I got a call today from the FBI. The person I spoke to was very nice, if not particularly tech-savvy. She was trying to track down an email message that was forwarded through my server in December of 2001, and would I possibly have a copy of that? She really didn’t give me very much information, so I can only surmise that somebody relayed a message through my server in a moment when it was misconfigured, and so the message had been traced back to me. Apart from that, I can’t figure out what it had to do with me. I suppose I could get all paranoid about it, and try to figure out who is trying to get dirt on me, but, then, I’m not sure what dirt anybody *could* find on me. Still, it kinda freaked me out, and I’m not entirely sure why. Very unpleasant.
But, seriously, does anybody actually log email messages that pass through their MTA? And if so, why, and how?
===
Clarification: I’m not quite so clueless as to be unaware that most MTAs syslog that a message was received or sent. I’m talking about logging the *body* of the message. That seems like a recipe for a DoS. Just send a few dozen multi-megabyte attachments, and fill up the log volume.