Releasing from quarantine - postfix

Sun Jun 3 11:35:38 IST 2007

On 02/06/07, Simon Pollitt <simon.pollitt at maptek.com.au> wrote:
> (Tried to send this last week but it didn't get through?)
>
> I have a newly installed single instance (HOLD method) postfix +
> Mailscanner install, slightly complicated by running "inside" Bynari
> Insight.
>
> All is going well as far as scanning, blocking and mailing - until
> I've tried to release a message from quarantine.
>
> I've followed the instructions at:
> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:release_quarantined_mail

Question 1) Do you quarantine the queue file or the decoded message?
Seems like the queue file, from your scriptlet. There are some gotchas
you need consider in your script, and some whitelisting/"avoidance of
rescan" you need do... Did you do that?

> with the directory modifications for Insight:

I'm not too familiar with that one... Do you have an informative link
for a lazy bum like me?:-)

> *****
> #!/bin/sh
>
> if [ -z "$1" ]; then
>          echo "Syntax: $0 <Message-ID> i.e. 5B604228086.932F0 (case sensitive)"
>          exit
> fi
>
> #change in the quarantine folder
> folder=`find /var/spool/MailScanner/quarantine/ -name $1 `
> cd $folder

This cd only works for virus/dangerous content quarantine items. The
spam/non-spam quarantine just has the queue file, no directory to cd
into (it will be in .../MailScanner/quarantine/<date>/spam). Of cours,
if you don't have "store" in Spam Actions/high Scoring Spam
Actions/Non Spam Actions ... then it doesn't matter.

> #set the mailfile executable
> mailname=`echo $1 | cut -d . -f1`
> chmod u+x $mailname
>
> #lets get the first character
> char=`echo $1 | cut -b 1-1`
>
> #copy the mail
> cp -a $mailname /opt/insight/var/spool/postfix/incoming/
>
> echo Mail $mailname released
> *****
>
> The problem is that, while this script runs just fine and pushes the
> message into the "incoming" directory, it then goes through the
> Mailscanner scanning process again - which it of course fails...

You either need whitelist 127.0.0.1, or make sure you copy it into a
queue that will not use the HOLD thing... Perhaps a second instance of
Postfix or something similar...:-).

> My postfix config uses:
> MTA = postfix
> Incoming Queue Dir = /opt/insight/var/spool/postfix/hold
> Outgoing Queue Dir = /opt/insight/var/spool/postfix/incoming
>
> and header_checks contains:
> /^Received:/ HOLD
>
> I believe that all of the settings are correct because viruses and
> especially spam are being detected like crazy.  I am occasionally
> getting duplicate messages delivered and also (even more occasionally)
> getting messages without bodies being delivered - this does make me
> suspicious that something is not configured cleanly here.
>
> Any suggestions as to where I might look to re-spool messages from
> quarantine and also how concerned about the duplicates I should be?  I
> would be most thankful for any assistance,
>
> Simon
>
>
The duplicates/mangled messages are a problem you should focus on....
Seems you have more than one consumer of your hold directory, which is
_really_ bad.

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se