"Problem Messages" - what's happening?
MailScanner at ecs.soton.ac.uk
Mon May 11 18:26:47 IST 2009
I have just published 4.77.2 which will solve this problem. It does more
On 11/05/2009 10:28, Julian Field wrote:
> On 11/05/2009 09:44, David Lee wrote:
>> On Sun, 10 May 2009, Mark Sapiro wrote:
>>> On Sun, May 10, 2009 at 10:44:01AM +0100, Paul Hutchings wrote:
>>>> Hmm OK seeing a few of the below in my Postmaster inbox.
>>>> Doing a grep of the logs shows this:
>>>> May 9 17:03:19 relay postfix/cleanup: 8BE611FCC8:
>>>> message-id=<06A07D7DB16C417C8990A7FACEE37518 at Desktop>
>>>> May 9 17:09:19 relay MailScanner: Making attempt 2 at
>>>> message 8BE611FCC8.A5E8C
>>>> May 9 17:09:19 relay MailScanner: Expanding TNEF archive at
>>>> May 9 17:27:30 relay MailScanner: Warning: skipping message
>>>> 8BE611FCC8.A5E8C as it has been attempted too many times
>>>> May 9 17:27:30 relay MailScanner: Quarantined message
>>>> 8BE611FCC8.A5E8C as it caused MailScanner to crash several times
>>>> May 9 17:27:30 relay MailScanner: Saved entire message to
>>> I suspect the problem is the TNEF decoder is timing out trying to
>>> decode the TNEF (winmail.dat) part of the message. The part is likely
>>> You could verify this by retrieving the message from the quarantine,
>>> saving the winmail.dat attachment and then trying to expand it with
>>> /usr/bin/tnef which is the default decoder.
>> To confirm the problem and possible workaround: I, too, have just
>> started seeing a tiny number of such instances. It recurred even of
>> quiet machines. But I don't think it is the timeout (at least, nor
>> In my "MailScanner.conf" we have historically had:
>> TNEF Expander = internal
>> Quick fix: When I switched this to use the "/usr/bin/tnef" version,
>> the emails (rescued from quarantine and replaced into the MS inbound
>> queue) seemed to go through OK. I got the correct setting from a
>> ".rpmnew" file which seems to be:
>> TNEF Expander = /usr/bin/tnef --maxsize=100000000
>> A little deeper: When I ran them through MS in debug mode (with TNEF
>> setting "internal") I got:
>> In Debugging mode, not forking...
>> Trying to setlogsock(unix)
>> Building a message batch to scan...
>> Have a batch of 2 messages.
>> Can't call method "path" on an undefined value at
>> /usr/lib/MailScanner/MailScanner/TNEF.pm line 178.
>> Not the "Can't call ..." line.
>> The MS run took less than four seconds. I had initially suspected
>> TNEF timeout, but it seems to be something different, related to the
>> "internal" setting of "TNEF Expander".
>> That 'Can't call method "path"...' doesn't appear in the "maillog"
>> file (which, in retrospect, is a pity, because that would have been a
>> more obvious clue to follow).
>> Anyway: summary:
>> 1. Problem seems to coincide with "TNEF Expander = internal". For
>> end-users, using "/usr/bin/tnef ..." seems to be a workaround for the
>> 2. For those who sometimes look a little deeper in the "why", MS in
>> '-debug' mode seems to indicate a perl coding error which doesn't get
>> shown in the 'maillog' file.
>> Hope that helps.
> Please can you send me a copy of the message that triggered the fault?
> Zip up the raw queue file and mail it to me at
> mailscanner at ecs.soton.ac.uk please.
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
Follow me at twitter.com/JulesFM
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner