I have a customer I suspect is using his account to commit credit card fraud. I would like to get a copy of all received and sent e-mails from his domain, to store them in case I should contact the authorities to report him. However, the only e-mails I can read, are those in his inbox before he takes them, and he takes his e-mails every minute ( which I allow ), which doesn't leave a very good picture of what he does. I know I can setup a forwarder to another e-mail address in the email configuration file, but that fowarder will be shown in the Cpanel forwarder config for his domain. He does setup forwarders frequently ( adding new names and removing old ones ), as his frauds continue. As for catching the e-mails sent via my SMTP server, I have NO idea where to start to get a copy ! Of course, I don't want to get copies of ALL the e-mails sent and received on my server, but if it is that it takes, I could always do it... Problem is not only that I am afraid I will get a warrant for his e-mails, but also that I would prefer to stop him BEFORE such a warrant arrive and be prepared to cooperate with the authorities.