[Mimedefang] Re: Simplified single purpose mimedefang-filter
Kenneth Porter
shiva at sewingwitch.com
Fri Jun 23 21:08:04 EDT 2006
--On Friday, June 23, 2006 6:59 PM -0500 reader at newsguy.com wrote:
> even `mutt -f mbox_file' would be an easy way
> to see what exactly is being shipped out the door.
Except that that only displays what a user sees. When I'm doing forensics,
I want to see the raw file and all the protocol, like the relay that sent
it and the envelope. (I added code to log the relay to a separate file in
my quarantine.)
I have a script that lists all files in my quarantine periodically and
emails the list to me. I then look at the list, take appropriate action on
each message, and move all the directories to an archive directory
(/var/spool/MD-Quarantine-OLD). I can then grep the archive directory to
analyze trends (eg. relays to add to my firewall, or a misconfigured MX
that's forwarding too much spam to my primary.)
More information about the MIMEDefang
mailing list