Hey there,
I already did some digging in this forum and on the Mailscanner mailinglist. I already enabled, that attachments don't get deleted but are moved to quarantine. My users get the typical warning and I receive their requests to retreive the attachments out of quarantine.
Several attachments are double-extension or contain blocked extensions. While blocking those attachments seems good, I want my users to be able to retreive those attachments on their onwn, like clicking the link in the spam-notification to release a Spam-Mail.
However I can't get this to work. I first went to the the WEB-UI and opend an item with blocked attachments, and checked the release-checkbox and clicked the button. However the e-mail never was released and I also didn't receive any error messages.
My second step would have been to edit the mailscanner template and include a token link for the user release the mail.
Is this possible at all? Why is the mail not released upon clicking the release button?
My EFA Version should 3.0.0.7 or 3.0.0.8 don't know this exactly at the time.
regards,
Fabian
Release Quarantined Attachments
Re: Release Quarantined Attachments
Hi,
Did you tried "Alternate Recipient(s):"? Just a workaround ...
About the posibility to release a mail with a click on a link you should find a couple of threads in this forums.
https://www.google.de/search?q=site:htt ... nk+in+mail
shows the version.cat /etc/EFA-Version
Did you tried "Alternate Recipient(s):"? Just a workaround ...
About the posibility to release a mail with a click on a link you should find a couple of threads in this forums.
https://www.google.de/search?q=site:htt ... nk+in+mail
-
- Posts: 11
- Joined: 14 Mar 2016 11:37
Re: Release Quarantined Attachments
Hi,
regards,
Fabian
I'm running EFA version 3.0.0.8 (which should be recent). I just tried alternate recipients and it also did "nothing". After clicking the button I get a follow up page, at the very bottom there is a green "N" next to "Errors" so I guess no error was thrown, the message field also stays empty. Bute I never receive the released e-Mail. Is releasing quarantined mail even supposed to work?DaN wrote:shows the version.cat /etc/EFA-Version
Did you tried "Alternate Recipient(s):"? Just a workaround ...
About the posibility to release a mail with a click on a link you should find a couple of threads in this forums.
regards,
Fabian
Re: Release Quarantined Attachments
I've made two checkmarks (Release, Alternative Recipients), wrote my mail adress (Alternate Recipient(s)) and click "submit".
This works. Don't forget the "release" checkmark.
This works. Don't forget the "release" checkmark.
-
- Posts: 11
- Joined: 14 Mar 2016 11:37
Re: Release Quarantined Attachments
Hi,
I compard the contents of a quarantined "message" file with a spam "message" file - they looked identical, so I temporarily disabled the check for rfc822 stuff. This works - sort of. The mail is sent by postmaster to the recipient and is correctly flagged as W/L however the last column also lists bad content and the attachet is again removed... Where is the option that mailscanner does not check whitelisted senders for bad attachments?
Original Message.
Yes I did the same thing. However I have three lines (one line with the message, one line with the quarantined attachment, and the alternate recipients line). I checked release in the top two lines and checked the alternate recipients thingy and punched in my e-Mail address. Is there any logging done by mailwatch webui?
And just to be sure: I'm not talking about releasing SPAM-Mails but mails that are really quarantined because of their attachment filename.
EDIT: So I debugged mailwatch. It comes down to the functions.php file where the quarantine_release function is located. There are two ways a mail can be released: via sendmail or via php. My config apparently uses sendmail. However if sendmail is used, the mail has to be stored in the message/rfc822 format. This is true for my spam mails. However the quarantined mails have a different format ("text/x-mail; charset=us-ascii"). (Although I set quarantine whole message = yes in the MailScanner.conf). I also tried the store as queue-file option, this does change the type string to "application/octet-stream; charset=binary" which is still wrong.... Edit: After some googling: http://lists.mailscanner.info/pipermail ... 97535.htmlDaN wrote:I've made two checkmarks (Release, Alternative Recipients), wrote my mail adress (Alternate Recipient(s)) and click "submit".
This works. Don't forget the "release" checkmark.
I compard the contents of a quarantined "message" file with a spam "message" file - they looked identical, so I temporarily disabled the check for rfc822 stuff. This works - sort of. The mail is sent by postmaster to the recipient and is correctly flagged as W/L however the last column also lists bad content and the attachet is again removed... Where is the option that mailscanner does not check whitelisted senders for bad attachments?
Original Message.
Yes I did the same thing. However I have three lines (one line with the message, one line with the quarantined attachment, and the alternate recipients line). I checked release in the top two lines and checked the alternate recipients thingy and punched in my e-Mail address. Is there any logging done by mailwatch webui?
And just to be sure: I'm not talking about releasing SPAM-Mails but mails that are really quarantined because of their attachment filename.
Last edited by Dark-Sider on 17 Mar 2016 18:20, edited 1 time in total.
-
- Posts: 11
- Joined: 14 Mar 2016 11:37
Re: Release Quarantined Attachments
To follow up on this:
I now created some rules for the filenames checking. From: 127.0.0.1 is not scanned and FromOrTo: default points to the original filname.rules.conf.
I wonder how updates to EFA will preserve (or not) those changes...
I now created some rules for the filenames checking. From: 127.0.0.1 is not scanned and FromOrTo: default points to the original filname.rules.conf.
I wonder how updates to EFA will preserve (or not) those changes...
-
- Posts: 11
- Joined: 14 Mar 2016 11:37
Re: Release Quarantined Attachments
Hello again,
one last problem remains unsolved. I can't use the $token identifier within
- inline.warning.html
- inline.warning.txt
- stored.filename.message.txt
I again did some digging and might have found that all report templates where $token is used are generated by a custom function which was added by EFA as a MailScanner Custoum perl-module.
The easiest workaround for this might be to just edit the release_mail.cgi script and add a site-wide static token that is not pulled from the SQL-DB. Malicious and experience users could exploit this, but then again one could just add that if that specific static token is used, the mail is not registered as ham.... EDIT: I did not found anything that releasing the mail actually re-learns SA.
I can hack this myself but I would love to see some official support for this.
one last problem remains unsolved. I can't use the $token identifier within
- inline.warning.html
- inline.warning.txt
- stored.filename.message.txt
I again did some digging and might have found that all report templates where $token is used are generated by a custom function which was added by EFA as a MailScanner Custoum perl-module.
The easiest workaround for this might be to just edit the release_mail.cgi script and add a site-wide static token that is not pulled from the SQL-DB. Malicious and experience users could exploit this, but then again one could just add that if that specific static token is used, the mail is not registered as ham.... EDIT: I did not found anything that releasing the mail actually re-learns SA.
I can hack this myself but I would love to see some official support for this.
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Release Quarantined Attachments
Thanks for the posts! Let me ponder your thoughts and get back with you shortly
-
- Posts: 11
- Joined: 14 Mar 2016 11:37
Re: Release Quarantined Attachments
Thanks, if anything is not clear please ask - My posts were some sort of brain dump while digging thtrough efa/mailscanner files