efa-project.org

Hello,

today our EFA (Version 3.0.0.9) blocked some mails with status "Other" (reason were the password-protected archives as attachment). Since it was false positive, I wanted to release these mails manually but determined that this option is not available.
In that case here I allowed password-protected-archives in the MailScanner.conf.
But for the future I need to be able to release blocked mails with status "Other". Also I would like to block password-protected-archives again (and that is only possible if I can release mistakenly blocked mails manually)
I would really appreciate your help, thanks.

BR,
dwmp

Can someone help me here? Anyone an idea to release or handle these mails?

Sounds like mails with status "other" won't be stored. Did you read viewtopic.php?t=527?

Thanks for your answer!
I just read it now, but I think that problem is slightly different from mine. We did not have an unexpexted mount of mails which suddenly got the status "other". There were only some mails with password-protected zip files attached and just these got the status "other". All the other mails which got delivered in that time got handled correctly. Also our system is not even close to be overloaded.
Also after I allowed password-protected zip files in the MailScanner.conf the same mails have been sent again by the sender and were delivered correctly this time.

So one thing is to find out when and why mails get the status "other" but another - and for me more important - thing is how to deliver mails that get the status "other".
I don't know if these mails really did not get stored, but they looked like any other mail except for the status "other" and the fact that I cannot release them (there is just no check box/button).

Has someone an idea?

Relevant logs and mail reports on the mail with the status of "other" would be helpful to try to help you.

There's a reason why they are not in the quarantine, we just need to figure it out.

Thanks. I think the reason in my case was, that the messages had a password-protected attachment ("MailScanner: Message contained password-protected archive" - in the meantime I changed the setting to accept such attachments).
Is it a normal behaviour that such mails get the status "Other"?
Since it was some time ago, I think the logs are overwritten. I would have to wait for a new mail, which gets the status "other".
If a mail gets status "Other", is there a posibility to move them to quarantine to release it?

Depends on whether MailScanner is set to quarantine in those cases. For example, viruses typically are not quarantined (just stripped), therefore, those attachments cannot be released because they were never stored in the first place.

Thank you. So I assume that MailScanner is NOT set to quarantine by default, since I didn't change settings here. So the reason why some mails cannot be released is that they are not quarantined in the first place? Where and how can I change these settings, so that every incoming mail is being quarantined?

dwmp wrote:Where and how can I change these settings, so that every incoming mail is being quarantined?

Take a look at various settings in /etc/MailScanner/MailScanner.conf

i.e.

Thank you. I found

# Do you want to store copies of the infected attachments and messages?
# This can also be the filename of a ruleset.
Quarantine Infections = no

I will set that to yes and see if I can release also blocked mails then.

Okay, I did that (and activated also "Quarantine silent viruses") and now it is working - I can release such mails. Thank you very much!