[exim] Working with Exim queue metadata (was: View attachmen…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MMKerwin@HIMAP at ->
Delete this message
Reply to this message
Author: Peter Savitch
Date:  
To: Eric
CC: exim-users
Subject: [exim] Working with Exim queue metadata (was: View attachments in queue?)
I hope list users will forgive me. Not everybody know that Exim is almost incapable of MIME multipart handling (at least, Exim does not have intrinsic 100% MIME conformance because it's MTA, not MUA). If reader concerned on MIME handling and control policy, then just exiscan, http://duncanthrax.net/exiscan-acl/.

Reader of this memo should be familiar with MIME.

So, tо view the attachments in the queue, one can:

1) Find the message in Exim's queue using -bp option:

# exim -bp 

0m   259 1CA3To-0001vO-2P <somebody@???>
          otherbody@???


1*) If you do not want Exim to deliver the message while you investigating it, then freeze it manually with -Mf option (you can always thaw the message back with -Mt):

# exim -Mf 1CA3To-0001vO-2P
Message 1CA3To-0001vO-2P is now frozen 

# exim -bp
24m   12K 1CA3ad-0001w1-J6 <somebody@???> *** frozen ***
          otherbody@???


2) Examine the metadata and MIME contents of the message in the queue, using message's internal Exim id (do not mess with the Message-Id header, this usually different than Exim's). Use -Mvh option:

# exim -Mvh 1CA3ad-0001w1-J6 

...
128P Received: from root by relay.domain.org with local-smtp
        id 1CA3ad-0001w1-J6
        for otherbody@???; Wed, 22 Sep 2004 13:32:16 +0400
014  Subject: TEST
047I Message-Id: <1CA3ad-0001w1-J6@???>
026F From: somebody@???
038  Date: Wed, 22 Sep 2004 13:32:12 +0400
018  MIME-Version: 1.0
081  Content-Type: multipart/mixed;
        boundary="----_=_NextPart_001_01C4A085.E3E1FF30"
028T To: otherbody@???


One could note the `I', `F' and `T' letters that obviously marks the appropriate headers (Message-Id, From and To). These things are described well in specs, chapter 49, Format of spool files, and can be used by custom software that examines Exim's spool zone (queue).

3) Extract the message body from the queue. Like the latter one, but -Mvb:

# exim -Mvb 1CA3ad-0001w1-J6

1CA3ad-0001w1-J6-D
This is a multi-part message in MIME format. 

------_=_NextPart_001_01C4A085.E3E1FF30
Content-Type: multipart/alternative;
        boundary="----_=_NextPart_002_01C4A085.E3E1FF30"



------_=_NextPart_002_01C4A085.E3E1FF30
Content-Type: text/plain;
        charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


[snip] 

------_=_NextPart_001_01C4A085.E3E1FF30
Content-Type: image/jpeg;
        name="5019.jpg"
Content-Transfer-Encoding: base64
Content-Description: 5019.jpg
Content-Disposition: attachment;
        filename="5019.jpg"


/9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAAPAAA/+4AJkFkb2JlAGTAAAAAAQMA
FQQDBgoNAAAI1QAAC6QAABLHAAAcyP/bAIQABgQEBAUEBgUFBgkGBQYJCwgGBggLDAoKCwoKDBAM
DAwMDAwQDA4PEA8ODBMTFBQTExwbGxscHx8fHx8fHx8fHwEHBwcNDA0YEBAYGhURFRofHx8fHx8f
[...]

As you can see, the first line is the message id, followed by MIME entities, that is, the message body. If you are interested in images, find the string `Content-Type: image/'. Then, skip the MIME part headers, take the base64-encoded image (with text editor) and blow it to mimencode -u:

# cat encoded.txt | mimencode -u -o image.jpg

Exact file extension can be looked up in the part headers, by content-type, or by filename parameter. Looks ugly, some automated things could be done, but if you want to control ALL images, you are going to use spam scanning tools. It's not possible to do such things by hand. BTW porn images are caught well by special spectral analysis, because human skin color spectral curves are known a priori ;-)

4) Okay, when you are done with the message, you should decide what to do next: either to deliver it in a normal way or drop (remove from the queue). In the latter case, you can choose between kicking it off silently or giving the bounce to the sender.

To simply thaw (release, opposite to -Mf option) the message and give it back to the SMTP world:
# exim -Mt 1CA3To-0001vO-2P

To kick off the message silently (-Mrm sounds like POSIX `rm' command):
# exim -Mrm 1CA3To-0001vO-2P

To give up and bounce (simulate permanent delivery failure):
# exim -Mg 1CA3To-0001vO-2P

To skip the delivery to address otherbody@???:
# exim -Mmd 1CA3To-0001vO-2P otherbody@???

And, to change the envelope sender:
# exim -Mes 1CA3To-0001vO-2P othersender@???

5) And for now, some advanced things. If you've got an urgent condition and need to wipe the queue in emergency then use tools like awk, sed, grep, etc combined with Exim's -bp and -Mrm options. One could do the things like:

exim -bpr \
| fgrep '<somebody@???>' \
| awk '{ print $3; }' \
| xargs -n 32 exim -Mrm

In this sample, we get the ids of messages sent by somebody@??? (note brackets!) and ask Exim to remove them, splitting by chunks of 32. You can of course use -Mf option instead of -Mrm to just freeze the messages for further investigation.

PS
Though this memo copies the manual, it gives the way of sample using Exim's options not everybody knows but yet useful. Especially with large queues ;-)


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] exim on MacOSX[exim] Exim 4 & SpamAssassin problem->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)