--On Friday, June 23, 2006 6:59 PM -0500 [EMAIL PROTECTED] wrote:
even `mutt -f mbox_file' would be an easy way to see what exactly is being shipped out the door.
Except that that only displays what a user sees. When I'm doing forensics, I want to see the raw file and all the protocol, like the relay that sent it and the envelope. (I added code to log the relay to a separate file in my quarantine.)
I have a script that lists all files in my quarantine periodically and emails the list to me. I then look at the list, take appropriate action on each message, and move all the directories to an archive directory (/var/spool/MD-Quarantine-OLD). I can then grep the archive directory to analyze trends (eg. relays to add to my firewall, or a misconfigured MX that's forwarding too much spam to my primary.)
_______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
