Sean Wallbridge
Ok, this served me very well today. In my particular case, I was trying to determine if Mailsweeper was tampering with S/MIME messages.
If you need to analyze a Mailsweeper Message before and after it has passed through Mailsweeper for SMTP 5.2, do the following:
What we need to determine is how the message is changing as it passes through mailsweeper. To do this we need to grab a test message (one that is getting corrupted) from out of the queues as it’s being processed. We will need to grab a before and after sample.
You can do this by stopping the SMTPSS and sending a test message in to mailsweeper (note, unless you are really quick, you should stop the infrastructure service too so that it doesn’t auto restart the others).
The message pair (msg and rcp) should get caught in the Content Analysis/Normal directory. Copy this pair out. (There may be other pairs in there too so you will need to determine which one is the test message. You can open the .msg file with notepad)
Then stop the SMTPDS and start SMTPSS – the same pair with move to the Checked folder now.
Copy the pair out again.
Voila!