Capture triggered via LDAP attributes
The LDAP capture attribute (the exact attribute name is site-chosen, and specified via the
ldap_capture MTA option) provides a way to tell the MTA to "capture" a copy of each message sent to or from a user who has the attribute present. The capture copy will be sent to the value (the address) specified in the LDAP capture attribute. Normally, the LDAP capture attribute itself should be configured in the LDAP directory as an attribute that the user can neither set nor even see themselves; that is to preserve the covert nature of the LDAP capture attribute.
Multiple capture attributes may apply to a particular user, or particular message copy (due either to multiple attributes on one user, or to attributes on both sender and recipient(s)).
New in MS 8.0, the MTA also supports enabling capture at the domain level; see the
ldap_domain_attr_capture MTA option.
See Format of captured message copies for a discussion of the format of captured message copies.
Note that (LDAP attribute triggered) capture of messages that a user sends is triggered during address reversal, and hence in order to capture the messages that the user sends, it is critical to be performing address reversal, and in particular properly configured address reversal. See Intended side effects of LDAP address reversal.
(In the interests of symmetry and completeness, it could be noted that (LDAP attribute triggered) capture of messages to a user is triggered during LDAP alias expansion for the user (
alias_urlN lookups), so for capture of messages to a user it is critical that such LDAP alias lookups be configured as normal. However, LDAP alias lookups are such a fundamental part of normal MTA operation, that unless a site has intentionally modified their configuration in abnormal ways, it would be very unusual for this to be a concern. This is in contrast to address reversal which, though strongly recommended nowadays, may still be omitted from older configurations at some sites.)