MTA Auditing and Journaling

Hi,

> My customer would like to audit all email coming and

> going out from the MTA by user. For example the

> customer would ask,

Let me guess, they also want to do this for no cost?

If they are prepared to pay why not upgrade to 6.3 and use the AXS-One third-party software to keep an archive of emails.

> - I have lost email. Can you check and recover all

> emails from XXX at YYY date?

Unless you keep a copy of all incoming/outgoing/stored emails good luck with this.

> - I have sent emails at YYY date but the recipient

> never receive the email. Can you check the delivery

> status of these emails?

Look at the email logs - write a tool.

> - I am expecting an email which the sender claims to

> send it two days ago, why is it not in my mail box?

Look at the email logs - write a tool.

> What is the best way to answer those questions

> without writing code to get it from MTA logs?

The lazy answer is 'I don't know.. ask the other end e.g. get the sender's/recipient's ISP to track down when they sent/received the email' which 99% of the time they won't bother.

The hard answer is to trawl through endless logs and backups. I used to manage a universities email infrastructure so I am all too familiar with all three requests, they were taken on a case by case basis.

Unless you are prepared to write some kind of tools to get the information out (and that of course will only tell you whether the delivery was logged - not delivered).. then it is going to be *extremely* time consuming (I have spent literally days tracking down emails for some kind of police/internal argument cases - being a university they didn't want to pay for a decent archiving system since my time was much cheaper) :(

Regards,

Shane.

shane_hjortha at 2007-7-11 23:15:54 >