Quarantine path issue
Mark Sapiro
mark at msapiro.net
Thu Oct 3 16:27:47 UTC 2019
On 10/3/19 8:05 AM, Andy Betts wrote:
>
> Something has recently changed with my install and I'm not sure where I
> should be looking. Until a couple of days ago, MailScanner was storing
> spam messages in /var/spool/MailScanner/quarantine/<date>/. Mailwatch
> could see this directory and was working as expected. I have the usual
> spam action and high spam action set to store, but after a restart of
> the service I can now see that Mailscanner is now storing spam in a sub
> directory called spam, this is causing issues with MailWatch not seeing
> this directory and I'm now unable to release those emails.
>
> Has the default location for the store action changes, or is this a
> Mailwatch configuration issue?
In my experience going back many years, MailScanner's quarantine
directory is set in MailScanners config via the Quarantine Dir setting
and defaults to /var/spool/MailScanner/quarantine. This directory
contains sub directories by date. The typical structure of one of these
date directories is
> /var/spool/MailScanner/quarantine/20190904:
> total 16
> drwxr-x--- 4 postfix ms_access 4096 Sep 4 17:01 ./
> drwxrwxr-x 34 postfix ms_access 4096 Oct 3 06:28 ../
> drwxr-x--- 2 postfix ms_access 4096 Sep 4 17:01 976E86113D.AB735/
> drwxr-x--- 2 postfix ms_access 4096 Sep 4 16:52 spam/
>
> /var/spool/MailScanner/quarantine/20190904/976E86113D.AB735:
> total 2984
> drwxr-x--- 2 postfix ms_access 4096 Sep 4 17:01 ./
> drwxr-x--- 4 postfix ms_access 4096 Sep 4 17:01 ../
> -rw-r----- 1 postfix ms_access 94208 Sep 4 17:01 Dhlprotected.exe
> -rw-r----- 1 postfix ms_access 1245184 Sep 4 17:01 Dhl protected.iso
> -rw-r----- 1 postfix ms_access 1707518 Sep 4 17:01 message
>
> /var/spool/MailScanner/quarantine/20190904/spam:
> total 228
> drwxr-x--- 2 postfix ms_access 4096 Sep 4 16:52 ./
> drwxr-x--- 4 postfix ms_access 4096 Sep 4 17:01 ../
> -rw-r----- 1 postfix ms_access 9595 Sep 4 03:04 11F831F8E3.A2E91
> -rw-r----- 1 postfix ms_access 5741 Sep 4 03:53 134C849691.A4D68
> -rw-r----- 1 postfix ms_access 2575 Sep 4 09:18 25D672EBFC.AF3C1
> -rw-r----- 1 postfix ms_access 31351 Sep 4 11:08 2F09A84C47.A5E83
> -rw-r----- 1 postfix ms_access 2527 Sep 4 08:14 33AC414A36.A1A2B
> -rw-r----- 1 postfix ms_access 1768 Sep 4 15:37 3DD9197D0B.AB02F
> -rw-r----- 1 postfix ms_access 2672 Sep 4 07:53 47E8CDD574.AD39A
> -rw-r----- 1 postfix ms_access 28567 Sep 4 16:52 48180274E1.AE412
> -rw-r----- 1 postfix ms_access 18302 Sep 4 15:08 557C65DA41.A45AA
> -rw-r----- 1 postfix ms_access 13810 Sep 4 01:44 8D6CFDB7A7.A2A5C
> -rw-r----- 1 postfix ms_access 2496 Sep 4 12:43 9E8C2CFD5E.A0C88
> -rw-r----- 1 postfix ms_access 18356 Sep 4 16:50 ACFD9CC632.A29FB
> -rw-r----- 1 postfix ms_access 24282 Sep 4 06:04 AEA41F756.ACD58
> -rw-r----- 1 postfix ms_access 2525 Sep 4 14:03 B17EFA5DE3.AB1DA
> -rw-r----- 1 postfix ms_access 6610 Sep 4 07:18 C6673503DB.A87D2
> -rw-r----- 1 postfix ms_access 2609 Sep 4 12:11 D32A2503A9.A6113
> -rw-r----- 1 postfix ms_access 9779 Sep 4 13:03 E6B6B54A01.A8F5A
> -rw-r----- 1 postfix ms_access 9083 Sep 4 07:16 E9500B982E.AB339
I.e. it contains a 'spam' sub-directory and zero or more 'queue-id'
directories. The 'spam' sub-directory contains spam messages by queue-id.
The 'queue-id' directories, 976E86113D.AB735 in this example, contain
messages with viruses. The 'message' file is the complete message and
the other files are the infected attachments.
Again, in my experience the quarantined spam has always been in a 'spam'
sub-directory. However, this can be affected by the Spam Actions and
High Scoring Spam Actions settings.
I'm not familiar with MailWatch and I don't know what settings are
available there.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list