Releasing messages from quarantine
MailScanner at ecs.soton.ac.uk
Tue Nov 11 18:05:30 GMT 2008
On 11/11/08 17:33, Steve Freegard wrote:
> Julian Field wrote:
>> On 11/11/08 16:30, Steve Freegard wrote:
>>> Jason Ede wrote:
>>>>> Sure - in MailWatch conf.php set QUARANTINE_USE_SENDMAIL to 'true'
>>>>> it will send the original message without modification.
>>>> I've found that isn't always reliable (on mailwatch 1.0.4) if there
>>>> are attachments on the email. Mailwatch says that the email has
>>>> been released but nothing ever seems to reach the mail queue... I
>>>> think its some form of memory issue to do with PHP? If can get it
>>>> working reliably would be fantastic :-D
>>> Actually the problem isn't with MailWatch - but the way MailScanner
>>> handles blocked attachment or file types.
>>> When MailScanner sends notices it uses the original Message-ID
>>> header and replaces the body with the notice.
>> Exactly what sort of notices are we talking about? I'm sure I can fix
>> this problem, I don't remember anyone mentioning to directly to me
> I've been meaning to mention it...
> It's any notice that you create and keep the original Message-ID
> header when you might want to release the message from quarantine later.
> So I guess that could affect any of the following:
> Stored Size Message Report = %report-dir%/stored.size.message.txt
> Sender Size Report = %report-dir%/sender.size.report.txt
> Sender Spam Report = %report-dir%/sender.spam.report.txt
> Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt
> Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
> Recipient Spam Report = %report-dir%/recipient.spam.report.txt
> Recipient MCP Report = %report-dir%/recipient.mcp.report.txt
> Sender MCP Report = %report-dir%/sender.mcp.report.txt
When I remove the dangerous attachment from a message, I send the
message on with its original Message-ID: header, which I believe is what
I should be doing. Otherwise I'll break threads, among other things. Not
every recipient of an attachment in (for example) a mailing list thread
is interested in receiving that attachment, and having the thread broken
as a result.
When someone chooses to release a message from the MailWatch quarantine,
they don't change the Message-ID: to a new value before sending it. So
personally I reckon the ball is in your court. Sites without MailWatch
wouldn't want their Message-ID: threads breaking for every message that
happened to contain a dodgy attachment the recipient wasn't interested
in anyway. Surely it's MailWatch's job to create a new Message-ID: when
a message is re-posted with its attachments, now the user has chosen to
I just see this as a problem for the implementers of quarantine release
mechanisms, not for me.
What do you think?
What does anyone else on the list think?
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner