quarantine error

Martin Hepworth maxsec at gmail.com
Mon Jun 17 18:47:20 IST 2013


Is the quarantine dir writable by the postfix user at all?

On Monday, 17 June 2013, Ismail Ozatay wrote:

> Hi everyone,
>
> I have installed MailScanner version 4.84.6-1 on Centos 6.4 x64 box with
> Clam-0.96.5-SA-3.3.1 package and configured them with postfix. Everything
> is working except quarantine. When i blacklist someone, it holds the mail
> but does not put into quarantine folder. If it is not blacklisted,
> mailscanner sends it to the exchange without any problem. How can i handle
> this problem? Here you may see an example;
>
> [root at avgw postfix]# cat /etc/postfix/header_checks
> /^Received:/ HOLD
>
> MailScanner.conf
> ----------------
> MTA = postfix
> Quarantine Dir = /var/spool/MailScanner/quarantine
> Incoming Queue Dir = /var/spool/postfix/hold
> Run As User = postfix
> Run As Group = postfix
> Outgoing Queue Dir = /var/spool/postfix/incoming
> Quarantine Whole Message = yes
> Quarantine Whole Messages As Queue Files = no
>
> Now i am trying to send an email from blacklisted sender to the receiver;
>
> Jun 17 18:18:03 avgw postfix/cleanup[6166]: D41361DF1E4: hold: header
> Received: from mail.xxx.com (mail.xxx.com [81.213.x.x])??by avgw.yyy.com(Postfix) with SMTP id D41361DF1E4??for <
> ysimsek at yyy.com <javascript:_e({}, 'cvml', 'ysimsek at yyy.com');>>; Mon, 17
> Jun 2013 18:17:44 +0300 (EEST) from mail.xxx.com[81.213.x.x]; from=<
> ismail at xxx.com <javascript:_e({}, 'cvml', 'ismail at xxx.com');>> to=<
> ysimsek at yyy.com <javascript:_e({}, 'cvml', 'ysimsek at yyy.com');>>
> proto=SMTP helo=<mail.xxx.com>
> Jun 17 18:18:03 avgw postfix/cleanup[6166]: D41361DF1E4: message-id=<>
> Jun 17 18:18:04 avgw MailScanner[6085]: New Batch: Scanning 1 messages,
> 892 bytes
> Jun 17 18:18:04 avgw MailScanner[6085]: Virus and Content Scanning:
> Starting
> Jun 17 18:18:04 avgw MailScanner[6085]: Virus Scanning completed at 21519
> bytes per second
> Jun 17 18:18:04 avgw MailScanner[6085]: Spam Checks: Starting
> Jun 17 18:18:04 avgw MailScanner[6085]: Message D41361DF1E4.A7BA5 from
> 81.213.x.x (ismail at xxx.com <javascript:_e({}, 'cvml', 'ismail at xxx.com');>)
> to yyy.com is spam (blacklisted)
> Jun 17 18:18:04 avgw MailScanner[6085]: Spam Checks: Found 1 spam messages
> Jun 17 18:18:04 avgw MailScanner[6085]: Non-delivery of spam: message
> D41361DF1E4.A7BA5 from ismail at xxx.com <javascript:_e({}, 'cvml',
> 'ismail at xxx.com');> to xxx at yyy.com <javascript:_e({}, 'cvml',
> 'xxx at yyy.com');> with subject
> Jun 17 18:18:04 avgw MailScanner[6085]: Spam Actions: message
> D41361DF1E4.A7BA5 actions are store
> Jun 17 18:18:04 avgw MailScanner[6170]: MailScanner E-Mail Virus Scanner
> version 4.84.6 starting...
> Jun 17 18:18:04 avgw MailScanner[6170]: Reading configuration file
> /etc/MailScanner/MailScanner.conf
> Jun 17 18:18:04 avgw MailScanner[6170]: Reading configuration file
> /etc/MailScanner/conf.d/README
> Jun 17 18:18:04 avgw MailScanner[6170]: Read 872 hostnames from the
> phishing whitelist
> Jun 17 18:18:04 avgw MailScanner[6170]: Read 3966 hostnames from the
> phishing blacklists
> Jun 17 18:18:04 avgw MailScanner[6170]: Config: calling custom init
> function MailWatchLogging
> Jun 17 18:18:04 avgw MailScanner[6170]: Started SQL Logging child
> Jun 17 18:18:04 avgw MailScanner[6170]: Enabling SpamAssassin
> auto-whitelist functionality...
> Jun 17 18:18:05 avgw MailScanner[6170]: Connected to Processing Attempts
> Database
> Jun 17 18:18:05 avgw MailScanner[6170]: Found 5 messages in the Processing
> Attempts Database
> Jun 17 18:18:05 avgw MailScanner[6170]: Using locktype = flock
>
> [root at avgw postfix]# ll /var/spool/postfix/hold/
> total 4
> -rwx------ 1 postfix postfix 892 Jun 17 18:18 D41361DF1E4
>
> As you can see, the holded mail waits there. These are the permissions;
>
> [root at avgw postfix]# ll /var/spool/postfix
> total 56
> drwx------.  2 postfix root     4096 Jun 17 18:17 active
> drwx------.  2 postfix root     4096 Jun 16 03:05 bounce
> drwx------.  2 postfix root     4096 Dec  3  2011 corrupt
> drwx------. 15 postfix root     4096 Jun 17 11:01 defer
> drwx------. 15 postfix root     4096 Jun 17 11:01 deferred
> drwx------.  2 postfix root     4096 Dec  3  2011 flush
> drwxrwsr-x.  2 postfix postfix  4096 Jun 17 18:18 hold
> drwxrwsr-x.  2 postfix postfix  4096 Jun 17 18:18 incoming
> drwx-wx---.  2 postfix postdrop 4096 Jun 17 18:01 maildrop
> drwxr-xr-x.  2 root    root     4096 Jun 16 03:37 pid
> drwx------.  2 postfix root     4096 Jun 17 18:15 private
> drwx--x---.  2 postfix postdrop 4096 Jun 17 18:15 public
> drwx------.  2 postfix root     4096 Dec  3  2011 saved
> drwx------.  2 postfix root     4096 Dec  3  2011 trace
>
> [root at avgw postfix]# ll /var/spool/MailScanner/
> total 4
> drwxrwxrwt 9 postfix root    200 Jun 17 18:25 incoming
> drwxrwx--- 5 postfix apache 4096 Jun 17 16:43 quarantine
>
> [root at avgw ~]# MailScanner -V
> Running on
> Linux avgw.eser.com 2.6.32-358.11.1.el6.x86_64 #1 SMP Wed Jun 12 03:34:52
> UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
> This is CentOS release 6.4 (Final)
> This is Perl version 5.010001 (5.10.1)
>
> This is MailScanner version 4.84.6
> Module versions are:
> 1.00    AnyDBM_File
> 1.30    Archive::Zip
> 0.23    bignum
> 1.11    Carp
> 2.02    Compress::Zlib
> 1.119   Convert::BinHex
> 0.17    Convert::TNEF
> 2.124   Data::Dumper
> 2.27    Date::Parse
> 1.03    DirHandle
> 1.06    Fcntl
> 2.77    File::Basename
> 2.14    File::Copy
> 2.02    FileHandle
> 2.08    File::Path
> 0.22    File::Temp
> 0.92    Filesys::Df
> 3.64    HTML::Entities
> 3.64    HTML::Parser
> 3.57    HTML::TokeParser
> 1.25    IO
> 1.14    IO::File
> 1.13    IO::Pipe
> 2.04    Mail::Header
> 1.89    Math::BigInt
> 0.22    Math::BigRat
> 3.08    MIME::Base64
> 5.427   MIME::Decoder
> 5.427   MIME::Decoder::UU
> 5.427   MIME::Head
> 5.427   MIME::Parser
> 3.08    MIME::QuotedPrint
> 5.427   MIME::Tools
> 0.14    Net::CIDR
> 1.25    Net::IP
> 0.19    OLE::Storage_Lite
> 1.04    Pod::Escapes
> 3.13    Pod::Simple
> 1.17    POSIX
> 1.21    Scalar::Util
> 1.82    Socket
> 2.20    Storable
> 1.4     Sys::Hostname::Long
> 0.27    Sys::Syslog
> 1.40    Test::Pod
> 0.92    Test::Simple
> 1.9721  Time::HiRes
> 1.02    Time::localtime
>
> Optional module versions are:
> 1.29    Archive::Tar
> 0.23    bignum
> 1.82    Business::ISBN
> 1.10    Business::ISBN::Data
> 1.08    Data::Dump
> 1.82    DB_File
> 1.27    DBD::SQLite
> 1.609   DBI
> 1.16    Digest
> 1.01    Digest::HMAC
> 2.39    Digest::MD5
> 2.12    Digest::SHA1
> missing Encode::Detect
> 0.17015 Error
> 0.18    ExtUtils::CBuilder
> 2.2203  ExtUtils::ParseXS
> 2.38    Getopt::Long
> 0.44    Inline
> 1.08    IO::String
> 1.04    IO::Zlib
> 2.21    IP::Country
> 0.29    Mail::ClamAV
> 3.003001        Mail::SpamAssassin
> missing Mail::SPF
> missing Mail::SPF::Query
> missing Module::Build
> 0.20    Net::CIDR::Lite
> 0.65    Net::DNS
> missing Net::DNS::Resolver::Programmable
> missing Net::LDAP
>  4.004  NetAddr::IP
> 1.94    Parse::RecDescent
> missing SAVI
> 3.17    Test::Harness
> 0.95    Test::Manifest
> 2.0.0   Text::Balanced
> 1.40    URI
> 0.77    version
> 0.62    YAML
>
>

-- 
-- 
Martin Hepworth, CISSP
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130617/9eab0e5e/attachment.html 


More information about the MailScanner mailing list