Interesting ipchains Challenge

I'm trying to setup a test environment for two mail servers to receive
the exact same email in order to compare the two for spam detection
accuracy. I thought that a novel way to do this would be to implement
the following ipchains rules, but I don't know if ipchains can do what
I need it to...

For traffic coming in on port 25, accept the packet locally, untouched,
and deliver it to the SMTP Daemon. Additionally, take all data coming
in on Port 25 to my IP address (10.1.1.1) and send a copy of it out,
changing the destination IP address from 10.1.1.1 to 10.1.1.2 (the test
server).

The desired result is:

1) Not change the live mail server in any way that affects processing
of mail.
2) Final result to have two mail servers, one for users, and one for me
to play mad scientist with. Both servers receive the exact same email,
without passing through local MTA's and contaminating the headers.
Can I use ipchains to accomplish this?

In article <(E-Mail Removed) om>, Linux-Mike wrote:
> For traffic coming in on port 25, accept the packet locally, untouched,
> and deliver it to the SMTP Daemon. Additionally, take all data coming
> in on Port 25 to my IP address (10.1.1.1) and send a copy of it out,
> changing the destination IP address from 10.1.1.1 to 10.1.1.2 (the test
> server).

TCP utilises handshaking, acknowledgments, retransmission, window sizing and
all sorts of things that are not going to make any implementation of this
reliable.

Maybe you could either use a proxy that receives the mail and distributes
it to multiple servers, or just use something like rsync to keep the mail
spools on both systems identical.

Paul

(E-Mail Removed) wrote:

> In article <(E-Mail Removed) om>,
> Linux-Mike wrote:
>> For traffic coming in on port 25, accept the packet locally, untouched,
>> and deliver it to the SMTP Daemon. Additionally, take all data coming
>> in on Port 25 to my IP address (10.1.1.1) and send a copy of it out,
>> changing the destination IP address from 10.1.1.1 to 10.1.1.2 (the test
>> server).
>
> TCP utilises handshaking, acknowledgments, retransmission, window sizing
> and all sorts of things that are not going to make any implementation of
> this reliable.
>
> Maybe you could either use a proxy that receives the mail and distributes
> it to multiple servers, or just use something like rsync to keep the mail
> spools on both systems identical.
>
> Paul

Also I would think that two separate servers are not going
get identical e-mail. The way spammers foil this type of
detection is to add random characters inside the mail and/or subject
headings etc when sening to different recipients.