Introduction

In some environments, administrators may need to create a copy of all incoming and outgoing email messages for monitoring, compliance, auditing, or backup purposes. On cPanel/WHM servers running Exim, this can be achieved by configuring a custom Exim system filter that silently forwards (blind carbon copies) email messages to a designated external email address. This method allows administrators to receive copies of email traffic without modifying individual mailbox settings.

Prerequisites

Before proceeding, ensure that:

  • You have root access to the server.
  • The server is running cPanel/WHM with Exim as the mail server.
  • You have SSH access to the server.
  • You understand the privacy, legal, and compliance requirements applicable to monitoring email communications in your environment.
  • The destination email address is hosted outside the monitored domain to avoid mail loops.

Procedure

Step 1: Create a Copy of the Existing Exim System Filter

Navigate to the /etc/ directory and create a backup copy of the current system filter:

cp /etc/cpanel_exim_system_filter /etc/cpanel_exim_system_filter2

Step 2: Edit the New System Filter

Open the newly created file:

vi /etc/cpanel_exim_system_filter2

Add the following lines to the bottom of the file:

if ("$h_to:, $h_cc:, $h_bcc" contains "domain.com")
then
  unseen deliver "monitor@example.com"
endif

if $sender_address: contains "domain.com"
then
  unseen deliver "monitor@example.com"
endif

Replace:

  • domain.com with the domain you want to monitor.
  • monitor@example.com with the destination email address that will receive copies of the messages.

Step 3: Configure Exim to Use the New System Filter

  1. Log in to WHM.
  2. Navigate to:WHM » Exim Configuration Manager » Advanced Editor
  3. Locate the System Filter File setting.
  4. Change the path to:
/etc/cpanel_exim_system_filter2
  1. Save the configuration and restart Exim if prompted.

Step 4: Test Email Delivery

Send and receive emails using accounts under the monitored domain and verify that copies are delivered to the specified destination mailbox.

Important Notes

  • Do not use a forwarding address on the same domain being monitored, as this may create mail delivery loops.
  • Ensure the destination mailbox has sufficient storage capacity.
  • Review local laws, privacy policies, and organizational requirements before implementing email monitoring.

Conclusion

By creating a custom Exim system filter, you can automatically forward copies of all incoming and outgoing emails for a specific domain to a designated mailbox. This configuration is useful for auditing, compliance, monitoring, and archival purposes. After implementation, regularly review mail logs and monitor the destination mailbox to ensure email forwarding continues to function as expected.

Post Views: 102

Leave a Reply