quarantine release might lose mail?

Steve Freegard steve.freegard at fsl.com
Thu Dec 17 15:04:59 GMT 2009 

On 17/12/09 14:45, Frank Cusack wrote:
> On December 17, 2009 12:28:10 PM +0000 Steve Freegard
> <steve.freegard at fsl.com> wrote:
>> On 17/12/09 12:05, Glenn Steen wrote:
>>> 2009/12/17 Frank Cusack<fcusack at fcusack.com>:
>> << snipped entire discussion >>
>>
>> Why anyone still quarantines stuff using the queue file format is
>> completely beyond me.
>>
>> Every MTA supported by MailScanner implements sendmail binary argument
>> compatibility so just store your quarantine files in rfc822 format and
>> then release them like so:
>>
>> sendmail user at domain.com -i < /path/to/quarantine/date/id/message
>>
>> All that is needed for this to work is to exclude 127.0.0.1 from scanning
>> via a rulesets on the relevant configuration items ('Scan Messages' being
>> the easiest; but least safe).
>
> See my earlier email about how "Read IP Address from Received Header"
> works.
> That was never really answered fully but my takeaway from it is that MS
> cannot determine where mail comes from if there are a variable number of
> hops from your mx gateway to the MS host. Meaning, if your MX host is a
> hop away, and therefore you need to set "Read IP Address from Received
> Header" to 2, then you can never whitelist 127.0.0.1 because that first
> Received header will not be parsed by MS.
>
> Perhaps that's wrong but again that's just what I was able piece together
> from what answers I did get to that thread.

Huh?  Don't see what this has to do with anything if you use MailScanner 
properly.

It's a *gateway* and should be running as the inbound MX for your domain 
and 'Read IP Address from Received Header' should be left well alone. 
MailScanner will read the client IP address from the queue file.

That how all of us use it....

I'm going to guess that you're trying to use a single MailScanner 
systems for inbound and outbound scanning and that you want to apply 
rules to your MUA clients separately using the IP address supplied in 
the Received headers by your mail server which is using the MailScanner 
gateway as a smart host.... if so - run a separate outbound gateway and 
configure 'Read IP Address from Received Header' accordingly.

If you need anything more complex - then write a CustomFunction on 'Read 
IP Address from Received Header' and parse the received headers yourself 
and return the correct number back using that.

Using a custom function - you could achieve that on a single box; but 
mixing outbound and inbound on anything but a small system is asking for 
trouble.  Outbound mail typically requires a totally handling to inbound 
and you don't want either inbound or outbound mail to affect the service 
to each other.

Regards,
Steve.

More information about the MailScanner mailing list