Force a sender's email to quarantine?
jakelly at chapman.edu
Wed Jan 20 18:31:04 GMT 2010
We have a very similar script watching our outbound mail logs. To
"quarantine" the suspect outbound mail we use the script itself (perl,
in our case) to add the suspect messages' from address with a redirect
action into the postfix sender_restrictions table on the gateway(s) and
then regenerate the .db.
from at large.chinese.isp REDIRECT quarantine-acct at ourdomain.tld
If the spammer changes the from, the script notices and adds the new
We use scripts to resend the messages in the quarantine account with the
original from/to if they turn out to be false positives.
IS&T Network Operations
Email: jakelly at chapman.edu
CHAPMAN UNIVERSITY WILL NEVER ASK FOR YOUR PASSWORD!
DO NOT SHARE YOUR PASSWORD WITH OTHERS!
If you wish to modify your Chapman email address account information:
Use the account management web page at
Call the Chapman University helpdesk at (714) 997-6600, or
Contact helpdesk at chapman.edu.
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Robert
Sent: Wednesday, January 20, 2010 10:03 AM
To: MailScanner discussion
Subject: Force a sender's email to quarantine?
[In gmane I see this subject question has been asked, but I saw no
We have an application that helps us shut down SPAM email being sent
out from a compromised account.
(Invariably compromised after the account owner replied to some phishing
The application tails the maillog and keeps data to detect when any
individual account starts to send a lot of email.
Right now the action is to send a page to our team.
We then access the gateway that sent the page and make a guess if it
could be legitimate or really a spammer.
We would like to change the application to put all of the email from
the identified account into a quarantine file.
Using postfix and MailScanner, we might have opportunities to use either
Due to MailScanner using the postfix hold que to pass email to
MailScanner, I do not think we have the possibility of having postfix
put the selected email on hold.
I am looking for a way to use MailScanner to quarantine all the user's
email (whole message) as queue files.
Any suggestions as to which MailScanner features could be used to do
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
MailScanner mailing list
mailscanner at lists.mailscanner.info
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner