Page 1 of 2
Unable to release some blocked messages
Posted: 08 Feb 2017 09:50
by gosha
Hi
Messages blocked as a "bad content" can't be released. Seems they are not stored. Where to find these settings? Would be great to notify user about blocked message by a content and store it. Please help.
Re: Unable to release some blocked messages
Posted: 10 Feb 2017 20:33
by danield@racmtg.com
I noticed this today as well. I went to the sever and enabled to virus setting to actually deliver the cleaned message and it froze up my mailscanner queue. I have 230 unrecoveralble/deliverable emails stuck in queue. Be careful with this setting!! Backup first or take snapshot if on Hyper-V.
Re: Unable to release some blocked messages
Posted: 12 Apr 2017 13:15
by dwmp
Hi,
I also have the problem, that I cannot release mails with status "Bad content". As far as I remember that was possible, since I activated the options "Quarantine Infections = yes" and "Quarantine Silent Viruses = yes"
When I release the mail in MailWatch, nothing happens, also there is no entry for this release in the overview (should be postmaster@... delivers mail to <recipient>...)
Also we would like to notify users about blocked mails with status "Bad content". Notifications for "normal" spam mails are sent to the users, but not for mails with status "Bad content".
I would really appreciate your help.
Thanks!
dwmp
Re: Unable to release some blocked messages
Posted: 05 May 2017 16:37
by volodya123
dwmp wrote: ↑12 Apr 2017 13:15
Hi,
I also have the problem, that I cannot release mails with status "Bad content". As far as I remember that was possible, since I activated the options "Quarantine Infections = yes" and "Quarantine Silent Viruses = yes"
...
I have the same problem, some messages were blocked for reason:
Code: Select all
Report: MailScanner: Attempt to hide real filename extension (.txt.sgn.enc)
and I can't release the messages, because they don't move to Quarantine
Code: Select all
Spam Learn Results
069D9C0054.A34B2 release Error: Message not found in quarantine
8424AC0054.A0EA8 release Error: Message not found in quarantine
DF479C0054.A17C8 release Error: Message not found in quarantine
How can I set this options to move blocked messages to Quarantine and have the ability to release some of like this messages?
Thanks in advance!
Re: Unable to release some blocked messages
Posted: 13 May 2017 14:38
by shawniverson
Bad Content is hard to handle, mainly because in MailScanner it is an all or nothing setting. It may be possible to use "rename" instead of "allow" or "deny" for certain rules.
I wonder if this setting would have an effect?
Code: Select all
Keep Spam And MCP Archive Clean = no
Re: Unable to release some blocked messages
Posted: 15 May 2017 12:27
by stusmith
I've seen the same, but there was a setting I changed that made that happen. As for the blocked content, I discovered that Adobe Acrobat under Windows 10 does an unexpected thing in terms of naming PDF files that you
Create PDF From Document. It uses the full old filename, such as
word-document.docx in the name of the new file, resulting in
word-document.docx.pdf.
I have been explaining to my users that they need to rename these files before sending them, but it seems this glitch is also affecting some automated systems; we get invoices from other companies that are blocked because of this bug. As a result, I've had to add
/etc/MailScanner/filtename.rules.conf
Code: Select all
allow \.doc\.pdf - -
allow \.docx\.pdf - -
I thought there was a setting
Allow Domain Administrators to View Dangerous Content that would allow the release of blocked files, but you also have to make sure that the Bad Content rules use the Store instead of Delete Action. I'm drawing a blank on where those settings are right now, but I'll look.
Re: Unable to release some blocked messages
Posted: 15 May 2017 12:57
by pdwalker
Good suggestion.
Re: Unable to release some blocked messages
Posted: 26 May 2017 07:09
by dwmp
The case "Attempt to hide real filename extension" is only one example here. The main problem is, that mails with (probably) bad content are not moved to quarantine and thusly cannot be released. The settings "Quarantine Infections = yes" and "Quarantine Silent Viruses = yes" are ignored here.
So the question is, how can we release mails with bad content?
Thanks!
Re: Unable to release some blocked messages
Posted: 27 May 2017 08:41
by pdwalker
Actually, that's a good question.
Short answer, I don't know.
Longer answer, I need to work that out myself. If I get some time in the coming week, I'll see if I can work it out.
(It's one of those things I've been putting off until I got around to it.)
Re: Unable to release some blocked messages
Posted: 29 May 2017 05:50
by dwmp
Alright, thank you!
Re: Unable to release some blocked messages
Posted: 28 Jun 2017 06:30
by hossmann
Hi,
any updates in this case? Sorry, but iam looking for a solution.
Thanks.
Re: Unable to release some blocked messages
Posted: 30 Jun 2017 03:37
by pdwalker
no update. it's been a mad month.
I'm testing it now.
Re: Unable to release some blocked messages
Posted: 30 Jun 2017 04:17
by pdwalker
Ok, here was the test I did:
1/ added the following to /etc/MailScanner/filename.rules.conf and restarted mailscanner
Code: Select all
# testing purposes only
deny \.stop\.me test extension test extension that efa
2/ send myself a message with the a text file called "somebody.stop.me" attached
as expected, the message was blocked with a status of "bad contact", and my admin account received a message to my inbox notifying me of the blocked message to check
3/ next I went into "Search and Reports, Message Operations" and clicked on the checkbox in the "R" column (for release) and then hit the learn button.
The message was then successfully delivered to my inbox.
So, it does appear to work for blocked content, at least with the settings I have. If you notice, my "postmaster@*" account is whitelisted so the system won't reject the message
- somebody.stop.me1.png (19.76 KiB) Viewed 22520 times
I'll next have to test it with a "virus" infected message, and for a message stopped with the MCP.
Re: Unable to release some blocked messages
Posted: 01 Jul 2017 20:24
by shawniverson
Very good feedback, thanks pdwalker.
So you can release blocked content attached to messages?
Re: Unable to release some blocked messages
Posted: 04 Jul 2017 16:55
by pdwalker
In my case, yes. You can see the released message from postmaster in the above picture. It came through, attachment and all.
That reminds me, I need to finish the test cases.
Re: Unable to release some blocked messages
Posted: 22 Nov 2017 14:36
by mreinder
UPDATE Found the problem why the message is not delivered.
Exchange en Domino check the message id, and the warning email is the same message id as the release email. Exchange and Domino refuse te send this email again. The release of normal spam mail is different because they get a spam message from efa instead of the original email.
Tried the same but it wont work for me.
It says released but I never receive the email.
See the below maillog part. Strange thing it says the mail is delivered?
Nov 22 15:32:26 efa postfix/smtp[25883]: DDE1E100054: to=<
marxxxxxx@xxxxx.nl>, relay=10.1.1.48[10.1.1.48]:25, delay=2.3, delays=2.2/0/0.01/0.11, dsn=2.6.0, status=sent (250 2.6.0 <
WC20171122142818.74001F@xxxxx.nl> [InternalId=841813590064, Hostname=Exchange.Paswerk.ad] 4443 bytes in 0.104, 41,643 KB/sec Queued mail for delivery)
Nov 22 15:32:26 efa postfix/qmgr[17541]: DDE1E100054: removed
Re: Unable to release some blocked messages
Posted: 02 Feb 2018 10:10
by EFAai
pdwalker wrote: ↑30 Jun 2017 04:17
Ok, here was the test I did:
1/ added the following to /etc/MailScanner/filename.rules.conf and restarted mailscanner
Code: Select all
# testing purposes only
deny \.stop\.me test extension test extension that efa
2/ send myself a message with the a text file called "somebody.stop.me" attached
as expected, the message was blocked with a status of "bad contact", and my admin account received a message to my inbox notifying me of the blocked message to check
3/ next I went into "Search and Reports, Message Operations" and clicked on the checkbox in the "R" column (for release) and then hit the learn button.
The message was then successfully delivered to my inbox.
So, it does appear to work for blocked content, at least with the settings I have. If you notice, my "postmaster@*" account is whitelisted so the system won't reject the message
somebody.stop.me1.png
I'll next have to test it with a "virus" infected message, and for a message stopped with the MCP.
I'm trying to follow your method of releasing blocked content, but no matter what I try, I don't get the messages with blocked content in the list of Message Operations. My EFA appliance is on version 3.27. Do I need extra settings in the MailScanner.conf to achieve this?
Re: Unable to release some blocked messages
Posted: 03 Feb 2018 07:35
by pdwalker
Possibly.
What message slows up in your /etc/log/mailllog when you try to release the message? Does anything show up inside your efa message listing after you release the message?
Re: Unable to release some blocked messages
Posted: 05 Feb 2018 12:40
by EFAai
I'm unable to release the message, because it's not listed in the SEARCH AND REPORTS/Message Operations list. Further more I can't release the message from RECENT MESSAGES, because there is no release option.
Is there a way to search for messages with Bad Content?
Re: Unable to release some blocked messages
Posted: 05 Feb 2018 15:23
by henk
Releasing blocked Bad Content (MailScanner: Attempt to hide real filename extension (xxxxxxxx.docx.pdf)
As admin I can release these messages without any problem, without any additional /etc/MailScanner/filename.rules.conf
See spam actions
- Message Listing.png (24.78 KiB) Viewed 20868 times
My partial /etc/MailScanner/conf.d/01_MailScanner.conf
Code: Select all
Virus Scanners = clamd sophos
Quarantine Infections = yes
#Sign Clean Messages = Yes
Deliver Cleaned Messages = yes
Notify Senders Of Blocked Filenames Or Filetypes = no
Notify Senders Of Other Blocked Content = no
Disarmed Modify Subject = start
Phishing Modify Subject = start
Send Notices = yes
Notices From = MailScanner
Spam List = SPAMHAUS SPAMCOP
Non Spam Actions = store deliver header "X-Spam-Status:No" custom(nonspam)
Spam Actions = store header "X-Spam-Status:Yes" custom(spam)
High Scoring Spam Actions = store
My partial /var/www/html/mailscanner/conf.php
Code: Select all
// Hide High Spam and high mcp from regular users.
// Prevent regular users from seeing high spam and high mcp.
define('HIDE_HIGH_SPAM', false);
// Hide Non Spam from quarantine reports
define('HIDE_NON_SPAM', true);
// Hide Unknown Mail from quarantine reports
define('HIDE_UNKNOWN', true);
// Quarantine Auto Release
// Set true to allow auto release of quarantined items from quarantine report.
define('AUTO_RELEASE', false);
// Give Domain Admins ability to release dangerous content, like viruses
define('DOMAINADMIN_CAN_RELEASE_DANGEROUS_CONTENTS', false);
define('DOMAINADMIN_CAN_SEE_DANGEROUS_CONTENTS', false);
Re: Unable to release some blocked messages
Posted: 05 Feb 2018 16:26
by EFAai
Hi Henk,
Thanks ever so much for your quick and spot-on reply. Your settings resulted, as expected, into the message with the blocked content in the list "Message Operations", and also with the option to be released.
Great work!
Re: Unable to release some blocked messages
Posted: 05 Feb 2018 20:27
by EFAai
OK, I applauded a little too soon. On my testing environment, released mail is delivered to a Dovecot IMAP server without a problem. With my Exchange server the released message is never delivered to the user. I think it is related to the conclusion as described by mreinder.
mreinder wrote: ↑22 Nov 2017 14:36
UPDATE Found the problem why the message is not delivered.
Exchange en Domino check the message id, and the warning email is the same message id as the release email. Exchange and Domino refuse te send this email again. The release of normal spam mail is different because they get a spam message from efa instead of the original email.
Is there a solution or workaround?
Re: Unable to release some blocked messages
Posted: 09 Apr 2018 21:25
by henk
EFAai, just found this topic:
viewtopic.php?p=4308
Re: Unable to release some blocked messages
Posted: 18 Jun 2018 22:14
by MrBob
I am running into this issue now. would someone help me how to release it please? when i go to Message Operations and release that bad content email,
i get "Message not found in quarantine". Thank you so much.
Re: Unable to release some blocked messages
Posted: 18 Jun 2018 23:04
by henk
Hi Bob
Just look at MailScanner.conf as mentioned in the comments above, aka do you store the bad content mail or not (move to Quarantine)
remember to restart mailscanner
And read EFAai's comment as he did mention some additional issues when using Exchange.