Problem with Quarantine

Mark Sapiro mark at
Fri Mar 11 17:12:54 UTC 2016

On 03/11/2016 05:30 AM, Heino Backhaus wrote:
> try:
> sendmail -t <
> /var/spool/MailScanner/quarantine/20160311/spam/850CD189AEE.A6C01
> for example...

This is probably a bad idea. '-t' will resend the message to all the To:
and Cc: addresses in the message. Some of these will already have been
delivered, perhaps to other domains, and the address this one was for
may not even be in To: or Cc:

Using as an example a message on my system that's at
/var/spool/MailScanner/quarantine/20160310/spam/3B32011E135F.AF313 , and
assuming Postfix, if you grep your mail log for 3B32011E135F (without
the .AF313 part) you will see several hits including the one from the
message being put in the hold queue. This will look something like

Mar 10 04:43:02 sbh16 postfix/cleanup[4776]: 3B32011E135F: hold: header
Received: from (
[])??(using TLSv1 with cipher ADH-AES256-SHA (256/256
bits))??(No client certificate requested)??by
(Postfix) from[];
from=<www-data at> to=<century at> proto=ESMTP

Something like

grep '3B32011E135F.*to=<' /var/log/mail.log

will return that and

grep '3B32011E135F.*to=<' /var/log/mail.log | sed -e 's/.*to=<//' -e

will return just the recipient address.

Using this, you should be able to put together some scripts that will
list the file names in the relevant quarantine folder, find the
recipients of the messages and put that together to do a "sendmail
recipient_address < file_name" command.

Mark Sapiro <mark at>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list