty much anything with them but there a bit complex to begin with.

Good Luck!

Jason

----------

## sokeravia

Well if that's the only way to do it, I guess I'll have to learn.   :Smile:   I'd love to be able to do it with Postfix or Qmail even if I couldn't use procmail, but I'll look in to Sendmail today.

Thanks!

-Jesse

----------

## jstubbs

I think I've found what you were originally after. Have a look at /etc/postfix/sample/sample-filter.cf and let me know what you think!

Jason

----------

## sokeravia

Yeah, this definately looks like it might work.  Looks like I'll have to use the "FILTER" action and then figure out how to hook something in, but other than that, this looks really clean and simple.

Time to read more Postfix docs!  :Smile: 

-Jesse

----------

## sokeravia

Alright, we've got this all in place now so I thought I'd post back and share what we did, in case someone else needs to set this up at some point.

First, we set up the mail monitoring server so that it believes it is the final destination for our domain.  So in Postfix's main.cf:

```
mydestination = $myhostname, localhost, localhost.localdomain, $myhostname.$mydomain, ourdomain.com
```

Next, set up Postfix to use Procmail to deliver local mail.  Still in main.cf:

```
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
```

Now, since we want to relay incoming mail to the Exchange server, there should be only one local user set up (I named him 'snoopy') and the rest of the mail for our domain should be forwarded along to the Exchange server.  This is accomplished using the fallback_transport directive in main.cf:

```
fallback_transport = smtp:10.0.1.5
```

Where 10.0.1.5 is the IP address of the server you want to pass incoming mail to.

The final directive you need to place in main.cf is the always_bcc directive.  Remember that single local user I said I created?  Well we want him to get a copy of every e-mail that passes through the system:

```
always_bcc = snoopy@localhost
```

Now, since we set up Procmail as the deliver method for local users, we now effectively have a copy of every incoming and outgoing e-mail being filtered through snoopy's .procmailrc.

Here is an excerpt from my simple .procmailrc:

```

# This variable is the address that matched messages are forwarded to.

SNOOP_USER=some_address@somedomain.com

:0

* ^From:.*@baddomain\.com

* !^X-Loop: snoopy@localhost

{

   SUBJECT=`formail -xSubject:`

   :0fh

   | /usr/bin/formail -A "X-Loop: snoopy@localhost" -I "Subject: [COPY] $SUBJECT"

   :0

   ! $SNOOP_USER

}

```

And finally, after all my recipes, I have one that just purges any messages that didn't match one of my other recipes:

```

:0

/dev/null

```

Since we are always dealing with a copy of the message in Procmail, we don't have to worry about screwing up the original message.  Another nice plus is that breaking your procmailrc doesn't keep e-mail from flowing in and out, it just makes your monitoring stop until you fix it.

Now the server should be set, just set up your incoming mail to be routed to it (either through an MX record or else as a next hop from your exisiting MX host), and your outgoing mail to be routed through it (easy to do in Exchange).  You should be all set.

If anyone has any more questions or is having trouble getting it to work, feel free to send me a message through the forums here.

-Jesse

----------

