Release Quarantined Attachments

Questions and answers about how to do stuff
Post Reply
Dark-Sider
Posts: 11
Joined: 14 Mar 2016 11:37

Release Quarantined Attachments

Post by Dark-Sider »

Hey there,

I already did some digging in this forum and on the Mailscanner mailinglist. I already enabled, that attachments don't get deleted but are moved to quarantine. My users get the typical warning and I receive their requests to retreive the attachments out of quarantine.

Several attachments are double-extension or contain blocked extensions. While blocking those attachments seems good, I want my users to be able to retreive those attachments on their onwn, like clicking the link in the spam-notification to release a Spam-Mail.

However I can't get this to work. I first went to the the WEB-UI and opend an item with blocked attachments, and checked the release-checkbox and clicked the button. However the e-mail never was released and I also didn't receive any error messages.

My second step would have been to edit the mailscanner template and include a token link for the user release the mail.

Is this possible at all? Why is the mail not released upon clicking the release button?

My EFA Version should 3.0.0.7 or 3.0.0.8 don't know this exactly at the time.

regards,

Fabian
DaN
Posts: 240
Joined: 19 Nov 2014 10:04
Location: Earth

Re: Release Quarantined Attachments

Post by DaN »

Hi,
cat /etc/EFA-Version
shows the version.

Did you tried "Alternate Recipient(s):"? Just a workaround ...

About the posibility to release a mail with a click on a link you should find a couple of threads in this forums.

https://www.google.de/search?q=site:htt ... nk+in+mail
Dark-Sider
Posts: 11
Joined: 14 Mar 2016 11:37

Re: Release Quarantined Attachments

Post by Dark-Sider »

Hi,
DaN wrote:
cat /etc/EFA-Version
shows the version.

Did you tried "Alternate Recipient(s):"? Just a workaround ...

About the posibility to release a mail with a click on a link you should find a couple of threads in this forums.
I'm running EFA version 3.0.0.8 (which should be recent). I just tried alternate recipients and it also did "nothing". After clicking the button I get a follow up page, at the very bottom there is a green "N" next to "Errors" so I guess no error was thrown, the message field also stays empty. Bute I never receive the released e-Mail. Is releasing quarantined mail even supposed to work?

regards,
Fabian
DaN
Posts: 240
Joined: 19 Nov 2014 10:04
Location: Earth

Re: Release Quarantined Attachments

Post by DaN »

I've made two checkmarks (Release, Alternative Recipients), wrote my mail adress (Alternate Recipient(s)) and click "submit".

This works. Don't forget the "release" checkmark.
Dark-Sider
Posts: 11
Joined: 14 Mar 2016 11:37

Re: Release Quarantined Attachments

Post by Dark-Sider »

Hi,
DaN wrote:I've made two checkmarks (Release, Alternative Recipients), wrote my mail adress (Alternate Recipient(s)) and click "submit".
This works. Don't forget the "release" checkmark.
EDIT: So I debugged mailwatch. It comes down to the functions.php file where the quarantine_release function is located. There are two ways a mail can be released: via sendmail or via php. My config apparently uses sendmail. However if sendmail is used, the mail has to be stored in the message/rfc822 format. This is true for my spam mails. However the quarantined mails have a different format ("text/x-mail; charset=us-ascii"). (Although I set quarantine whole message = yes in the MailScanner.conf). I also tried the store as queue-file option, this does change the type string to "application/octet-stream; charset=binary" which is still wrong.... Edit: After some googling: http://lists.mailscanner.info/pipermail ... 97535.html

I compard the contents of a quarantined "message" file with a spam "message" file - they looked identical, so I temporarily disabled the check for rfc822 stuff. This works - sort of. The mail is sent by postmaster to the recipient and is correctly flagged as W/L however the last column also lists bad content and the attachet is again removed... Where is the option that mailscanner does not check whitelisted senders for bad attachments?



Original Message.
Yes I did the same thing. However I have three lines (one line with the message, one line with the quarantined attachment, and the alternate recipients line). I checked release in the top two lines and checked the alternate recipients thingy and punched in my e-Mail address. Is there any logging done by mailwatch webui?

And just to be sure: I'm not talking about releasing SPAM-Mails but mails that are really quarantined because of their attachment filename.
Last edited by Dark-Sider on 17 Mar 2016 18:20, edited 1 time in total.
Dark-Sider
Posts: 11
Joined: 14 Mar 2016 11:37

Re: Release Quarantined Attachments

Post by Dark-Sider »

To follow up on this:

I now created some rules for the filenames checking. From: 127.0.0.1 is not scanned and FromOrTo: default points to the original filname.rules.conf.
I wonder how updates to EFA will preserve (or not) those changes...
Dark-Sider
Posts: 11
Joined: 14 Mar 2016 11:37

Re: Release Quarantined Attachments

Post by Dark-Sider »

Hello again,

one last problem remains unsolved. I can't use the $token identifier within
- inline.warning.html
- inline.warning.txt
- stored.filename.message.txt

I again did some digging and might have found that all report templates where $token is used are generated by a custom function which was added by EFA as a MailScanner Custoum perl-module.

The easiest workaround for this might be to just edit the release_mail.cgi script and add a site-wide static token that is not pulled from the SQL-DB. Malicious and experience users could exploit this, but then again one could just add that if that specific static token is used, the mail is not registered as ham.... EDIT: I did not found anything that releasing the mail actually re-learns SA.

I can hack this myself but I would love to see some official support for this.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Release Quarantined Attachments

Post by shawniverson »

Thanks for the posts! Let me ponder your thoughts and get back with you shortly :dance:
Dark-Sider
Posts: 11
Joined: 14 Mar 2016 11:37

Re: Release Quarantined Attachments

Post by Dark-Sider »

Thanks, if anything is not clear please ask :-) - My posts were some sort of brain dump while digging thtrough efa/mailscanner files
Post Reply