postfix and mailscanner

Mark Sapiro mark at msapiro.net
Wed Dec 13 23:36:38 UTC 2017


On 12/13/2017 02:58 PM, Antony Stone wrote:
> 
> That's how it works with sendmail and Exim, too, so why do the postfix people 
> say that this "will result in corruption or loss of mail"?
> 
> Has this been verified?


I have never seen lost mail. If you look at mail logs you will see that
mail arrives and Postfix puts it in 'hold'. Then MailScanner picks it up
and processes it and may decide to do things other than send it, but if
MailScanner wants to send it , it logs a 'requeue' to 'incoming' and
then Postfix picks it up and sends it.

This is a typical sequence where MailScanner doesn't forward the message
(maybe just quarantines it) Some domains elided to get past outgoing
MailScanner.

> Dec 10 06:51:23 sbh16 postfix/cleanup[1564]: AB06E11E00AA: hold: header Received: from xxx (unknown [195.110.8.16])??by sbh16.songbird.com (Postfix) with ESMTP id AB06E11E00AA??for <gpc-talk-bounces at grizz.org>; Sun, 10 Dec 2017 06:51:23 -0800 (PST) from unknown[195.110.8.16]; from=<24627-23098-114862-4267-gpc+2Dtalk+2Dbounces=grizz.org at xxx> to=<gpc-talk-bounces at grizz.org> proto=ESMTP helo=<xxx>
> Dec 10 06:51:23 sbh16 postfix/cleanup[1564]: AB06E11E00AA: message-id=<xkzo9tw76j4sneie-vb39shkcs08ecdeb-5a3a-1c0ae at xxx>
> Dec 10 06:51:24 sbh16 postfix/smtpd[1560]: disconnect from unknown[195.110.8.16] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
> Dec 10 06:51:24 sbh16 MailScanner[32550]: New Batch: Scanning 1 messages, 9709 bytes
> Dec 10 06:51:24 sbh16 MailScanner[32550]: Virus and Content Scanning: Starting
> Dec 10 06:51:24 sbh16 MailScanner[32550]: Expired 3 records from the SpamAssassin cache
> Dec 10 06:51:25 sbh16 MailScanner[32550]: Spam Checks: Found 1 spam messages
> Dec 10 06:51:25 sbh16 MailScanner[32550]: Deleted 1 messages from processing-database

and here's a sequence where MailScanner has disarmed a web bug but
delivered the message.

> Dec 10 07:23:11 sbh16 postfix/cleanup[2738]: 25E7011E00AA: hold: header Received: from mail68.sea31.mcsv.net (mail68.sea31.mcsv.net [148.105.11.68])??by sbh16.songbird.com (Postfix) with ESMTP id 25E7011E00AA??for <mark at msapiro.net>; Sun, 10 Dec 2017 07:23:11 -0800 (PST) from mail68.sea31.mcsv.net[148.105.11.68]; from=<bounce-mc.us3_26220743.447333-mark=msapiro.net at mail68.sea31.mcsv.net> to=<mark at msapiro.net> proto=ESMTP helo=<mail68.sea31.mcsv.net>
> Dec 10 07:23:11 sbh16 postfix/cleanup[2738]: 25E7011E00AA: message-id=<db088e2fe4b36d883bb5c738c.3ab7989af6.20171210150720.6e1689ce64.6688e039 at mail68.sea31.mcsv.net>
> Dec 10 07:23:11 sbh16 opendkim[1920]: 25E7011E00AA: signature=r+iJbEQD domain=mail68.sea31.mcsv.net selector=k1 result="no signature error"
> Dec 10 07:23:11 sbh16 opendkim[1920]: 25E7011E00AA: DKIM verification successful
> Dec 10 07:23:11 sbh16 opendkim[1920]: 25E7011E00AA: s=k1 d=mail68.sea31.mcsv.net SSL
> Dec 10 07:23:11 sbh16 postfix/smtpd[2735]: disconnect from mail68.sea31.mcsv.net[148.105.11.68] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
> Dec 10 07:23:16 sbh16 MailScanner[2322]: New Batch: Scanning 1 messages, 113205 bytes
> Dec 10 07:23:16 sbh16 MailScanner[2322]: Virus and Content Scanning: Starting
> Dec 10 07:23:18 sbh16 MailScanner[2322]: Content Checks: Detected and have disarmed web bug tags in HTML message in 25E7011E00AA.AE29E from bounce-mc.us3_26220743.447333-mark=msapiro.net at mail68.sea31.mcsv.net
> Dec 10 07:23:18 sbh16 MailScanner[2322]: Requeue: 25E7011E00AA.AE29E to EFAF711E0114
> Dec 10 07:23:18 sbh16 MailScanner[2322]: Uninfected: Delivered 1 messages
> Dec 10 07:23:18 sbh16 postfix/qmgr[2800]: EFAF711E0114: from=<bounce-mc.us3_26220743.447333-mark=msapiro.net at mail68.sea31.mcsv.net>, size=112060, nrcpt=1 (queue active)
> Dec 10 07:23:18 sbh16 MailScanner[2322]: Deleted 1 messages from processing-database
> Dec 10 07:23:18 sbh16 postfix/local[2750]: EFAF711E0114: to=<mark at sbh16.songbird.com>, orig_to=<mark at msapiro.net>, relay=local, delay=7.8, delays=7.8/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
> Dec 10 07:23:18 sbh16 postfix/qmgr[2800]: EFAF711E0114: removed

I suppose one could write some kind of script to ignore 'normal
sequences like

> Dec 10 07:23:11 sbh16 postfix/cleanup[2738]: 25E7011E00AA: hold: header Received: ...
> Dec 10 07:23:18 sbh16 MailScanner[2322]: Requeue: 25E7011E00AA.AE29E to EFAF711E0114
> Dec 10 07:23:18 sbh16 postfix/qmgr[2800]: EFAF711E0114: from=...

or

> Dec 10 06:51:23 sbh16 postfix/cleanup[1564]: AB06E11E00AA: hold: header Received: ...

followed by messages like

> Dec 10 06:51:25 sbh16 MailScanner[32550]: Spam Checks: Found 1 spam messages

or things like 'Virus Scanning: Found 1 viruses' and/or 'Saved entire
message to'

and see if there are any others.

Years ago, when I first started using MailScanner, I saw rare
occurrences of duplicate messages and I reduced the number of
MailScanner children from five to one, and haven't seen any problems
since. To the best of my knowledge, I've never seen MailScanner lose a
message.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


More information about the MailScanner mailing list