{"id":403,"date":"2011-03-01T13:57:32","date_gmt":"2011-03-01T05:57:32","guid":{"rendered":"http:\/\/blog.infinity.idv.tw\/index.php\/2011\/03\/01\/mailscanner%e5%8f%96%e5%9b%9e%e9%9a%94%e9%9b%a2%e5%8d%80%e7%9a%84%e4%bf%a1-releasing-mail-from-the-quarantine\/"},"modified":"2011-03-22T16:06:02","modified_gmt":"2011-03-22T08:06:02","slug":"mailscanner%e5%8f%96%e5%9b%9e%e9%9a%94%e9%9b%a2%e5%8d%80%e7%9a%84%e4%bf%a1-releasing-mail-from-the-quarantine","status":"publish","type":"post","link":"http:\/\/blog.infinity.idv.tw\/?p=403","title":{"rendered":"Mailscanner\u53d6\u56de\u9694\u96e2\u5340\u7684\u4fe1-Releasing mail from the quarantine"},"content":{"rendered":"

Releasing mail from the quarantine – queue files<\/a><\/h3>\n

For the purposes of this, I\u2019m assuming you have set up a single (safe!) postfix instance, with messages going to the HOLD queue, before being processed by MailScanner and sent to the INCOMING queue. You also need to be saving whole messages as queue files. <\/p>\n

In MailScanner.conf ensure that you have <\/p>\n

# When you quarantine an entire message, do you want to store it as\n# raw mail queue files (so you can easily send them onto users) or\n# as human-readable files (header then body in 1 file)?\nQuarantine Whole Messages As Queue Files = yes <\/pre>\n
Quarantined emails are by default kept in \/var\/spool\/MailScanner\/quarantine and sorted into subdirectories by date. With any luck it will be dead easy to find, as MailScanner will have sent a message including text along the lines of either: <\/p>\n
A: If it\u2019s a quarantined virus, or other dangerous content. <\/p>\n
\u201cNote to Help Desk: Look on the <Your text> in \/var\/spool\/MailScanner\/quarantine\/20050309 (message\n6BC5E368497.3C3A6).\u201d <\/pre>\n
MailScanner keeps such quarantined emails in their own directories, thus the directory containing the quarantined message will be (in this example): \/var\/spool\/MailScanner\/quarantine\/20050309\/6BC5E368497.3C3A6. In this directory, you should see the original queue file, named as a 10 digit hex number matching the name of the directory. There should also be copies of any attachments that may have been picked up by the virus scanning engine or file filtering. <\/p>\n
B: If it\u2019s a quarantined spam <\/p>\n
"Your system administrators will need the following information:\nServer name: <Your Server>\nMessage id: 46EE0E18151.CE630\nDate code: 20080509"<\/pre>\n
MailScanner keeps all spam on a given day in the same directory, thus the directory containing the quarantined message will be (in this example): \/var\/spool\/MailScanner\/quarantine\/20080509\/spam. <\/p>\n
If you want to check the original message use: <\/p>\n
# postcat <filename><\/pre>\n
Releasing an email from quarantine is a simple matter of replacing the queue file back into the Postfix queue, so that it gets sent. The permissions on the file are wrong, however and must be changed. <\/p>\n
# chmod 700 <filename><\/pre>\n
The file must now be moved into \/var\/spool\/postfix\/incoming. There may be 16 directories in there (Collectively referred to as \u2018hashed queue files\u2019) each corresponding to a hexadecimal digit, depending which version of Postfix you are running. First check if you have hashed queue files by: <\/p>\n
# ls \/var\/spool\/postfix\/incoming<\/pre>\n
If no directories are listed then follow the instructions below but do not add the trailing letter\/ number. <\/p>\n
The file must be placed in the directory which corresponds to the first digit of the filename. So in the example above, it must go into \/var\/spool\/postfix\/incoming\/6. We must also be sure to preserve the ownership and permissions of the file when moving it, so we use \u201ccp -p\u201d. If the message is a spam, we must also remove the trailing 6 characters. <\/p>\n
Thus for the example above: <\/p>\n
# cp \u2013p 6BC5E368497 \/var\/spool\/postfix\/incoming\/6<\/pre>\n
or for the example quarantined spam <\/p>\n
# cp \u2013p 46EE0E18151.CE630 \/var\/spool\/postfix\/incoming\/4\/46EE0E18151<\/pre>\n
The email will disappear from the queue and be delivered. <\/p>\n
Thanks to Joshua Hirsh for the details and Stef Morrell for writing the document <\/p>\n
Releasing mail from the quarantine – with a bash script<\/a><\/h3>\n
Maybe it\u2019s too circuitous for you to do all the steps in the section above to release a mail. For this I wrote a tiny script to release very easily. To use this script you should set the MailScanner environment identically to the article above. <\/p>\n
To use this script copy it to a file and make it executable. <\/p>\n
The Syntax: release.sh <Message-ID> (e.g. release.sh 5B604228086.932F0) <\/p>\n
#!\/bin\/sh\n\nif [ -z "$1" ]; then\n        echo "Syntax: release.sh <Message-ID> i.e. 5B604228086.932F0 (case sensitive)" \n        exit\nfi\n\n#change in the quarantine folder\nfolder=`find \/var\/spool\/MailScanner\/quarantine\/ -name $1`\ncd $folder\n\n#set the mailfile executable\nmailname=`echo $1 | cut -d . -f 1`\nchmod u+x $mailname\n\n#lets get the first character\nchar=`echo $1 | cut -b 1-1`\n\n#copy the mail \ncp -a $mailname \/var\/spool\/postfix\/incoming\/$char\/\n\necho Mail $mailname released<\/pre>\n
Releasing mail from the quarantine – message files<\/a><\/h3>\n
If you don\u2019t quarantine the complete queue file, but instead have the rfc822 message file, releasing messages are actually a bit simpler (for postfix) than the above, since you can use the postfix sendmail<\/code> convenience program. <\/p>\n
In MailScanner.conf you have <\/p>\n
Quarantine Whole Messages As Queue Files = no <\/pre>\n
and in the quarantine directory you have a file called message (this is the complete human-readible message, but without the envelope info). Just do <\/p>\n
cd \/path\/to\/quarantine\/dir\nsendmail -t -i < message<\/pre>\n
to send the message to the recipient(s) as found in the message file, or <\/p>\n
cd \/path\/to\/quarantine\/dir\nsendmail -i alternate_recipient@example.net < message<\/pre>\n
to send the message to an alternate recipient (of course you can combine them). The -i<\/code> option is to avoid terminating the message prematurely on a spurious single \u201c.\u201d on a line in the message file. <\/p>\n
If you use MailWatch<\/a>, this can also release the message iff you don\u2019t quarantine the whole message file as the queue file, although this uses a different method to release messages from the GUI<\/acronym>. <\/p>\n
Releasing mail from the quarantine – queue files postfix (again)<\/a><\/h3>\n
In a larger environment with many hosts and thousands of quarantined emails per day, we\u2019ve found it impractical to reply to each email released or deleted from a queue, and simply process it without fanfare. The code below is modified from the release.sh above to accomodate moving the released mail back into postfix using the original mail ID. In addition, our postfix install required us to rename the queue file to its shortname, that is, the 10 or 11 character filename before postfix would accept the email into the queue. <\/p>\n
The Syntax: release.sh <Message-ID> (e.g. release.sh 5B604228086.932F0) <\/p>\n
#!\/bin\/sh\n\nif [ -z "$1" ]; then\n        echo "Syntax: release.sh <Message-ID> i.e. 5B604228086.932F0 (case sensitive)" \n        exit\nfi\n\n#change in the quarantine folder\nfolder=`find \/var\/spool\/MailScanner\/quarantine\/ -name $1 | sed -e "s\/$1\/\/g"`\ncd $folder\n\n#set the mailfile executable\nmailname=`echo $1 | cut -d . -f1`\nchmod u+x $1\n\n#lets get the first character\nchar=`echo $1 | cut -b 1-1`\n\n#copy the mail \ncp -a $1 \/var\/spool\/postfix\/incoming\/$char\/$mailname<\/pre>\n
The following is for recent postfixes (2.3, 2.4) which seem to have a flat incoming directory: <\/p>\n
#!\/bin\/sh\n\n# this is the final destination for the mail to be released:\n# postfix's incoming queue\nPOSTFIX_DEST=\/var\/spool\/postfix\/incoming\n\n# check for valid parameters\nif [ -z "$1" ]; then\n        echo "Syntax: release.sh <Message-ID>"\n        echo "Example: release.sh 678362AC.9CFE7"\n        exit\nfi\n\n# find the specific mail in the quarantine folders\nfolder=`find \/var\/spool\/MailScanner\/quarantine\/ -name $1`\n\nmailname=`echo $1 | cut -d . -f1`\n\n# copy the mail \nif [ -e $POSTFIX_DEST\/$mailname ] ; then\n        echo "ERROR: $mailname already in $POSTFIX_DEST! EXITING"\n        echo "This should not happen"\n        exit 255\nfi\n\ncp -avi "$folder\/$mailname" "$POSTFIX_DEST\/$mailname"\n\n# make it 0700 so that the mail is deemed ready\nchmod 0700 $POSTFIX_DEST\/$mailname<\/pre>\n
Releasing mail from the quarantine – the one liner<\/a><\/h3>\n
sudo install -m 0700 -o postfix <source message> \/var\/spool\/postfix\/incoming <\/p>\n
Releasing mail from the quarantine – alias with intelligence<\/a><\/h3>\n
integrate() {\n  # integration: antonym of quarantine\n  # Pass the message ID as obtained from user's email as $1\n  DEST=$(postconf queue_directory | cut -d= -f2)\/incoming\n  SOURCE=$(find \/var\/spool\/MailScanner\/quarantine -name "$1")\n  install --verbose --mode=0700 --owner=postfix $SOURCE $DEST\n}<\/pre>\n
Updated bash script<\/a><\/h3>\n
Line 9 on initial bash script returned filename with full path and not folder, as expected. Instructions at the top also used the cp -p option, and not -a. Instead of cd\u2019ing to quarantine folder, this will do the copy and preserve permissions. <\/p>\n
#!\/bin\/sh\n\nif [ -z "$1" ]; then\n        echo "Syntax: release.sh <Message-ID> i.e. 5B604228086.932F0 (case sensitive)" \n        exit\nfi\n\n#find the quarantined file and set permissions\nquarantined_file=`find \/var\/spool\/MailScanner\/quarantine\/ -name $1`\nchmod u+x $quarantined_file\n\n#truncate the filename\nmailname=`echo $1 | cut -d . -f 1`\n\n#lets get the first character\nchar=`echo $1 | cut -b 1-1`\n\n#copy the mail, destination is the truncated filename\ncp -p $quarantined_file \/var\/spool\/postfix\/incoming\/$char\/$mailname\n\necho Mail $mailname released<\/pre>\n","protected":false},"excerpt":{"rendered":"
Releasing mail from the quarantine – queue files<\/p>\n
For the purposes of this, I\u2019m assuming you have set up a single (safe!) postfix instance, with messages going to the HOLD queue, before being processed by MailScanner and sent to the INCOMING queue. You also need to be saving whole messages as queue files. <\/p>\n
In MailScanner.conf ensure […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4,14,255],"tags":[363],"_links":{"self":[{"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/posts\/403"}],"collection":[{"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=403"}],"version-history":[{"count":2,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/posts\/403\/revisions"}],"predecessor-version":[{"id":411,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/posts\/403\/revisions\/411"}],"wp:attachment":[{"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=403"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=403"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=403"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}