Duplicated messages
Peter Lemieux
mailscanner at replies.cyways.com
Tue Jul 28 16:49:52 UTC 2015
I solved a somewhat different but related problem today. A client has
stopped accepting .doc|.docx files; they are now quarantined with a notice
to the sender requesting a PDF instead. They asked me to make a list of the
quarantined documents. I used this:
cd /var/spool/MailScanner/quarantine
for f in 2015*; do echo $f; for g in $f/t*; do ls $g | grep \.doc; done; done
That iterated through the quarantine and listed all the documents matching
\.doc. I then replaced "
ls $g | grep \.doc
with
cp -f $g/*.doc* /var/spool/MailScanner/quarantine/docs
to copies the quarantined files in a directory /docs/ that I created. This
method does overwrite files with identical filenames, but I didn't need to
go to the trouble of dealing with that for this particular project.
I'm using sendmail, so the quarantined files are stored in subdirectories of
/var/spool/MailScanner/quarantine/2015xxxx/ using the message IDs to name
the subdirectories. That's where the "$f/t*" comes from. I don't know
where messages are quarantined if you use a different SMTP exchanger like
Postfix or Exim.
Peter
On 07/28/2015 11:43 AM, Mark Adams wrote:
> Any suggestions on how to most efficiently get the good ones out of the
> quarantine?
>
> Thanks
>
> On 28 July 2015 at 16:34, Mark Adams <mark at workshopit.co.uk
> <mailto:mark at workshopit.co.uk>> wrote:
>
> How do I try send them through again? At the moment they are just
> "message" in the quarantine, and if I try open them through the web
> interface it times out, I guess because its trying to open each one of
> the dupes?
>
> "Fatal error: Maximum execution time of 30 seconds exceeded in
> /var/www/html/mailscanner/functions.php on line 1022"
>
> On 28 July 2015 at 16:31, Jeremy McSpadden <jeremy at fluxlabs.net
> <mailto:jeremy at fluxlabs.net>> wrote:
>
> Yup. Turn on debug and watch it pass through. Last time I saw these
> it was a taint issue .. Which I am assuming has been fixed by now.
>
> --
> Jeremy McSpadden | Flux Labs
> Local - 850-250-5590x501 <tel:850-250-5590;501> | Mobile -
> 850-890-2543 <tel:850-890-2543>
> Fax - 850-254-2955 <tel:850-254-2955> | Toll Free - 877-699-FLUX
> <tel:877-699-FLUX>
> Web - http://www.fluxlabs.net <http://www.fluxlabs.net/>
>
>
> On Jul 28, 2015, at 10:20 AM, Mark Adams <mark at workshopit.co.uk
> <mailto:mark at workshopit.co.uk>> wrote:
>
>> Hi Jeremy,
>>
>> Are you saying that something in these messages is crashing
>> Mailscanner? Everything seems to be OK right now, but all 70 of
>> the emails (all different types and from different servers) are
>> now in the quarantine because of "Other Bad Content Detected" with
>> the report "MailScanner: Message attempted to kill MailScanner".
>> It seems it succeeded...
>>
>> On 28 July 2015 at 15:59, Jeremy McSpadden <jeremy at fluxlabs.net
>> <mailto:jeremy at fluxlabs.net>> wrote:
>>
>> It's probably looping/crashing mailscanner. Drop MS into debug
>> mode and watch logs.
>>
>> --
>> Jeremy McSpadden | Flux Labs
>> Local - 850-250-5590x501 <tel:850-250-5590;501> | Mobile -
>> 850-890-2543 <tel:850-890-2543>
>> Fax - 850-254-2955 <tel:850-254-2955> | Toll Free -
>> 877-699-FLUX <tel:877-699-FLUX>
>> Web - http://www.fluxlabs.net <http://www.fluxlabs.net/>
>>
>>
>> On Jul 28, 2015, at 9:54 AM, Mark Adams <mark at workshopit.co.uk
>> <mailto:mark at workshopit.co.uk>> wrote:
>>
>>> An update to this, the "2 or 4" duplicates showing in the
>>> exim log look like they are actually just separate deliveries
>>> to other addresses, so not duplicates. In 1 example there is
>>> a single email with 2 recipients (2 entries in exim log) that
>>> has over 1500+ entries in the mailcleaner DB. It looks like
>>> this email hasn't been delivered to the recipient at all either.
>>>
>>> On 28 July 2015 at 15:14, Mark Adams <mark at workshopit.co.uk
>>> <mailto:mark at workshopit.co.uk>> wrote:
>>>
>>> Hi All,
>>>
>>> If anyone could provide advice that would be great.
>>> Running Debian Wheezy Mailscanner 4.79.11-2.2
>>>
>>> Our incoming dir filled up just before the weekend so we
>>> didn't see the issue for a couple of days. Normally we
>>> would just shut down mailcleaner and delete the dir then
>>> start it up again and all would be ok. However on this
>>> occasion, the root partition also become full because of
>>> the mysql DB (it got to 14G in 2 days..).
>>>
>>> For some reason everything started duplicating. I can see
>>> lots of incoming messages in the exim logs with
>>> duplication (2 or 4 of what looks like the same email)
>>> but in the mailscanner database there is hundreds of each
>>> email listed (apparently there was over 9 million
>>> messages delivered on 1 day compared with the server
>>> average of about 1500!)
>>>
>>> It seems like some sort of loop, but afaik nothing
>>> specific was changed in the config apart from the fact
>>> incoming became full. Space has been cleared on the root
>>> partition and incoming, and everything appears to be
>>> running as normal right now.
>>>
>>> Any advice on debugging this would be much appreciated,
>>> also, how best should I clear out the DB of all the dupes?
>>>
>>> Thanks!
>>>
>>>
>>>
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> <mailto:mailscanner at lists.mailscanner.info>
>>> http://lists.mailscanner.info/listinfo/mailscanner
>>>
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> <mailto:mailscanner at lists.mailscanner.info>
>> http://lists.mailscanner.info/listinfo/mailscanner
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> <mailto:mailscanner at lists.mailscanner.info>
>> http://lists.mailscanner.info/listinfo/mailscanner
>>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/listinfo/mailscanner
>
>
>
>
> --
> Mark Adams
> *Workshop IT:*
>
> 5 Cowcross Street
> London EC1M 6DW
> 020 7183 0498
> www.workshopit.co.uk <http://www.workshopit.co.uk/>
> Registered in England and Wales: 8366747
>
>
>
>
More information about the MailScanner
mailing list