On 2007-01-02, at 1354, Scooter Chanman wrote:
I still had one question about reinjectiong though. Lets say an email comes in from a mailing-list and has many addresses in the To: field and only one of them is a user on my system. Then the message gets quarantined and later I decide to reinject it back into the queue for delivery. Is this message going to get sent to just my user or all the users in the To: list or just the person in my domain?
that depends on how you do the injection.if, when you quarantined the message, you also kept a record of the original envelope sender and recipient addresses for which the delivery was intended, then when you re-inject it, you can specify that exact sender and recipient for the delivery (on qmail-inject's command line.) the idea is that the "From:", "To:", "Cc:" or "Bcc:" headers don't mean anything.
if you did NOT keep a record of the original envelope sender and recipient, then in reality you have no 100% reliable way to tell who the original envelope sender and recipient were. you can SOMETIMES guess this information based on the in-message headers (i.e. "From:", "To:", "Cc:", etc.) but this is not 100% reliable, and sometimes these headers are not even there (or have nothing to do with the original recipient, if they were a "Bcc:" target from the original sender, or if the message came from a mailing list which just copies the original poster's "To:" header.
that's the generic answer. now we get into the specifics for qmail- scanner.
qmail-scanner does not have any 100% reliable way to tie a quarantined message back to the original sender and recipient. it DOES keep a log of them (the "quarantine.log" file) but the entries in that log don't explicitly identify which message in the quarantine area they refer to. the entries in this log file contain, all on one line, separated by TAB characters...
- the date/time that the message was quarantined - the envelope sender - the envelope recipient - the subject - what virus or problem caused the quarantine- which virus scanners and versions of the definitions were active at the time
this means that if you have a relatively non-busy server you can usually pick the entries out by hand, but if somebody hits you with twenty copies of the same message and they all get quarantined and logged within the space of one second, you'll have twenty log entries with identical timestamps and subject lines, but different recipients (and possibly different senders), making it impossible to reliably tell which log entry corresponds to the message you're looking at.
and using the "From:", "To:", and "Cc:" headers to try and figure out the sender and recipient is not reliable either. some BROKEN mailing lists (like this one) forward the messages using the original "From:" and "To:" headers that they received, so when it shows up in your mailbox the "From:" and "To:" headers reflect the original sender (which means when you hit "Reply" you also have to manually put the mailing list in, or you end up replying to just the original sender by mistake.)
think about it- just because there are twenty people listed in the "To:" and "Cc:" headers, doesn't mean you are responsible for all of them. granted, if only one of them is on your machine, that's rather simple (you pretty much KNOW who's supposed to get it.)
but let's say five out of twenty are hosted on your machine... that means that the message you're looking at might have had five envelope recipients, or it might have been one of five messages with one envelope recipient each. you now have to search your own logs and possibly look in the inbox folders of the three recipients to figure out where this one is supposed to go, and even then you run the risk of sending it to all five and giving some of them duplicate copies of the message.
even better... let's say the only "To:" header contains the address of a mailing list, and no other standard header contains anything relating to your server. what are you supposed to do then?
it may be that if you run qmail-scanner in debug mode, that the envelope sender and recipient(s) for each message would be logged in the debug log, and that those entries could be somehow linked (via pid?) to the "quarantining message" entry... if so, it just means you have to go through a manual process to re-discover the envelope sender and recipients, and pass that information on qmail-inject's command line.
but the real solution would be for quarantine.log file to also contain the filename from the quarantine directory. this would enable you to positively link the file back to the original log entry, giving you the envelope information on a silver platter.
The mailinglist is not run or stored on my machines or in my domain and I don' t want qmail deciding that it should mail it to all the people and they end up getting duplicates because of the system I maintain.
good idea. ---------------------------------------------------------------- | John M. Simpson --- KG4ZOW --- Programmer At Large | | http://www.jms1.net/ <[EMAIL PROTECTED]> | ---------------------------------------------------------------- | http://video.google.com/videoplay?docid=-4312730277175242198 | ----------------------------------------------------------------
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Qmail-scanner-general mailing list Qmail-scanner-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
