New build 3.0.2.2, endless loop releasing from quarantine

Report bugs and workarounds
Post Reply
r31griffo
Posts: 19
Joined: 31 Mar 2017 05:09

New build 3.0.2.2, endless loop releasing from quarantine

Post by r31griffo »

Hi everyone,

I've had to turn off my newly built eFa :(
One of our users received a newsletter which had a large number of recipients in the TO: field, she released the email and I noticed the recent messages list was populated with this email over and over again. Each time the subject was prepended with {spam not delivered} and the sender was the system's postmaster email address. By the time I turned this off there must have been 20x {spam not delivered} in the subject.

I looked at the reports and external people/domains were the highest recipients of emails, have we just spammed people with a newsletter? Anyway, keen to know your thoughts...

1. I don't think restarting cleared it out (although I could be wrong), how do I clear this email out?
2. How can I find out if the message was sent externally or caught before it was sent?
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: New build 3.0.2.2, endless loop releasing from quarantine

Post by pdwalker »

It sounds like efa detected the outgoing newsletter as spam. I think you need to resolve that problem first.

Second, what are the settings of the following in /etc/MailScanner.conf?
Spam Actions = ?
High Scoring Spam Actions = ?
Non Spam Actions = ?

Lastly, to delete messages from the mail queue, use the webadmin control panel at https://<your efa box>:10000/ and log in using the root password.

Look under Server, Postfix Mail Server, Mail Queue. You can manipulate the queue from here.
r31griffo
Posts: 19
Joined: 31 Mar 2017 05:09

Re: New build 3.0.2.2, endless loop releasing from quarantine

Post by r31griffo »

Thanks for the tip regarding the message queue.
I logged in using root's password and went to the area you suggested and can see 2 emails (the same newsletter). I've tied selecting both and deleting and also flushing queue but don't appear to work.

Spam Actions = store custom(spam)
High Scoring Spam Actions = store
Non Spam Actions = store deliver header "X-spam-status:No" customer(nonspam)

When she released the email I don't believe it was via the nightly message but an email she received instead of the spam...does that help?
r31griffo
Posts: 19
Joined: 31 Mar 2017 05:09

Re: New build 3.0.2.2, endless loop releasing from quarantine

Post by r31griffo »

I realised that the message ID kept changing when I deleted the 2 stuck in the queue, something was happening but I'm not sure what.

I stopped Postfix, deleted again and now they appear to be gone. I've restarted the server to be sure, I'm pretty sure they're gone.

So the immediate issue is resolved, I just need to find out why and how it happened...given the variables in /etc/Mailscanner/Mailscanner.conf, do you have any suggestions on where I should start looking?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: New build 3.0.2.2, endless loop releasing from quarantine

Post by shawniverson »

Did this happen upon initial delivery, or did it start after releasing it from quarantine (as the title suggests)?
r31griffo
Posts: 19
Joined: 31 Mar 2017 05:09

Re: New build 3.0.2.2, endless loop releasing from quarantine

Post by r31griffo »

shawniverson wrote: 14 May 2017 12:39 Did this happen upon initial delivery, or did it start after releasing it from quarantine (as the title suggests)?
G'day Shawn,
I'm sorry for the delayed reply, I usually check in more frequently.
I noticed the original quarantined message in the recent messages list in the webinterface, about 20 minutes later I noticed that the log had filled with the same message...I believe it was just after the user clicked a link in the {spam not delivered} email to release it. The sender in the new quarantined emails had also changed to come from postmaster@mydomain.com.au.

As a side note, I'd prefer to stop the users receiving the {spam not delivered} emails and only the daily summary...is there a setting to change this?

Cheers,
Brad
Post Reply