Re: [Exim] Email locked problem.

Top Page
Delete this message
Reply to this message
Author: Kjetil Torgrim Homme
Date:  
To: Leonardo Boselli
CC: exim-users
Subject: Re: [Exim] Email locked problem.
On Tue, 2004-07-20 at 22:14 +0200, Leonardo Boselli wrote:
> On my site every e-mail senmt to a misspelled address is forwarded to
> the postmaster, to a specific account for these purpose, read and
> cleaned once a week.
> Some days ago a damned user im our network was so dumb to get a
> virus that tried to send a virus to every possible 4 to 8 letter address ...
> the system duly got them and delivered to the misaddressed mailbox.
> When i tried to read i was not able to do some operation such sorting
> and even deleting messages since it grown to 2GB FS limit.
> I renamed and a new one was created, with another 27000 messages,
> mostly os such virus (all sent in a few minutes ...).
> How can i (possibly using procmail) clean that huge file (the 2 GB one) .
> All that the rogue messages have in common is that \all have the same
> subject (and i can safly discard every message with such subject).


I've used this simple script in the past. give it the large file on
stdin, it will split the mail into individual files. as written, it
only allows filtering on the envelope sender address. you can add a
test like

if (/^Subject: exact subject/) {
--$count;
}

if you want a single file afterwards, you can

cat [0-9]* > spool


here's the script:

#!/usr/bin/perl
$count = '000001';

$except = "MAILER-DAEMON";

while (<>) {
        if (/^From /) {
                $mail = $count;
                if (/$except/o) {
                        $mail = "/dev/null";
                }
                print STDERR "writing $mail $_";
                open (S, ">$mail") || die "$mail: $!";
                select S;
                $count++;
        }
        print;
}


> Does {thesame|another}one have a suggestion on how to avoid the
> recurrency of the accident ?


well, you could start refusing addresses if the sender tries to send to
more than 10 unknown addresses in one go.

--
Kjetil T.