Monitoring Email

Companies are doing it whether you like it or not, and they might not even tell you. But, should you be monitoring email at home? If you have small children on the Internet, quite possibly. Here's how to get started if you have a server running Sendmail.

It's a topic that draws harsh criticism from both sides of the fence, but corporate email monitoring is a fact in business today. Those who are for it believe that monitoring email is necessary to protect against corporate liability, the release of proprietary information, and that everything you do on company time and equipment belongs to the company. Those who are against it site rights to privacy. Both arguments have validity, but in the end, the company owns the mail servers, and if they want to monitor your email and web usage, they will.

But, what about at home? You've probably heard of products that will spy on your hubby's email and web usage, but that's not what I'm talking about. If you're considering buying software to snoop on your spouse's computer usage, then your money is probably better spent on a good divorce attorney instead.

However, if you have children in your home using the Internet, then you should make it your business to know what they're doing. Not in the context of spying--tell your children point blank that you'll see a copy of all mail that they'll send and receive. Explain to them that it's for their own safety (and mean it), and that you won't be talking to your other children about the content of their email (and don't). If you have a good relationship with your children, this won't be a big deal. Children want to be safe, so as long as your reasons for monitoring their email are centered around your children's safety and not invading their privacy, they should understand. The point is, be open about your email monitoring.

Depending on your Internet connection, you'll have different options at hand. If your family has only one email address, then you'll probably be seeing all incoming and outgoing mail anyway. If you have more than one email address, but you don't have a mail server in your house, check with your Internet Service Provider about parental monitoring options. If you have multiple email addresses, and a home network that your children's computers are on, then you may be running Sendmail on a mail server. If so, this article is for you. Read on.

Step 1. Blind Copy Yourself on Incoming Email

For the remainder of this article, we'll assume that you are logged on to your server and the current user is root.

Copying incoming mail is straight-forward. Create a file called ".forward" (without quotes) in the home directory of each user (in our case, that's each child) whose incoming email you want to view.

For the sake of illustration, let's assume that one of the children has an account of bsmith, and the parent has an account of jsmith.Then, the content of your .forward file should be:

# A list of people to blind copy incoming messages to:

jsmith

# The original recipient:

\bsmith

# chmod 600 .forward

# chown bsmith .forward

That's it. You should now be copied on incoming mail for the child. To test this, send an email to the child's email address. You should receive a copy of your message.

Note: Your copy won't be created until after your message is sent, so you won't receive the copy until your email program checks for mail again.

Step 2. Back Up Your Current Sendmail Files

Just to be safe, you should backup your current sendmail program file and configuration files. That way, if something goes horribly wrong, you can copy your old files over the modified ones and everything should be fine. Even so, if you don't feel comfortable building and installing sendmail, then you should stop here and get someone else to help.

To continue, you need to know where your sendmail program is (this is usually /usr/sbin/ or /usr/lib/). Check on your system, but for this example, we'll assume that it's in /usr/sbin/. We'll also assume that your sendmail configuration files are in /etc/mail/.

Make a directory for the sendmail backup, and then copy the files there:

# mkdir /sendmail_bkup

# cp -p /usr/sbin/sendmail /sendmail_bkup/

# cp -Rp /etc/mail /sendmail_bkup/

Now, if something goes wrong, you can always restore these files like so:

# cp -pf /sendmail_bkup/sendmail /usr/sbin/

# rm -R /etc/mail

# cp -Rp /sendmail_bkup/mail /etc/

Note that you will need to quit any running sendmail processes before doing so.

Once you're sure things are working okay (give it a few days), you'll probably want to remove the backup:

# rm -R /sendmail_bkup

Step 3. Build a Version of Sendmail with Milter Support

If you know that you're already running a version of Sendmail with Milter support enabled, you can skip to step 4.

Otherwise, download the latest Sendmail source and unpack it into your /usr/src/ directory:

# cd /usr/src/

# ftp ftp.sendmail.org

Connected to ftp.sendmail.org.
220 services.sendmail.org FTP server (Version 6.00LS) ready.
Name (ftp.sendmail.org:root): anonymous
331 Guest login ok, send your email address as password.
Password: (enter your email address)

ftp> cd pub/sendmail
250 CWD command successful.dir

ftp> bin

ftp> get sendmail-current.tar.gz

ftp> bye

# tar -zxpvf sendmail-current.tar.gz

After this, "cd" into the Sendmail source directory that you unpacked. You should read the files README, INSTALL, and sendmail/SECURITY in case you need to make changes to the instructions that follow.

Create a file called devtools/Site/site.config.m4 that has the following contents:

APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER')
APPENDDEF(`conf_libmilter_ENVDEF', `-DMILTER')
APPENDDEF(`conf_libmilter_ENVDEF', `-D_FFR_MILTER_ROOT_UNSAFE ')

Note the use of the ' and ` characters!!

Next, build Sendmail by cd'ing to the sendmail directory and executing the command:

# sh Build

If that was successful, terminate the current sendmail process, and then execute

# make install

Lastly, restart the sendmail process:

# sendmail -bd

 

Step 4. Build a Milter to Copy Outgoing Mail to Yourself

After building Sendmail, you should have a new folder within your Sendmail sources that starts with "obj." For example, "obj.Linux.2.2.16C37_III.i586". Change to the libmilter directory under this directory, for example:

# cd obj.Linux.2.2.16C37_III.i586/libmilter/

Now, copy the bccmilter.c file to the libmilter directory from here and edit it so that the addresses that mail is copied to and from are correct. To do this, simply look for the two if statements that have the comments "// EDIT THIS BEFORE USING!!:"

if (fromaddr)
{
    // EDIT THIS BEFORE USING!!
    if ((strcasecmp(fromaddr,"child1")==0) ||
        (strcasecmp(fromaddr,"child2")==0) ||
        (strcasecmp(fromaddr,"child3")==0))
    {
        priv->bCopyMessage = true; 
    }
}

Here, child1, child2, and child3 should be replaced with the children's local accounts on your server, such as bsmith, gsmith, and tsmith. Obviously, you'll want to change the if statement if you don't have 3 children, just want to copy everyone except the parents, or have other specific needs. If your children's email addresses at your domain are different than their account names, use their email addresses in addition to the user account. For example, if a user named bsmith has an email address of megamorph@mydomain.com, include a line for megamorph above as well as for bsmith.

The only other place you need to change things is here:

// EDIT THIS BEFORE USING!!
if (priv->bCopyMessage)
{
    smfi_addrcpt(ctx, "parent1@someaddress.com");
}

In this case, the parent1@someaddress.com address should be changed to your actual email address, such as jsmith@thesmithwebsite.com rather than the local account name as in the previous example. If you need to copy the mail to more than one person (for example, to both parents), just add another smfi_addrcpt line to the if statement.

Once you've finished editing the file, build and install the filter as described at the top of the source file:

# cc -I../../sendmail -I../../include -o bccmilter bccmilter.c libmilter.a ../libsm/libsm.a -pthread

# cp bccmilter /usr/sbin/

# chown root:wheel /usr/sbin/bccmilter

# chmod 755 /usr/sbin/bccmilter

Next, you will need to start the filter with:

# rm -f /var/run/f1.sock

# bccmilter -p local:/var/run/f1.sock &

You should also put those commands in your appropriate startup file under /etc.

Step 5. Create a Sendmail Config File That Uses the Milter

Going back to your sendmail source's cf/cf/ directory, find the .mc file that matches your system the closest. Copy the file to "sendmail.mc" in the same directory and then add the following lines to the end of the file.

divert(0)
INPUT_MAIL_FILTER(`bccmilter', `S=local:/var/run/f1.sock')
divert(-1)

Again, note the use of the ' and ` characters!! You may need to add some other features to the file, so do that if you need to, and then install the configuration files:

# sh Build install-cf

At this point, you will need to send your sendmail process a kill -HUP to force it to re-read its config file.

Step 6. Test Everything

At this point, everything should work. If not, remember that you can always restore your old sendmail config from the backup you made in step 2. If things are not working, check your system messages for a clue. If your sendmail installation seems to be running correctly, but outgoing mail is not being copied to you, then the main suspects are the if statements in your bccmilter.c file, your sendmail config files not having the milter specified, or your sendmail not being built with milter support enabled. If the bccmilter process isn't showing up when you do a ps aux, then your milter is either having a socket problem or is broken in some other way. The README file inside the libmilter folder may be of some use in this case.

+ DH 8/26/03

If you find any errors in this article, please let us know.