Is the quarantine dir writable by the postfix user at all?<span></span><br><br>On Monday, 17 June 2013, Ismail Ozatay wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div>Hi everyone,</div><div><br></div><div>I have installed MailScanner version 4.84.6-1 on Centos 6.4 x64 box with Clam-0.96.5-SA-3.3.1 package and configured them with postfix. Everything is working except quarantine. When i blacklist someone, it holds the mail but does not put into quarantine folder. If it is not blacklisted, mailscanner sends it to the exchange without any problem. How can i handle this problem? Here you may see an example;</div>
<div><br></div><div>[root@avgw postfix]# cat /etc/postfix/header_checks</div><div>/^Received:/ HOLD</div><div><br></div><div>MailScanner.conf</div><div>----------------</div><div>MTA = postfix</div><div>Quarantine Dir = /var/spool/MailScanner/quarantine</div>
<div>Incoming Queue Dir = /var/spool/postfix/hold</div><div>Run As User = postfix</div><div>Run As Group = postfix</div><div>Outgoing Queue Dir = /var/spool/postfix/incoming</div><div>Quarantine Whole Message = yes</div>
<div>
Quarantine Whole Messages As Queue Files = no</div><div><br></div><div>Now i am trying to send an email from blacklisted sender to the receiver;</div><div><br></div><div>Jun 17 18:18:03 avgw postfix/cleanup[6166]: D41361DF1E4: hold: header Received: from <a href="http://mail.xxx.com" target="_blank">mail.xxx.com</a> (<a href="http://mail.xxx.com" target="_blank">mail.xxx.com</a> [81.213.x.x])??by <a href="http://avgw.yyy.com" target="_blank">avgw.yyy.com</a> (Postfix) with SMTP id D41361DF1E4??for <<a href="javascript:_e({}, 'cvml', 'ysimsek@yyy.com');" target="_blank">ysimsek@yyy.com</a>>; Mon, 17 Jun 2013 18:17:44 +0300 (EEST) from <a href="http://mail.xxx.com" target="_blank">mail.xxx.com</a>[81.213.x.x]; from=<<a href="javascript:_e({}, 'cvml', 'ismail@xxx.com');" target="_blank">ismail@xxx.com</a>> to=<<a href="javascript:_e({}, 'cvml', 'ysimsek@yyy.com');" target="_blank">ysimsek@yyy.com</a>> proto=SMTP helo=<<a href="http://mail.xxx.com" target="_blank">mail.xxx.com</a>></div>
<div>Jun 17 18:18:03 avgw postfix/cleanup[6166]: D41361DF1E4: message-id=<></div><div>Jun 17 18:18:04 avgw MailScanner[6085]: New Batch: Scanning 1 messages, 892 bytes</div><div>Jun 17 18:18:04 avgw MailScanner[6085]: Virus and Content Scanning: Starting</div>
<div>Jun 17 18:18:04 avgw MailScanner[6085]: Virus Scanning completed at 21519 bytes per second</div><div>Jun 17 18:18:04 avgw MailScanner[6085]: Spam Checks: Starting</div><div>Jun 17 18:18:04 avgw MailScanner[6085]: Message D41361DF1E4.A7BA5 from 81.213.x.x (<a href="javascript:_e({}, 'cvml', 'ismail@xxx.com');" target="_blank">ismail@xxx.com</a>) to <a href="http://yyy.com" target="_blank">yyy.com</a> is spam (blacklisted)</div>
<div>Jun 17 18:18:04 avgw MailScanner[6085]: Spam Checks: Found 1 spam messages</div><div>Jun 17 18:18:04 avgw MailScanner[6085]: Non-delivery of spam: message D41361DF1E4.A7BA5 from <a href="javascript:_e({}, 'cvml', 'ismail@xxx.com');" target="_blank">ismail@xxx.com</a> to <a href="javascript:_e({}, 'cvml', 'xxx@yyy.com');" target="_blank">xxx@yyy.com</a> with subject</div>
<div>Jun 17 18:18:04 avgw MailScanner[6085]: Spam Actions: message D41361DF1E4.A7BA5 actions are store</div><div>Jun 17 18:18:04 avgw MailScanner[6170]: MailScanner E-Mail Virus Scanner version 4.84.6 starting...</div><div>
Jun 17 18:18:04 avgw MailScanner[6170]: Reading configuration file /etc/MailScanner/MailScanner.conf</div><div>Jun 17 18:18:04 avgw MailScanner[6170]: Reading configuration file /etc/MailScanner/conf.d/README</div><div>Jun 17 18:18:04 avgw MailScanner[6170]: Read 872 hostnames from the phishing whitelist</div>
<div>Jun 17 18:18:04 avgw MailScanner[6170]: Read 3966 hostnames from the phishing blacklists</div><div>Jun 17 18:18:04 avgw MailScanner[6170]: Config: calling custom init function MailWatchLogging</div><div>Jun 17 18:18:04 avgw MailScanner[6170]: Started SQL Logging child</div>
<div>Jun 17 18:18:04 avgw MailScanner[6170]: Enabling SpamAssassin auto-whitelist functionality...</div><div>Jun 17 18:18:05 avgw MailScanner[6170]: Connected to Processing Attempts Database</div><div>Jun 17 18:18:05 avgw MailScanner[6170]: Found 5 messages in the Processing Attempts Database</div>
<div>Jun 17 18:18:05 avgw MailScanner[6170]: Using locktype = flock</div><div><br></div><div>[root@avgw postfix]# ll /var/spool/postfix/hold/</div><div>total 4</div><div>-rwx------ 1 postfix postfix 892 Jun 17 18:18 D41361DF1E4</div>
<div><br></div><div>As you can see, the holded mail waits there. These are the permissions;</div><div><br></div><div>[root@avgw postfix]# ll /var/spool/postfix</div><div>total 56</div><div>drwx------. 2 postfix root 4096 Jun 17 18:17 active</div>
<div>drwx------. 2 postfix root 4096 Jun 16 03:05 bounce</div><div>drwx------. 2 postfix root 4096 Dec 3 2011 corrupt</div><div>drwx------. 15 postfix root 4096 Jun 17 11:01 defer</div><div>drwx------. 15 postfix root 4096 Jun 17 11:01 deferred</div>
<div>drwx------. 2 postfix root 4096 Dec 3 2011 flush</div><div>drwxrwsr-x. 2 postfix postfix 4096 Jun 17 18:18 hold</div><div>drwxrwsr-x. 2 postfix postfix 4096 Jun 17 18:18 incoming</div><div>drwx-wx---. 2 postfix postdrop 4096 Jun 17 18:01 maildrop</div>
<div>drwxr-xr-x. 2 root root 4096 Jun 16 03:37 pid</div><div>drwx------. 2 postfix root 4096 Jun 17 18:15 private</div><div>drwx--x---. 2 postfix postdrop 4096 Jun 17 18:15 public</div><div>drwx------. 2 postfix root 4096 Dec 3 2011 saved</div>
<div>drwx------. 2 postfix root 4096 Dec 3 2011 trace</div><div><br></div><div>[root@avgw postfix]# ll /var/spool/MailScanner/</div><div>total 4</div><div>drwxrwxrwt 9 postfix root 200 Jun 17 18:25 incoming</div>
<div>drwxrwx--- 5 postfix apache 4096 Jun 17 16:43 quarantine</div><div><br></div><div>[root@avgw ~]# MailScanner -V</div><div>Running on</div><div>Linux <a href="http://avgw.eser.com" target="_blank">avgw.eser.com</a> 2.6.32-358.11.1.el6.x86_64 #1 SMP Wed Jun 12 03:34:52 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux</div>
<div>This is CentOS release 6.4 (Final)</div><div>This is Perl version 5.010001 (5.10.1)</div><div><br></div><div>This is MailScanner version 4.84.6</div><div>Module versions are:</div><div>1.00 AnyDBM_File</div><div>
1.30 Archive::Zip</div>
<div>0.23 bignum</div><div>1.11 Carp</div><div>2.02 Compress::Zlib</div><div>1.119 Convert::BinHex</div><div>0.17 Convert::TNEF</div><div>2.124 Data::Dumper</div><div>2.27 Date::Parse</div><div>1.03 DirHandle</div>
<div>1.06 Fcntl</div><div>2.77 File::Basename</div><div>2.14 File::Copy</div><div>2.02 FileHandle</div><div>2.08 File::Path</div><div>0.22 File::Temp</div><div>0.92 Filesys::Df</div><div>3.64 HTML::Entities</div>
<div>3.64 HTML::Parser</div><div>3.57 HTML::TokeParser</div><div>1.25 IO</div><div>1.14 IO::File</div><div>1.13 IO::Pipe</div><div>2.04 Mail::Header</div><div>1.89 Math::BigInt</div><div>0.22 Math::BigRat</div>
<div>3.08 MIME::Base64</div><div>5.427 MIME::Decoder</div><div>5.427 MIME::Decoder::UU</div><div>5.427 MIME::Head</div><div>5.427 MIME::Parser</div><div>3.08 MIME::QuotedPrint</div><div>5.427 MIME::Tools</div>
<div>0.14 Net::CIDR</div><div>1.25 Net::IP</div><div>0.19 OLE::Storage_Lite</div><div>1.04 Pod::Escapes</div><div>3.13 Pod::Simple</div><div>1.17 POSIX</div><div>1.21 Scalar::Util</div><div>1.82 Socket</div>
<div>2.20 Storable</div><div>1.4 Sys::Hostname::Long</div><div>0.27 Sys::Syslog</div><div>1.40 Test::Pod</div><div>0.92 Test::Simple</div><div>1.9721 Time::HiRes</div><div>1.02 Time::localtime</div><div>
<br></div><div>Optional module versions are:</div><div>1.29 Archive::Tar</div><div>0.23 bignum</div><div>1.82 Business::ISBN</div><div>1.10 Business::ISBN::Data</div><div>1.08 Data::Dump</div><div>1.82 DB_File</div>
<div>1.27 DBD::SQLite</div><div>1.609 DBI</div><div>1.16 Digest</div><div>1.01 Digest::HMAC</div><div>2.39 Digest::MD5</div><div>2.12 Digest::SHA1</div><div>missing Encode::Detect</div><div>0.17015 Error</div>
<div>0.18 ExtUtils::CBuilder</div><div>2.2203 ExtUtils::ParseXS</div><div>2.38 Getopt::Long</div><div>0.44 Inline</div><div>1.08 IO::String</div><div>1.04 IO::Zlib</div><div>2.21 IP::Country</div><div>
0.29 Mail::ClamAV</div>
<div>3.003001 Mail::SpamAssassin</div><div>missing Mail::SPF</div><div>missing Mail::SPF::Query</div><div>missing Module::Build</div><div>0.20 Net::CIDR::Lite</div><div>0.65 Net::DNS</div><div>missing Net::DNS::Resolver::Programmable</div>
<div>missing Net::LDAP</div><div> 4.004 NetAddr::IP</div><div>1.94 Parse::RecDescent</div><div>missing SAVI</div><div>3.17 Test::Harness</div><div>0.95 Test::Manifest</div><div>2.0.0 Text::Balanced</div><div>
1.40 URI</div>
<div>0.77 version</div><div>0.62 YAML</div><div><br></div></div>
</blockquote><br><br>-- <br>-- <br>Martin Hepworth, CISSP<br>Oxford, UK<br>