quarantine error

Ismail Ozatay ismailozatay at gmail.com
Tue Jun 18 06:02:58 IST 2013


Hi Martin,

Yes it is writable by postfix and apache.

Thanks.


On 17 June 2013 20:47, Martin Hepworth <maxsec at gmail.com> wrote:

> Is the quarantine dir writable by the postfix user at all?
>
>
> On Monday, 17 June 2013, Ismail Ozatay wrote:
>
>> Hi everyone,
>>
>> I have installed MailScanner version 4.84.6-1 on Centos 6.4 x64 box with
>> Clam-0.96.5-SA-3.3.1 package and configured them with postfix. Everything
>> is working except quarantine. When i blacklist someone, it holds the mail
>> but does not put into quarantine folder. If it is not blacklisted,
>> mailscanner sends it to the exchange without any problem. How can i handle
>> this problem? Here you may see an example;
>>
>> [root at avgw postfix]# cat /etc/postfix/header_checks
>> /^Received:/ HOLD
>>
>> MailScanner.conf
>> ----------------
>> MTA = postfix
>> Quarantine Dir = /var/spool/MailScanner/quarantine
>> Incoming Queue Dir = /var/spool/postfix/hold
>> Run As User = postfix
>> Run As Group = postfix
>> Outgoing Queue Dir = /var/spool/postfix/incoming
>> Quarantine Whole Message = yes
>>  Quarantine Whole Messages As Queue Files = no
>>
>> Now i am trying to send an email from blacklisted sender to the receiver;
>>
>> Jun 17 18:18:03 avgw postfix/cleanup[6166]: D41361DF1E4: hold: header
>> Received: from mail.xxx.com (mail.xxx.com [81.213.x.x])??by avgw.yyy.com(Postfix) with SMTP id D41361DF1E4??for <
>> ysimsek at yyy.com>; Mon, 17 Jun 2013 18:17:44 +0300 (EEST) from
>> mail.xxx.com[81.213.x.x]; from=<ismail at xxx.com> to=<ysimsek at yyy.com>
>> proto=SMTP helo=<mail.xxx.com>
>> Jun 17 18:18:03 avgw postfix/cleanup[6166]: D41361DF1E4: message-id=<>
>> Jun 17 18:18:04 avgw MailScanner[6085]: New Batch: Scanning 1 messages,
>> 892 bytes
>> Jun 17 18:18:04 avgw MailScanner[6085]: Virus and Content Scanning:
>> Starting
>> Jun 17 18:18:04 avgw MailScanner[6085]: Virus Scanning completed at 21519
>> bytes per second
>> Jun 17 18:18:04 avgw MailScanner[6085]: Spam Checks: Starting
>> Jun 17 18:18:04 avgw MailScanner[6085]: Message D41361DF1E4.A7BA5 from
>> 81.213.x.x (ismail at xxx.com) to yyy.com is spam (blacklisted)
>> Jun 17 18:18:04 avgw MailScanner[6085]: Spam Checks: Found 1 spam messages
>> Jun 17 18:18:04 avgw MailScanner[6085]: Non-delivery of spam: message
>> D41361DF1E4.A7BA5 from ismail at xxx.com to xxx at yyy.com with subject
>> Jun 17 18:18:04 avgw MailScanner[6085]: Spam Actions: message
>> D41361DF1E4.A7BA5 actions are store
>> Jun 17 18:18:04 avgw MailScanner[6170]: MailScanner E-Mail Virus Scanner
>> version 4.84.6 starting...
>> Jun 17 18:18:04 avgw MailScanner[6170]: Reading configuration file
>> /etc/MailScanner/MailScanner.conf
>> Jun 17 18:18:04 avgw MailScanner[6170]: Reading configuration file
>> /etc/MailScanner/conf.d/README
>> Jun 17 18:18:04 avgw MailScanner[6170]: Read 872 hostnames from the
>> phishing whitelist
>> Jun 17 18:18:04 avgw MailScanner[6170]: Read 3966 hostnames from the
>> phishing blacklists
>> Jun 17 18:18:04 avgw MailScanner[6170]: Config: calling custom init
>> function MailWatchLogging
>> Jun 17 18:18:04 avgw MailScanner[6170]: Started SQL Logging child
>> Jun 17 18:18:04 avgw MailScanner[6170]: Enabling SpamAssassin
>> auto-whitelist functionality...
>> Jun 17 18:18:05 avgw MailScanner[6170]: Connected to Processing Attempts
>> Database
>> Jun 17 18:18:05 avgw MailScanner[6170]: Found 5 messages in the
>> Processing Attempts Database
>> Jun 17 18:18:05 avgw MailScanner[6170]: Using locktype = flock
>>
>> [root at avgw postfix]# ll /var/spool/postfix/hold/
>> total 4
>> -rwx------ 1 postfix postfix 892 Jun 17 18:18 D41361DF1E4
>>
>> As you can see, the holded mail waits there. These are the permissions;
>>
>> [root at avgw postfix]# ll /var/spool/postfix
>> total 56
>> drwx------.  2 postfix root     4096 Jun 17 18:17 active
>> drwx------.  2 postfix root     4096 Jun 16 03:05 bounce
>> drwx------.  2 postfix root     4096 Dec  3  2011 corrupt
>> drwx------. 15 postfix root     4096 Jun 17 11:01 defer
>> drwx------. 15 postfix root     4096 Jun 17 11:01 deferred
>> drwx------.  2 postfix root     4096 Dec  3  2011 flush
>> drwxrwsr-x.  2 postfix postfix  4096 Jun 17 18:18 hold
>> drwxrwsr-x.  2 postfix postfix  4096 Jun 17 18:18 incoming
>> drwx-wx---.  2 postfix postdrop 4096 Jun 17 18:01 maildrop
>> drwxr-xr-x.  2 root    root     4096 Jun 16 03:37 pid
>> drwx------.  2 postfix root     4096 Jun 17 18:15 private
>> drwx--x---.  2 postfix postdrop 4096 Jun 17 18:15 public
>> drwx------.  2 postfix root     4096 Dec  3  2011 saved
>> drwx------.  2 postfix root     4096 Dec  3  2011 trace
>>
>> [root at avgw postfix]# ll /var/spool/MailScanner/
>> total 4
>> drwxrwxrwt 9 postfix root    200 Jun 17 18:25 incoming
>> drwxrwx--- 5 postfix apache 4096 Jun 17 16:43 quarantine
>>
>> [root at avgw ~]# MailScanner -V
>> Running on
>> Linux avgw.eser.com 2.6.32-358.11.1.el6.x86_64 #1 SMP Wed Jun 12
>> 03:34:52 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
>> This is CentOS release 6.4 (Final)
>> This is Perl version 5.010001 (5.10.1)
>>
>> This is MailScanner version 4.84.6
>> Module versions are:
>> 1.00    AnyDBM_File
>> 1.30    Archive::Zip
>> 0.23    bignum
>> 1.11    Carp
>> 2.02    Compress::Zlib
>> 1.119   Convert::BinHex
>> 0.17    Convert::TNEF
>> 2.124   Data::Dumper
>> 2.27    Date::Parse
>> 1.03    DirHandle
>> 1.06    Fcntl
>> 2.77    File::Basename
>> 2.14    File::Copy
>> 2.02    FileHandle
>> 2.08    File::Path
>> 0.22    File::Temp
>> 0.92    Filesys::Df
>> 3.64    HTML::Entities
>> 3.64    HTML::Parser
>> 3.57    HTML::TokeParser
>> 1.25    IO
>> 1.14    IO::File
>> 1.13    IO::Pipe
>> 2.04    Mail::Header
>> 1.89    Math::BigInt
>> 0.22    Math::BigRat
>> 3.08    MIME::Base64
>> 5.427   MIME::Decoder
>> 5.427   MIME::Decoder::UU
>> 5.427   MIME::Head
>> 5.427   MIME::Parser
>> 3.08    MIME::QuotedPrint
>> 5.427   MIME::Tools
>> 0.14    Net::CIDR
>> 1.25    Net::IP
>> 0.19    OLE::Storage_Lite
>> 1.04    Pod::Escapes
>> 3.13    Pod::Simple
>> 1.17    POSIX
>> 1.21    Scalar::Util
>> 1.82    Socket
>> 2.20    Storable
>> 1.4     Sys::Hostname::Long
>> 0.27    Sys::Syslog
>> 1.40    Test::Pod
>> 0.92    Test::Simple
>> 1.9721  Time::HiRes
>> 1.02    Time::localtime
>>
>> Optional module versions are:
>> 1.29    Archive::Tar
>> 0.23    bignum
>> 1.82    Business::ISBN
>> 1.10    Business::ISBN::Data
>> 1.08    Data::Dump
>> 1.82    DB_File
>> 1.27    DBD::SQLite
>> 1.609   DBI
>> 1.16    Digest
>> 1.01    Digest::HMAC
>> 2.39    Digest::MD5
>> 2.12    Digest::SHA1
>> missing Encode::Detect
>> 0.17015 Error
>> 0.18    ExtUtils::CBuilder
>> 2.2203  ExtUtils::ParseXS
>> 2.38    Getopt::Long
>> 0.44    Inline
>> 1.08    IO::String
>> 1.04    IO::Zlib
>> 2.21    IP::Country
>> 0.29    Mail::ClamAV
>> 3.003001        Mail::SpamAssassin
>> missing Mail::SPF
>> missing Mail::SPF::Query
>> missing Module::Build
>> 0.20    Net::CIDR::Lite
>> 0.65    Net::DNS
>> missing Net::DNS::Resolver::Programmable
>> missing Net::LDAP
>>  4.004  NetAddr::IP
>> 1.94    Parse::RecDescent
>> missing SAVI
>> 3.17    Test::Harness
>> 0.95    Test::Manifest
>> 2.0.0   Text::Balanced
>> 1.40    URI
>> 0.77    version
>> 0.62    YAML
>>
>>
>
> --
> --
> Martin Hepworth, CISSP
> Oxford, UK
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130618/f8245322/attachment.html 


More information about the MailScanner mailing list