Releasing mail from the quarantine – queue files
For the purposes of this, I’m assuming you have set up a single (safe!) postfix instance, with messages going to the HOLD queue, before being processed by MailScanner and sent to the INCOMING queue. You also need to be saving whole messages as queue files.
In MailScanner.conf ensure that you have
# When you quarantine an entire message, do you want to store it as # raw mail queue files (so you can easily send them onto users) or # as human-readable files (header then body in 1 file)? Quarantine Whole Messages As Queue Files = yes
Quarantined emails are by default kept in /var/spool/MailScanner/quarantine and sorted into subdirectories by date. With any luck it will be dead easy to find, as MailScanner will have sent a message including text along the lines of either:
A: If it’s a quarantined virus, or other dangerous content.
“Note to Help Desk: Look on the <Your text> in /var/spool/MailScanner/quarantine/20050309 (message 6BC5E368497.3C3A6).”
MailScanner keeps such quarantined emails in their own directories, thus the directory containing the quarantined message will be (in this example): /var/spool/MailScanner/quarantine/20050309/6BC5E368497.3C3A6. In this directory, you should see the original queue file, named as a 10 digit hex number matching the name of the directory. There should also be copies of any attachments that may have been picked up by the virus scanning engine or file filtering.
B: If it’s a quarantined spam
"Your system administrators will need the following information: Server name: <Your Server> Message id: 46EE0E18151.CE630 Date code: 20080509"
MailScanner keeps all spam on a given day in the same directory, thus the directory containing the quarantined message will be (in this example): /var/spool/MailScanner/quarantine/20080509/spam.
If you want to check the original message use:
# postcat <filename>
Releasing an email from quarantine is a simple matter of replacing the queue file back into the Postfix queue, so that it gets sent. The permissions on the file are wrong, however and must be changed.
# chmod 700 <filename>
The file must now be moved into /var/spool/postfix/incoming. There may be 16 directories in there (Collectively referred to as ‘hashed queue files’) each corresponding to a hexadecimal digit, depending which version of Postfix you are running. First check if you have hashed queue files by:
# ls /var/spool/postfix/incoming
If no directories are listed then follow the instructions below but do not add the trailing letter/ number.
The file must be placed in the directory which corresponds to the first digit of the filename. So in the example above, it must go into /var/spool/postfix/incoming/6. We must also be sure to preserve the ownership and permissions of the file when moving it, so we use “cp -p”. If the message is a spam, we must also remove the trailing 6 characters.
Thus for the example above:
# cp –p 6BC5E368497 /var/spool/postfix/incoming/6
or for the example quarantined spam
# cp –p 46EE0E18151.CE630 /var/spool/postfix/incoming/4/46EE0E18151
The email will disappear from the queue and be delivered.
Thanks to Joshua Hirsh for the details and Stef Morrell for writing the document
Releasing mail from the quarantine – with a bash script
Maybe it’s too circuitous for you to do all the steps in the section above to release a mail. For this I wrote a tiny script to release very easily. To use this script you should set the MailScanner environment identically to the article above.
To use this script copy it to a file and make it executable.
The Syntax: release.sh <Message-ID> (e.g. release.sh 5B604228086.932F0)
#!/bin/sh if [ -z "$1" ]; then echo "Syntax: release.sh <Message-ID> i.e. 5B604228086.932F0 (case sensitive)" exit fi #change in the quarantine folder folder=`find /var/spool/MailScanner/quarantine/ -name $1` cd $folder #set the mailfile executable mailname=`echo $1 | cut -d . -f 1` chmod u+x $mailname #lets get the first character char=`echo $1 | cut -b 1-1` #copy the mail cp -a $mailname /var/spool/postfix/incoming/$char/ echo Mail $mailname released
Releasing mail from the quarantine – message files
If you don’t quarantine the complete queue file, but instead have the rfc822 message file, releasing messages are actually a bit simpler (for postfix) than the above, since you can use the postfix sendmail
convenience program.
In MailScanner.conf you have
Quarantine Whole Messages As Queue Files = no
and in the quarantine directory you have a file called message (this is the complete human-readible message, but without the envelope info). Just do
cd /path/to/quarantine/dir sendmail -t -i < message
to send the message to the recipient(s) as found in the message file, or
cd /path/to/quarantine/dir sendmail -i alternate_recipient@example.net < message
to send the message to an alternate recipient (of course you can combine them). The -i
option is to avoid terminating the message prematurely on a spurious single “.” on a line in the message file.
If you use MailWatch, this can also release the message iff you don’t quarantine the whole message file as the queue file, although this uses a different method to release messages from the GUI.
Releasing mail from the quarantine – queue files postfix (again)
In a larger environment with many hosts and thousands of quarantined emails per day, we’ve found it impractical to reply to each email released or deleted from a queue, and simply process it without fanfare. The code below is modified from the release.sh above to accomodate moving the released mail back into postfix using the original mail ID. In addition, our postfix install required us to rename the queue file to its shortname, that is, the 10 or 11 character filename before postfix would accept the email into the queue.
The Syntax: release.sh <Message-ID> (e.g. release.sh 5B604228086.932F0)
#!/bin/sh if [ -z "$1" ]; then echo "Syntax: release.sh <Message-ID> i.e. 5B604228086.932F0 (case sensitive)" exit fi #change in the quarantine folder folder=`find /var/spool/MailScanner/quarantine/ -name $1 | sed -e "s/$1//g"` cd $folder #set the mailfile executable mailname=`echo $1 | cut -d . -f1` chmod u+x $1 #lets get the first character char=`echo $1 | cut -b 1-1` #copy the mail cp -a $1 /var/spool/postfix/incoming/$char/$mailname
The following is for recent postfixes (2.3, 2.4) which seem to have a flat incoming directory:
#!/bin/sh # this is the final destination for the mail to be released: # postfix's incoming queue POSTFIX_DEST=/var/spool/postfix/incoming # check for valid parameters if [ -z "$1" ]; then echo "Syntax: release.sh <Message-ID>" echo "Example: release.sh 678362AC.9CFE7" exit fi # find the specific mail in the quarantine folders folder=`find /var/spool/MailScanner/quarantine/ -name $1` mailname=`echo $1 | cut -d . -f1` # copy the mail if [ -e $POSTFIX_DEST/$mailname ] ; then echo "ERROR: $mailname already in $POSTFIX_DEST! EXITING" echo "This should not happen" exit 255 fi cp -avi "$folder/$mailname" "$POSTFIX_DEST/$mailname" # make it 0700 so that the mail is deemed ready chmod 0700 $POSTFIX_DEST/$mailname
Releasing mail from the quarantine – the one liner
sudo install -m 0700 -o postfix <source message> /var/spool/postfix/incoming
Releasing mail from the quarantine – alias with intelligence
integrate() { # integration: antonym of quarantine # Pass the message ID as obtained from user's email as $1 DEST=$(postconf queue_directory | cut -d= -f2)/incoming SOURCE=$(find /var/spool/MailScanner/quarantine -name "$1") install --verbose --mode=0700 --owner=postfix $SOURCE $DEST }
Updated bash script
Line 9 on initial bash script returned filename with full path and not folder, as expected. Instructions at the top also used the cp -p option, and not -a. Instead of cd’ing to quarantine folder, this will do the copy and preserve permissions.
#!/bin/sh if [ -z "$1" ]; then echo "Syntax: release.sh <Message-ID> i.e. 5B604228086.932F0 (case sensitive)" exit fi #find the quarantined file and set permissions quarantined_file=`find /var/spool/MailScanner/quarantine/ -name $1` chmod u+x $quarantined_file #truncate the filename mailname=`echo $1 | cut -d . -f 1` #lets get the first character char=`echo $1 | cut -b 1-1` #copy the mail, destination is the truncated filename cp -p $quarantined_file /var/spool/postfix/incoming/$char/$mailname echo Mail $mailname released
近期留言