Logging Email w/ Sendmail on CentOS 4

Need to archive messages on your server? Exchange can natively do this with a Journal mailbox, but if you’d like to set the same feature up in Sendmail, it will take some tweaks.

This has been adapted from some instructions found on Experts Exchange that were originally for RedHat 7.2, which is just a teensy bit out of date. As with all things, make sure you have a backup before you start in on this process.

Grab the Sendmail source package from either the CentOS source CDs or a site like RPMfind. Make sure the version of the source package matches the version of sendmail you’re running from rpm –query sendmail.

Make sure you have the rpm-build package installed (yum install rpm-build)

Start the rebuild for the source package with the command rpmbuild –recompile sendmail-8.12.x.src.rpm (replace the source filename with the name of the one you downloaded). You will see a lot of ‘missing user’ errors scroll by, these can be ignored.

Change to the specs folder in your source tree (usually this is /usr/src/redhat/SPECS) and edit the sendmail.spec file, commenting out or removing any lines starting with ‘rm -rf’. These lines would normally clean up the source files once the build is complete, but for now, we want to keep them.

After you’ve saved the spec file, run rpmbuild -bp sendmail.spec. This will apply patches to the sendmail source that come as part of CentOS. It should only take a few seconds.

Download the logall.c file to a directory of your choosing (wget http://www.freakout.de/logall.c), then change to the sendmail source folder (cd /usr/src/redhat/BUILD/sendmail-8.13.1/sendmail) and edit the conf.c file. Look for a line which says #ifdef EXAMPLE_CODE, and immediately before it, add a new line:

#include “/root/adm/mail/sendmail/logall.c”

(use the full path of wherever you downloaded logall.c). Save the file. Run make and if it doesn’t throw any errors, run make install. Now edit your /etc/mail/sendmail.mc. At the very bottom, add the following lines:

LOCAL_CONFIG
D{LogAll}/var/log/fullmail.log

You can replace the path and filename with wherever you’d like your log file saved. The LOCAL_CONFIG option specifies that everything following that directive should be passed directly to the config file for sendmail, and not parsed as normal config options. Rebuild your sendmail config with make -C /etc/mail (you will need the sendmail-devel package installed for this).

Create the file you referenced in your sendmail.mc by doing touch /var/log/fullmail.log, making sure that the sendmail process can write to it (set the file permissions to the same as your other maillog files basically). Now, restart sendmail, and send a test message to make sure everything still works. You should also find a copy of that message in the fullmail.log file as well.

The file generated by this is a standard mail file, so you can read the contents with a pager like less, or a command like mail -f fullmail.log. It stores a complete copy of every message sent and received, so it might be a good idea to keep an eye on your drive space and rotate that file every so often.

If you take a look at the logall.c file, there are many other options you can set in LOCAL_CONFIG for features such as keyword filtering, max log size, and exclusions. Keep in mind that this process did not update the currently installed sendmail package, so if an update comes down for sendmail, you will need to repeat this process to keep logging working.