Question about QuarantineReport-Script and MS

Marcel Blenkers marcel-ml at IRC-ADDICTS.DE
Thu Dec 30 13:55:52 GMT 2004 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi there,

and sorry for the late answer..

On Thu, 23 Dec 2004, Steve Swaney wrote:

[...]
>
> I haven't followed the whole thread so I may be off base here but since one
> of our staffers wrote the release from quarantine script on our website I'm
> at least familiar with it.
>
> If you're using a release from quarantine script, you should set your MTA to
> split a message to multiple recipients into individual emails one for each
> recipient. This way each recipient can release their own email.
>

as i haven´t change a thing, but it seems to split those mails for every
recipient, i guess ms does this for me ;)

My Problem is not that it is not splitting those mails..

as the mails got scanned via MS, and the script need to send those mails
via sendmail, i had to insert the postmaster into the whitelists for ms
and spamassassin. thats the first thing..

second:

as the script only handles mails saved in complete, all mails considered
as virus-infected are also saved in one message-file..
so, if someone of my users would like to have this mails delivered, i have
to use the command

sendmail -toi ...

but..this only puts the mail into the ms-check-queue..

so, the mail again will be considered virus-infected..only workaround (as
far as i can see it) is to stop ms, start only sendmail, deliver this
mail, sto sendmail again, and start ms again..

a bit unhandy..i think..

or i could put the sender in the "not to scan"-list.

So it would be easy to use queue-files again, as i can put those two files
for the mail into the mailqueue for sendmail itself..and sendmail would
send it without ms interfering...

So my idea was the following two:

idea 1:

Julian could insert some extra config on virus-infected and spam-infected
mails, how to save those two..so, everyone could switch the toggle for
himself..so i would save spams as one message file and virus-infected as
queue-files.

idea 2:

There is the "clean-quarantine"-script written by julian..

maybe there would be the possiblity to create a script which could go
throgu the spam-dirs, and send the users one report, only with the
from-header, the subject and the message-id.As this are only the infos,
the would receive, after creating the notify-mail..
But..as some users are receiving a lot of spam, they say, that those
notify-mails are even like spam in their eyes..as those mails are created
on _every_ incoming mail..they would love to have only one mail a day..
maybe someone could make a ruleset for the recipients..

for those, who do not care just create a mail on very incoming mail, for
those, with a lot mails (like me..about 100 a day) one report a day..does
not need to be an html-script, for those to click on..just makes their
live a lot easier..but they never said a word about just receiving the
info-mail and they had to send this to the postmaster, who could release
the mail again..if the wanted to..

But..the script should be made clear, that it only sends mail to those
users, who really want those mails..so default should be "no report at
all", as some spams, do have in their "To-Field" again the sender of the
spam, and the real recipient on my maschine only in the bcc or cc fields..
and if i cannot stop those mails to be sended out to the senders, i would
send a lot unwanted mails around.. ;)

(I hope everything was understandable until this point!)
@steve:

The Quarantine-Script works like a charm, but i had to do some adjustments
to my configs and to the script, maybe i could give some hints for the
readme-file?

1. You should make clear, that the user has to change the url within the
Emails.pm..because if they do not change it, the link would be something
like "http://osiris...". So this would be really important ;)

2. You should point out, that they should check for the chgrp-command,
because for example on my maschine, the webserveris _not_ running within
the group apache..

3. Someone should check the links to the original-files..as the webserver
on my maschine for example was not able to read those mail-files, as they
are original only readable for the mail-server.. and not for his group or
something like that.
I think the copy-command would help a lot here?


4. To release those mails, ms and sa should know postmaster as
whitelisted..or not check the mails from postmaster at localhost, because
else the mails will not slip through..

5. Make clear, that only whole message-files are handled..no queue-files..



So..what i am saying is:

The Quarantine-Script works fine..after some adjustments..but, as the user
never said a word about the original notify-mail, but only said a word
about the amount of notifies (if they receive a lot of spam), the option
only to send one big notify-mail in the form of the original-notify-mail,
but with all spam-mails of that day, maybe this would be a great idea for
the future release of ms?


So..

that should be it..

wish you all a great new year..

Marcel

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list