[PEN-TEST] Sendmail: Keeping a copy of relayed email

[David Taylor <taylord () INFOSECURE COM AU>]

Hi Pen-testers,

I am currently looking into the possibility of eavesdropping a client's
inbound email as part of a penetration test.  I have about 75% of the
problem worked out, but I would really like some help with the last 25%.

I have figured a way that I can take over DNS authority for their domain
name, and then set up my own DNS server to serve their records.  Once this
is in place I will set up one of my machines as their primary MX.  On this
machine I will use sendmail's mailertable feature to get their incoming
email to their email server.

My problem is - I want to keep a copy of the incoming email that I relay
off my machine.

An associate has suggested that I would need to hand-hack the sendmail.cf
file to add another (local) recipient into the mail delivery before it is
sent off to mailertable for delivery.  My sendmail skills aren't quite up
to this level, and I wondered if anybody has ideas on how I can turn this
into a reality?  Anybody done something like this before?  Anybody seen a
how-to on this?  Anybody provide some pointers to a quick head's-up on
sendmail.cf delivery rule hacking?

Thanks
Dave Taylor