Release mail from mailscanner quarantine?

**knipper** · 08-04-2004 02:54 PM

Hey all...

Mailscanner install has been working great. Stopping tons of spam/viruses. However, today I got a message which was placed in quarantine by mailscanner which I need to retrieve.

I got the mailscanner notice that your told to forward to helpdesk with the message ID, etc. But how do I actually retrieve, or forward the mail to an inbox.

I do not want to change any setting in mailscanner as it works well, but need to figure out how to get quarantined messages to the recipient in the event it is a valid message.

Thanks in advance.

**sawbuck** · 08-04-2004 03:13 PM

Only way I have figured so far is to go to /var/spool/MailScanner/quarantine/”day” and release them manually. Chirpy on this forum may have some other idea.
HTH

**knipper** · 08-04-2004 04:06 PM

OK....

Hopefully Chirpy will chime in soon. But how do you actually release it manually? I searched the web... the only thing I can find is about sendmail, not exim. Do I need to copy the file to a different location?

Any assistance is appreciated!

**chirpy** · 08-04-2004 04:57 PM

It's easy to do, but depends on your MailScanner.conf settings.

1. If you have:
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = yes

then to requeue the email to be delivered, you need to go to the indicated directory within:
/var/spool/MailScanner/quarantine/<date>/<message-id>/
Then you need to:
cp -av *-H /var/spool/exim/input/ ; cp -av *-D /var/spool/exim/input/
one done you'll have to wait for the next exim mail queue run, or run it yourself from WHM > Manage Queue > <message-id> > Deliver Now

2. If you have:
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = no

then you'll need to go to:
/var/spool/MailScanner/quarantine/<date>/<message-id>/
Then append the message file to the users inbox:
cat <message file> >> /home/username/mail/domain.com/user/inbox

3. If you have:
Quarantine Whole Message = no

then you'll need to copy the files in:
/var/spool/MailScanner/quarantine/<date>/<message-id>/
to the users account and have them FTP in to retrieve them:
cp -a * /home/username/

**knipper** · 08-05-2004 11:03 AM

Got it. Thanks, thats what I needed.

**sawbuck** · 08-05-2004 12:05 PM

Originally Posted by chirpy

2. If you have:
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = no

So would using this option place much additional overhead on the server?

**chirpy** · 08-05-2004 12:13 PM

Not significantly, I wouldn't have thought. Just make sure that you're have a link to /usr/mailscanner/bin/cron/clean.quarantine.cron in /etc/cron.daily and that you've set $diabled = 0; in the file - so that the quarantine directories get cleared down regularly.

Personally, I just quarantine the attachments.

**coralbridge** · 08-19-2004 05:01 AM

<quote>
2. If you have:
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = no

then you'll need to go to:
/var/spool/MailScanner/quarantine/<date>/<message-id>/
Then append the message file to the users inbox:
cat <message file> >> /home/username/mail/domain.com/user/inbox
</quote>

Did that. The command works. But the message doesn't end up in the users inbox. Doesn't download and doesn't appear either. The message ID is correct. No fail messages occur.

**coralbridge** · 08-19-2004 05:02 AM

The message is now appended to the inbox, but I can't download it via pop3.

What have I done wrong?

**chirpy** · 08-19-2004 01:23 PM

You don't have your email client configured to "leave messages on server" have you? If you do (which you shuldn't) that will certainly cause problems.

**coralbridge** · 08-20-2004 04:56 AM

Originally Posted by chirpy

You don't have your email client configured to "leave messages on server" have you? If you do (which you shuldn't) that will certainly cause problems.

No I don't.

Something strange happened.

After that command was run, mail coming into the mailbox was appended as you'd expect, but couldn't be downloaded or viewed using Horde or Squirrelmail.

**casey** · 08-20-2004 05:03 AM

Originally Posted by chirpy

You don't have your email client configured to "leave messages on server" have you? If you do (which you shuldn't) that will certainly cause problems.

Why do you say that? Is there a problem with it? I have a bunch of customers that do that, and it seems to cause issues, although I can't be certain. If you've got hard evidence that it does affect the integrity of the account, I'd love to hear it so I can pass it on to my customers.

P.s. Sorry for going on to a tangent.

**chirpy** · 08-20-2004 10:38 AM

Id' be happy to follow the tangent

I've had the misfortune of having to study the POP3 RFC's. The POP3 protocol was designed as an alternative to SMTP's store and forward which isn't very practical from a non-techy stand point. So, email is sent to an SMTP server which stores it in maildir or mailbox format which the POP3 server allows access to. POP3 knows nothing about message-ids, headers, etc. All it knows about is chunks of text either in separate files or in one big file.

Now, along comes the POP3 client that is meant to login to the POP3 account, retrieve the email, delete it and log out. The logout (QUIT) actions the delete (it isn't done interactively because POP3 is fault tolerant and only deletes after a successful session completion).So far as the POP3 server is concerned, that's it.

Now, along comes some fancy shmancy POP3 client (most now) that has this wacky feature called "leave messages on the server and only retrieve new ones". The POP3 client keeps track of which messages it has downloaded and which it hasn't. How it does that has nothing whatsoever to do with the POP3 server which knows nothing of such advances in technology. The client could use any number of methods of keeping track of what's going on, including the message-id from email headers that it has retrieved, the number of the message from the bottom/top of the file, by date and time even - who knows? Not the POP3 server.

Then along comes billy customer, "boo hoo, my POP email keeps coming in twice" or " boo hoo, I'm not receiving all me email, some are skipped, but if I look at my POP3 account, there they are". Whose fault is it? The POP3 client. Tell the customer not to do that - sily boy.

If someone wants to leave email on a server use IMAP - that was written with exactly this feature in mind, i.e. leaving email on the server and keeping track of where and what it is.

**chirpy** · 08-20-2004 10:40 AM

After that command was run, mail coming into the mailbox was appended as you'd expect, but couldn't be downloaded or viewed using Horde or Squirrelmail.

You're probably suffering from the hardlink disconnect between your inbox in /home/username/mail/user/inbox and /home/username/mail/domain/user/inbox, one of which is used for web-based email, the other for POP3 email. There's a script kicking around to periodically fix it. Though I wish cPanel would sort it out once and for all.

**puzz1ed1** · 10-09-2004 05:26 AM

Got exactly the same problem, but user using POP3 as it's supposed to be. Admitedly doesn't help that it was 5 avi files weighing in at a total of 60MB (do hope he's on broadband)!

Anyone know where the script to fix the link error is - will try that...

Steve

LinkBack

Thread Tools

Release mail from mailscanner quarantine?

Quarantine Release Fails

/var/spool/MailScanner/quarantine build-up

mailscanner mailwatch quarantine release

MailScanner Quarantine

clear mailscanner quarantine