Hi, I want to do some action based on the Received: headers of infected emails (specifically: call snmpget to block the switch port of the infected computer, the first "Received:" always contains their hostname). We have a problem with users (or rather, W32/Klez) using false MAIL FROM and RCPT TO settings and so cannot track the originator with the information qmail-scanner currently provides in the notification emails.
Where in qmail-scanner would I have to do this? As a first step, how/where do I extract the Received: headers so that it appears in the notification e-mail sent to root? -- mfg, Jens Benecke /// www.hitchhikers.de, www.linuxfaq.de, www.linux.ms This mail is an attachment? Read http://www.jensbenecke.de/misc/outlook.html ---------------------------------------------------------------------------- Bringing you mounds of caffeinated joy >>> http://thinkgeek.com/sf <<< _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
