Re: [exim] Working with Exim queue metadata (was: View attac…

Top Page
Delete this message
Reply to this message
Author: Kerwin@HIMAP
Date:  
To: Peter Savitch
CC: exim users
Subject: Re: [exim] Working with Exim queue metadata (was: View attachments inqueue?)
What if it has no sender there?what does it mean?when only <>is present...
----- Original Message -----
From: "Peter Savitch" <x765y@???>
To: "Eric" <exim@???>
Cc: <exim-users@???>
Sent: Wednesday, September 22, 2004 6:27 PM
Subject: [exim] Working with Exim queue metadata (was: View attachments
inqueue?)


I hope list users will forgive me. Not everybody know that Exim is almost
incapable of MIME multipart handling (at least, Exim does not have intrinsic
100% MIME conformance because it's MTA, not MUA). If reader concerned on
MIME handling and control policy, then just exiscan,
http://duncanthrax.net/exiscan-acl/.

Reader of this memo should be familiar with MIME.

So, tо view the attachments in the queue, one can:

1) Find the message in Exim's queue using -bp option:

# exim -bp

0m   259 1CA3To-0001vO-2P <somebody@???>
          otherbody@???


1*) If you do not want Exim to deliver the message while you investigating
it, then freeze it manually with -Mf option (you can always thaw the message
back with -Mt):

# exim -Mf 1CA3To-0001vO-2P
Message 1CA3To-0001vO-2P is now frozen

# exim -bp
24m   12K 1CA3ad-0001w1-J6 <somebody@???> *** frozen ***
          otherbody@???


2) Examine the metadata and MIME contents of the message in the queue, using
message's internal Exim id (do not mess with the Message-Id header, this
usually different than Exim's). Use -Mvh option:

# exim -Mvh 1CA3ad-0001w1-J6

...
128P Received: from root by relay.domain.org with local-smtp
        id 1CA3ad-0001w1-J6
        for otherbody@???; Wed, 22 Sep 2004 13:32:16 +0400
014  Subject: TEST
047I Message-Id: <1CA3ad-0001w1-J6@???>
026F From: somebody@???
038  Date: Wed, 22 Sep 2004 13:32:12 +0400
018  MIME-Version: 1.0
081  Content-Type: multipart/mixed;
        boundary="----_=_NextPart_001_01C4A085.E3E1FF30"
028T To: otherbody@???


One could note the `I', `F' and `T' letters that obviously marks the
appropriate headers (Message-Id, From and To). These things are described
well in specs, chapter 49, Format of spool files, and can be used by custom
software that examines Exim's spool zone (queue).

3) Extract the message body from the queue. Like the latter one, but -Mvb:

# exim -Mvb 1CA3ad-0001w1-J6

1CA3ad-0001w1-J6-D
This is a multi-part message in MIME format.

------_=_NextPart_001_01C4A085.E3E1FF30
Content-Type: multipart/alternative;
        boundary="----_=_NextPart_002_01C4A085.E3E1FF30"



------_=_NextPart_002_01C4A085.E3E1FF30
Content-Type: text/plain;
        charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


[snip]

------_=_NextPart_001_01C4A085.E3E1FF30
Content-Type: image/jpeg;
        name="5019.jpg"
Content-Transfer-Encoding: base64
Content-Description: 5019.jpg
Content-Disposition: attachment;
        filename="5019.jpg"


/9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAAPAAA/+4AJkFkb2JlAGTAAAAAAQMA
FQQDBgoNAAAI1QAAC6QAABLHAAAcyP/bAIQABgQEBAUEBgUFBgkGBQYJCwgGBggLDAoKCwoKDBAM
DAwMDAwQDA4PEA8ODBMTFBQTExwbGxscHx8fHx8fHx8fHwEHBwcNDA0YEBAYGhURFRofHx8fHx8f
[...]

As you can see, the first line is the message id, followed by MIME entities,
that is, the message body. If you are interested in images, find the string
`Content-Type: image/'. Then, skip the MIME part headers, take the
base64-encoded image (with text editor) and blow it to mimencode -u:

# cat encoded.txt | mimencode -u -o image.jpg

Exact file extension can be looked up in the part headers, by content-type,
or by filename parameter. Looks ugly, some automated things could be done,
but if you want to control ALL images, you are going to use spam scanning
tools. It's not possible to do such things by hand. BTW porn images are
caught well by special spectral analysis, because human skin color spectral
curves are known a priori ;-)

4) Okay, when you are done with the message, you should decide what to do
next: either to deliver it in a normal way or drop (remove from the queue).
In the latter case, you can choose between kicking it off silently or giving
the bounce to the sender.

To simply thaw (release, opposite to -Mf option) the message and give it
back to the SMTP world:
# exim -Mt 1CA3To-0001vO-2P

To kick off the message silently (-Mrm sounds like POSIX `rm' command):
# exim -Mrm 1CA3To-0001vO-2P

To give up and bounce (simulate permanent delivery failure):
# exim -Mg 1CA3To-0001vO-2P

To skip the delivery to address otherbody@???:
# exim -Mmd 1CA3To-0001vO-2P otherbody@???

And, to change the envelope sender:
# exim -Mes 1CA3To-0001vO-2P othersender@???

5) And for now, some advanced things. If you've got an urgent condition and
need to wipe the queue in emergency then use tools like awk, sed, grep, etc
combined with Exim's -bp and -Mrm options. One could do the things like:

exim -bpr \
| fgrep '<somebody@???>' \
| awk '{ print $3; }' \
| xargs -n 32 exim -Mrm


In this sample, we get the ids of messages sent by somebody@??? (note
brackets!) and ask Exim to remove them, splitting by chunks of 32. You can
of course use -Mf option instead of -Mrm to just freeze the messages for
further investigation.

PS
Though this memo copies the manual, it gives the way of sample using Exim's
options not everybody knows but yet useful. Especially with large queues ;-)

--
## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##