Quarantine Directory

[Glenn Steen]

On 05/05/06, Jeff A. Earickson <jaearick at colby.edu> wrote:
> Andrew,
>
> Whatsamatter, vi not good enough for you?? :)

If it was, there would be no vim:-):-)

>
> If you are using sendmail, you can see what is in a quarantine
> directory with:
>
> usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/whereever, eg
>
> /usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/20060505/k45EfZEa020990
>
> Maybe write a shell script to do something like:
>
> #/usr/bin/ksh
> for msgid in `ls -1 /var/spool/MailScanner/quarantine/20060505`
> do
>     /usr/lib/sendmail -v -bp -OQueueDirectory=/var/spool/MailScanner/quarantine/20060505/$msgid
> done
>
> something like that for various dates and msgids.  Or loop thru the
> directories then grep for the msgids in your syslog.
>
> Jeff Earickson
> Colby College
>
If it's Postfix and you are storing as queue files, use "postcat
/path/to/filename" ... Example:
# postcat /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D
| less -e
If not storing as queue files, then the message is decoded in the file
named message ... and the spam quarantine would contain decoded
messages too... Example:
# file /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D
/var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D: RFC
822 mail text
# less -e /var/spool/MailScanner/quarantine/20060505/spam/F3AC284127.5615D
....
The virus/dangerous content quarantine is very similar, but there you have
# ls -l /var/spool/MailScanner/quarantine/20060503/475CF840FA.636D0/
totalt 28
-rw-rw----  1 postfix apache 12364 maj  3 01:55 message
-rw-rw----  1 postfix apache 11102 maj  3 01:55 msg-12029-9.html
# less -e /var/spool/MailScanner/quarantine/20060503/475CF840FA.636D0/message
....
etc etc

But Steve is right, the most convenient way is definitely MailWatch:
http://mailwatch.sf.net

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se