Re: [PEN-TEST] Sendmail: Keeping a copy of relayed email

[Edward Mitchell <ed () THE7THBEER COM>]

Procmail should handle this relatively easily.

On Tue, 29 Aug 2000, David Taylor wrote:

> Hi Pen-testers,
>
> I am currently looking into the possibility of eavesdropping a client's
> inbound email as part of a penetration test.  I have about 75% of the
> problem worked out, but I would really like some help with the last 25%.
>
> I have figured a way that I can take over DNS authority for their domain
> name, and then set up my own DNS server to serve their records.  Once this
> is in place I will set up one of my machines as their primary MX.  On this
> machine I will use sendmail's mailertable feature to get their incoming
> email to their email server.
>
> My problem is - I want to keep a copy of the incoming email that I relay
> off my machine.
>
> An associate has suggested that I would need to hand-hack the sendmail.cf
> file to add another (local) recipient into the mail delivery before it is
> sent off to mailertable for delivery.  My sendmail skills aren't quite up
> to this level, and I wondered if anybody has ideas on how I can turn this
> into a reality?  Anybody done something like this before?  Anybody seen a
> how-to on this?  Anybody provide some pointers to a quick head's-up on
> sendmail.cf delivery rule hacking?
>
> Thanks
> Dave Taylor