Posfix keeps mails in a binary format in folders under /var/spool/postfix, at least by default.
I want to write some tools for searching and filtering by the meta data of a large number (hundreds of thousands) of emails under /var/spool/postfix/deferred. Among other things, I want to find all queue IDs of mails sent from specific IP adresses so that they can be deleted. I'm having some problems understanding the binary format of the files though. It seems that the envelope records starts with the bytes "\x41\x16" and ends at the bytes "\x4d\x00". The records are separated by two bytes, the first of which is "\x41" and the second of which varies, and I don't understand the logic behind it. Is the binary format of these files documented anywhere? I have searched for quite a while with no luck. I get the sense that the format is so simple that it could be explained in a few paragraphs, but alas I haven't quite been able to make sense of it yet. Also, is the binary format of these files *stable*? As in, does the format change depending on which Postfix version created them? Any information related to the binary format of these files would be greatly appreciated. --- NB: I want to write my own tools for this partly for learning and fun, but also because tools like "postqueue" and "postcat" are just WAY too slow when we're talking about hundreds of thousands of mails, which some times happens when users of my mail servers get infected by spam scripts. -- View this message in context: http://postfix.1071664.n5.nabble.com/Is-there-any-documentation-on-the-binary-format-of-the-mail-files-under-var-spool-postfix-tp90656.html Sent from the Postfix Users mailing list archive at Nabble.com.
