quarantine release might lose mail?

Frank Cusack fcusack at fcusack.com
Tue Dec 15 15:52:46 GMT 2009

On December 15, 2009 11:08:50 AM +0100 Glenn Steen <glenn.steen at gmail.com> 
> Highly theoretical risk, Highly unlikely to be a problem. What is your
> rate of release?;-)

I can see why the postfix guys aren't happy with mailscanner.  It's not
theoretical at all, the method documented to release from quarantine
can absolutely corrupt or lose mail.  (If, as you seem to agree, there
can be a collision in queue file names.)  Unlikely, for sure but most
of the problems we face are edge conditions.

I wouldn't know how to characterize the rate of inode reuse so I wouldn't
be able to estimate how unlikely.

>> I would think that you need to install the queue file using mktemp,
>> then change the filename and lastly change the file mode.
> Perhaps, to be truly kosher, but in reality... this is not a big problem.
> And if you elect to use MailWatch, which demand that the you
> quarantine the RFC822 encoded message file (iow not the queue file),
> the problem goes away entirely...

I don't use MW however thanks for the pointer.

Like the problem where mailscanner would certify messages as clean if
the virus scanner was not available, I cannot agree with the philosophy
here.  I don't like my infrastructure to work 99% of the time.

Especially not, as in this case, where the fix is trivial and especially
not when the problem and solution is known.  I will post my qrelease
program later today.


More information about the MailScanner mailing list