#bind again as agent so you can see mailListOwner, which is not visible to regular user accounts
    $message = $ldap->bind( $BINDDN, password => $LDAPPASS );

    $res = $ldap->search(
        base => "ou=mail aliases,dc=domain,dc=com",
        filter =>
          "(&(mail=${listname})(mailListOwner=${username}))",
        attrs => [ 'mail', $::qtnhostattr, 'mailHost' ],
    );
    $res->code() && die $res->error();
    $entry = $res->entry(0);
    
    #redirect to jmm, if not owner of mail list, or no mail list, print error
    if ($entry) {
	    $qtnhost = $entry->get_value($::qtnhostattr);
	    $mail    = $entry->get_value('mail');

	    if ( !$qtnhost || $qtnhost =~ /bulk-mx.domain.com/ ) {
	        print_form("Your account is not eligible for a quarantine.");
	        exit(0);
	    }
	
        my $mp = MPadmind->new();
        $mp->connect( $qtnhost, 10243 )
          or die("Error connecting to $qtnhost: $!");
        my $mpusername = $mail;

        #$mpusername = $username if ( !$mpusername );
        $mp->login( $mpusername, 'password' )
          or die("Error logging in to $qtnhost: $!");

        # this is apparently undocumented
        my $response = $mp->request( '_CGI', 'GET', 'SESSIONID' );
        if ( !MPadmind::is_response_ok($response) ) {
            die("Error obtaining session ID: $response");
        }
        my ($sessid) = MPadmind::tokenize($response);
		
        print CGI::redirect(
            "https://${qtnhost}/wm/spam/login.html?op=entry&sessionid=${sessid}"
        );
    }
    else {
        	print_form("Invalid list name.");
    }
}