How to intercept e-mail messages using E-MailRelay SMTP proxy

Recently I had a suspicion, that my e-mail messages weren’t delivered properly. I use Gmail as a client, however some of my messages are fetched from and sent through the third party server. I was under the impression, that not all of the messages that I send are delivered to the recipient. This problem is hard to debug, because Gmail provides no logs nor client support, and it is also troublesome to get the information from my e-mail/hosting company every time I think something’s wrong.

I decided to use SMTP proxy to see, what the Gmail does and if the messages are delivered to my e-mail provider. This setup will enable me to collect vital information on my own and see if everything works all right.

After short googling I decided to choose E-MailRelay, because it seemed to be well documented. Installation under Ubuntu or Debian is very simple, just type:

sudo dpkg -i emailrelay_1.9_amd64.deb

This installs the service and starts it. That is, however, only beginning, as E-MailRelay service needs to be properly configured. The user guide and reference page are rich in information, but sometimes I felt confused.

What you need to do at the beginning is to create separate user (with its own group) for the service:

sudo useradd -r -s /bin/false emailrelay

To make your work easier (i.e. allow you to read the files created by the application), add your own user to the emailrelay group (substitute krzysztofr with your own username):

sudo usermod -a -G emailrelay krzysztofr

Now it’s time to configure the service. You may look up the configuration parameters at the aforementioned reference page, so here I will only list what you need to uncomment or modify in the /etc/emailrelay.conf to run the service in the “store-and-forward MTA” mode:

filter /home/krzysztofr/scripts/emailrelay/msg-copy
server-auth /etc/emailrelay.auth
client-auth /etc/emailrelay.auth
poll 0
user emailrelay

Important parameters are filter, which defines, what script has to be run to process the messages and forward-to, which says where the e-mail are going to be forwarded. In this case, would be the SMTP server of my e-mail provider. The application sends all logs to /var/log/syslog and it seems to be impossible to change it.

Next, you need to edit the file /etc/emailrelay.auth (you may need to create it, if it’s not present):

server LOGIN local_login local_pass
client LOGIN remote_login remote_pass

In this case, server line contains login information of the E-MailRelay SMTP server that would run on the local machine, while the client line contains information about SMTP username and password on the machine (the one defined in the forward-to parameter). As a security measure, I suggest to change the permissions to this file, so that only the owner (root) may read it:

chmod 600 /etc/emailrelay.auth

Now, the E-MailRelay is ready to run – you just need to restart it with:

sudo service emailrelay restart

We just need to write the filter, that would copy all the incoming messages to the backup folder for further investigation. It may be easy accomplished with small python script, that copies the message (which full path is provided in the argument) to the storage folder in the script’s directory:

#!/usr/bin/env python

import sys,shutil

# source given as a first argument from emailrelay
source_path = sys.argv[1]

# copy to 'storage' directory in the script's dir
dest_path = '/'.join(sys.argv[0].split('/')[:-1])+'/storage/'+sys.argv[1].split('/')[-1]
shutil.copy(source_path, dest_path)

Let’s save the script in the msg-copy file and make it executable:

chmod a+x msg-copy

Now, create the storage directory and allow the E-MailRelay to write inside:

mkdir storage
chmod 770 storage
chgrp emailrelay storage

And that’s it. Now you just need to provide proper SMTP information to your e-mail client: hostname of the machine where the E-MailRelay runs, along with the username and password defined above. Every message received by the daemon would be copied to the storage directory and then forwarded to given SMTP server.

Always up-to-date code from this article might be found in the Github repository.

Important security note: be aware of what you are doing. Stored messages may contain confidential information. Configuration file (/var/emailrelay.auth) will contain important login credentials. As a extra task you may want to:

  • modify the python script, so it parses the file and stores only headers (maybe sends them to some database);
  • enable TLS encryption of the SMTP service.