Releasing messages from quarantine
Julian Field
MailScanner at ecs.soton.ac.uk
Tue Nov 11 18:05:30 GMT 2008
On 11/11/08 17:33, Steve Freegard wrote:
> Julian Field wrote:
>> On 11/11/08 16:30, Steve Freegard wrote:
>>> Jason Ede wrote:
>>>>> Sure - in MailWatch conf.php set QUARANTINE_USE_SENDMAIL to 'true'
>>>>> and
>>>>> it will send the original message without modification.
>>>>>
>>>>
>>>> I've found that isn't always reliable (on mailwatch 1.0.4) if there
>>>> are attachments on the email. Mailwatch says that the email has
>>>> been released but nothing ever seems to reach the mail queue... I
>>>> think its some form of memory issue to do with PHP? If can get it
>>>> working reliably would be fantastic :-D
>>>>
>>>
>>> Actually the problem isn't with MailWatch - but the way MailScanner
>>> handles blocked attachment or file types.
>>>
>>> When MailScanner sends notices it uses the original Message-ID
>>> header and replaces the body with the notice.
>
>> Exactly what sort of notices are we talking about? I'm sure I can fix
>> this problem, I don't remember anyone mentioning to directly to me
>> before...
>
> I've been meaning to mention it...
>
> It's any notice that you create and keep the original Message-ID
> header when you might want to release the message from quarantine later.
>
> So I guess that could affect any of the following:
>
> Stored Size Message Report = %report-dir%/stored.size.message.txt
> Sender Size Report = %report-dir%/sender.size.report.txt
> Sender Spam Report = %report-dir%/sender.spam.report.txt
> Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt
> Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
> Recipient Spam Report = %report-dir%/recipient.spam.report.txt
> Recipient MCP Report = %report-dir%/recipient.mcp.report.txt
> Sender MCP Report = %report-dir%/sender.mcp.report.txt
Not quite.
When I remove the dangerous attachment from a message, I send the
message on with its original Message-ID: header, which I believe is what
I should be doing. Otherwise I'll break threads, among other things. Not
every recipient of an attachment in (for example) a mailing list thread
is interested in receiving that attachment, and having the thread broken
as a result.
When someone chooses to release a message from the MailWatch quarantine,
they don't change the Message-ID: to a new value before sending it. So
personally I reckon the ball is in your court. Sites without MailWatch
wouldn't want their Message-ID: threads breaking for every message that
happened to contain a dodgy attachment the recipient wasn't interested
in anyway. Surely it's MailWatch's job to create a new Message-ID: when
a message is re-posted with its attachments, now the user has chosen to
retrieve them?
I just see this as a problem for the implementers of quarantine release
mechanisms, not for me.
What do you think?
What does anyone else on the list think?
Cheers,
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list