Release a quarantined file (postfix)

Stephen Swaney steve.swaney at FSL.COM
Sat Jun 4 15:54:41 IST 2005 

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Rakesh
> Sent: Saturday, June 04, 2005 10:31 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Release a quarantined file (postfix)
> 
> Rabie van der Merwe wrote:
> 
> >Hi Ed,
> >
> >I also had issues with releasing mail, here is what I did and posted to
> the
> >group:
> >
> >Regards
> >Rabie
> >
> >PS This should release anything.
> >
> >----snip----
> >Thanx too all, it works, herewith all the changes that where required for
> >MailScanner 4.39. Also to make this more foolproof, one could add a 'AND
> >From: quarantine at mydomain.com' to the 'From: 127.0.0.1' (or whatever the
> >email address is of the sender of the quarantine proccess and should do
> this
> >if you have users on the local box who send mail.
> >Changes to MailScanner.conf:
> >Virus Scanning = %rules-dir%/virus.scan.rules Dangerous Content Scanning
> =
> >%rules-dir%/dangerous.content.scan.rules
> >Filename Rules = %rules-dir%/filename.rules Filetype Rules =
> >%rules-dir%/filetype.rules Spam Checks = %rules-dir%/spam.check.rules
> >
> >Files:
> >virus.scan.rules:
> >From:   127.0.0.1       no
> >FromOrTo:       default yes
> >
> >dangerous.content.scan.rules:
> >From:   127.0.0.1       no
> >FromOrTo:       default yes
> >
> >spam.check.rules
> >From:   127.0.0.1       no
> >FromOrTo:       default yes
> >
> >filename.rules
> >From:   127.0.0.1       /etc/MailScanner/filename.rules.allowall.conf
> >FromOrTo:       default /etc/MailScanner/filename.rules.conf
> >
> >filetype.rules:
> >From:   127.0.0.1       /etc/MailScanner/filetype.rules.allowall.conf
> >FromOrTo:       default /etc/MailScanner/filetype.rules.conf
> >
> >filename.rules.allowall.conf:
> >allow   .*      -       -
> >
> >filetype.rules.allowall.conf:
> >allow   .*      -       -
> >
> >Regards
> >Rabie
> >----snip----
> >
> >
> >-----Original Message-----
> >From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf
> >Of Ed Bruce
> >Sent: 26 May 2005 17:52 PM
> >To: MAILSCANNER at JISCMAIL.AC.UK
> >Subject: Re: Release a quarantined file (postfix)
> >
> >I tried this and the email was just quarantined again for the same
> reason.
> >So this doesn't release the email from quarantine. I'll try the save
> message
> >as a Queue Files option and see if the other option works to bypass
> >MailScanner.
> >
> >Martin Hepworth wrote:
> >
> >
> >
> >>Kenneth
> >>
> >>Assuming Postfix still pretends to be sendmail try
> >>
> >>sendmail -ti < message
> >>
> >>--
> >>Martin Hepworth
> >>Snr Systems Administrator
> >>Solid State Logic
> >>Tel: +44 (0)1865 842300
> >>
> >>
> >>Kenneth Kalmer wrote:
> >>
> >>
> >>
> Reprocessing of the mail happens if you release it from quarantine
> because the mail goes back to hold as it gets processed by cleanup
> (assuming tht ur using postfix) .  In postfix it usually follows a path
> something like this
> 
> Internet -> SMTPD -> cleanup --> HOLD Queue
> 
> When a mail is released from quarantine using the sendmail command it
> follows like this
> 
> Sendmail command invokation --> pickup --> cleanup --> HOLD Queue
> 
> So instead of writing so many rulesets to allow all the mails from the
> the local machine its easier if u put override options for pickup in
> your master.cf
> 
> pickup    fifo  n       -       n       60      1       pickup
>  -o receive_override_options=no_header_body_checks
> 
> This will cause all those mails queued due to pickup not to go on hold,
> so the mails wont un-necessarily go in for MailScanner processing. Also
> with this setup the notifications tht MailScanner generates will not go
> into HOLD queue as well and will save MailScanner from doing some
> un-necessary stuff.
> 
> --
> Regards,
> Rakesh B. Pal
> Netcore Solutions Pvt. Ltd.
> 

I think dropping quarantined messages directly in the outbound queue will
really release everything - even viruses.

While it's more cumbersome, the advantage of setting up rulesets to allow
skipping of certain checks for 127.0.0.1 is that you can always force virus
checks :)

Steve

Steve Swaney
President
Fortress Systems Ltd.
Phone: 202 338-1670
Cell: 202 352-3262
www.fsl.com
steve.swaney at fsl.com 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list