Problem with Quarantine

[Mark Sapiro]

On 03/11/2016 05:30 AM, Heino Backhaus wrote:
> try:
> sendmail -t <
> /var/spool/MailScanner/quarantine/20160311/spam/850CD189AEE.A6C01
> for example...


This is probably a bad idea. '-t' will resend the message to all the To:
and Cc: addresses in the message. Some of these will already have been
delivered, perhaps to other domains, and the address this one was for
may not even be in To: or Cc:

Using as an example a message on my system that's at
/var/spool/MailScanner/quarantine/20160310/spam/3B32011E135F.AF313 , and
assuming Postfix, if you grep your mail log for 3B32011E135F (without
the .AF313 part) you will see several hits including the one from the
message being put in the hold queue. This will look something like

Mar 10 04:43:02 sbh16 postfix/cleanup[4776]: 3B32011E135F: hold: header
Received: from allworld.modwest.com (allworld.modwest.com
[204.11.244.235])??(using TLSv1 with cipher ADH-AES256-SHA (256/256
bits))??(No client certificate requested)??by sbh16.songbird.com
(Postfix) from allworld.modwest.com[204.11.244.235];
from=<www-data at allworld.modwest.com> to=<century at grizz.org> proto=ESMTP
helo=<allworld.modwest.com>

Something like

grep '3B32011E135F.*to=<' /var/log/mail.log

will return that and

grep '3B32011E135F.*to=<' /var/log/mail.log | sed -e 's/.*to=<//' -e
's/>.*//'

will return just the recipient address.

Using this, you should be able to put together some scripts that will
list the file names in the relevant quarantine folder, find the
recipients of the messages and put that together to do a "sendmail
recipient_address < file_name" command.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan