Unable to release some blocked messages
Unable to release some blocked messages
Hi
Messages blocked as a "bad content" can't be released. Seems they are not stored. Where to find these settings? Would be great to notify user about blocked message by a content and store it. Please help.
Messages blocked as a "bad content" can't be released. Seems they are not stored. Where to find these settings? Would be great to notify user about blocked message by a content and store it. Please help.
-
- Posts: 5
- Joined: 10 Jan 2017 17:52
Re: Unable to release some blocked messages
I noticed this today as well. I went to the sever and enabled to virus setting to actually deliver the cleaned message and it froze up my mailscanner queue. I have 230 unrecoveralble/deliverable emails stuck in queue. Be careful with this setting!! Backup first or take snapshot if on Hyper-V.
Re: Unable to release some blocked messages
Hi,
I also have the problem, that I cannot release mails with status "Bad content". As far as I remember that was possible, since I activated the options "Quarantine Infections = yes" and "Quarantine Silent Viruses = yes"
When I release the mail in MailWatch, nothing happens, also there is no entry for this release in the overview (should be postmaster@... delivers mail to <recipient>...)
Also we would like to notify users about blocked mails with status "Bad content". Notifications for "normal" spam mails are sent to the users, but not for mails with status "Bad content".
I would really appreciate your help.
Thanks!
dwmp
I also have the problem, that I cannot release mails with status "Bad content". As far as I remember that was possible, since I activated the options "Quarantine Infections = yes" and "Quarantine Silent Viruses = yes"
When I release the mail in MailWatch, nothing happens, also there is no entry for this release in the overview (should be postmaster@... delivers mail to <recipient>...)
Also we would like to notify users about blocked mails with status "Bad content". Notifications for "normal" spam mails are sent to the users, but not for mails with status "Bad content".
I would really appreciate your help.
Thanks!
dwmp
-
- Posts: 6
- Joined: 04 Mar 2017 20:43
- Location: Moscow, Russia
Re: Unable to release some blocked messages
I have the same problem, some messages were blocked for reason:
Code: Select all
Report: MailScanner: Attempt to hide real filename extension (.txt.sgn.enc)
Code: Select all
Spam Learn Results
069D9C0054.A34B2 release Error: Message not found in quarantine
8424AC0054.A0EA8 release Error: Message not found in quarantine
DF479C0054.A17C8 release Error: Message not found in quarantine
Thanks in advance!
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Unable to release some blocked messages
Bad Content is hard to handle, mainly because in MailScanner it is an all or nothing setting. It may be possible to use "rename" instead of "allow" or "deny" for certain rules.
I wonder if this setting would have an effect?
I wonder if this setting would have an effect?
Code: Select all
Keep Spam And MCP Archive Clean = no
Re: Unable to release some blocked messages
I've seen the same, but there was a setting I changed that made that happen. As for the blocked content, I discovered that Adobe Acrobat under Windows 10 does an unexpected thing in terms of naming PDF files that you Create PDF From Document. It uses the full old filename, such as word-document.docx in the name of the new file, resulting in word-document.docx.pdf.
I have been explaining to my users that they need to rename these files before sending them, but it seems this glitch is also affecting some automated systems; we get invoices from other companies that are blocked because of this bug. As a result, I've had to add
/etc/MailScanner/filtename.rules.conf
I thought there was a setting Allow Domain Administrators to View Dangerous Content that would allow the release of blocked files, but you also have to make sure that the Bad Content rules use the Store instead of Delete Action. I'm drawing a blank on where those settings are right now, but I'll look.
I have been explaining to my users that they need to rename these files before sending them, but it seems this glitch is also affecting some automated systems; we get invoices from other companies that are blocked because of this bug. As a result, I've had to add
/etc/MailScanner/filtename.rules.conf
Code: Select all
allow \.doc\.pdf - -
allow \.docx\.pdf - -
Re: Unable to release some blocked messages
Good suggestion.
Re: Unable to release some blocked messages
The case "Attempt to hide real filename extension" is only one example here. The main problem is, that mails with (probably) bad content are not moved to quarantine and thusly cannot be released. The settings "Quarantine Infections = yes" and "Quarantine Silent Viruses = yes" are ignored here.
So the question is, how can we release mails with bad content?
Thanks!
So the question is, how can we release mails with bad content?
Thanks!
Re: Unable to release some blocked messages
Actually, that's a good question.
Short answer, I don't know.
Longer answer, I need to work that out myself. If I get some time in the coming week, I'll see if I can work it out.
(It's one of those things I've been putting off until I got around to it.)
Short answer, I don't know.
Longer answer, I need to work that out myself. If I get some time in the coming week, I'll see if I can work it out.
(It's one of those things I've been putting off until I got around to it.)
Re: Unable to release some blocked messages
Alright, thank you!
Re: Unable to release some blocked messages
Hi,
any updates in this case? Sorry, but iam looking for a solution.
Thanks.
any updates in this case? Sorry, but iam looking for a solution.
Thanks.
Re: Unable to release some blocked messages
no update. it's been a mad month.
I'm testing it now.
I'm testing it now.
Re: Unable to release some blocked messages
Ok, here was the test I did:
1/ added the following to /etc/MailScanner/filename.rules.conf and restarted mailscanner
2/ send myself a message with the a text file called "somebody.stop.me" attached
as expected, the message was blocked with a status of "bad contact", and my admin account received a message to my inbox notifying me of the blocked message to check
3/ next I went into "Search and Reports, Message Operations" and clicked on the checkbox in the "R" column (for release) and then hit the learn button.
The message was then successfully delivered to my inbox.
So, it does appear to work for blocked content, at least with the settings I have. If you notice, my "postmaster@*" account is whitelisted so the system won't reject the message
I'll next have to test it with a "virus" infected message, and for a message stopped with the MCP.
1/ added the following to /etc/MailScanner/filename.rules.conf and restarted mailscanner
Code: Select all
# testing purposes only
deny \.stop\.me test extension test extension that efa
as expected, the message was blocked with a status of "bad contact", and my admin account received a message to my inbox notifying me of the blocked message to check
3/ next I went into "Search and Reports, Message Operations" and clicked on the checkbox in the "R" column (for release) and then hit the learn button.
The message was then successfully delivered to my inbox.
So, it does appear to work for blocked content, at least with the settings I have. If you notice, my "postmaster@*" account is whitelisted so the system won't reject the message
I'll next have to test it with a "virus" infected message, and for a message stopped with the MCP.
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Unable to release some blocked messages
Very good feedback, thanks pdwalker.
So you can release blocked content attached to messages?
So you can release blocked content attached to messages?
Re: Unable to release some blocked messages
In my case, yes. You can see the released message from postmaster in the above picture. It came through, attachment and all.
That reminds me, I need to finish the test cases.
That reminds me, I need to finish the test cases.
Re: Unable to release some blocked messages
UPDATE Found the problem why the message is not delivered.
Exchange en Domino check the message id, and the warning email is the same message id as the release email. Exchange and Domino refuse te send this email again. The release of normal spam mail is different because they get a spam message from efa instead of the original email.
Tried the same but it wont work for me.
It says released but I never receive the email.
See the below maillog part. Strange thing it says the mail is delivered?
Nov 22 15:32:26 efa postfix/smtp[25883]: DDE1E100054: to=<marxxxxxx@xxxxx.nl>, relay=10.1.1.48[10.1.1.48]:25, delay=2.3, delays=2.2/0/0.01/0.11, dsn=2.6.0, status=sent (250 2.6.0 <WC20171122142818.74001F@xxxxx.nl> [InternalId=841813590064, Hostname=Exchange.Paswerk.ad] 4443 bytes in 0.104, 41,643 KB/sec Queued mail for delivery)
Nov 22 15:32:26 efa postfix/qmgr[17541]: DDE1E100054: removed
Exchange en Domino check the message id, and the warning email is the same message id as the release email. Exchange and Domino refuse te send this email again. The release of normal spam mail is different because they get a spam message from efa instead of the original email.
Tried the same but it wont work for me.
It says released but I never receive the email.
See the below maillog part. Strange thing it says the mail is delivered?
Nov 22 15:32:26 efa postfix/smtp[25883]: DDE1E100054: to=<marxxxxxx@xxxxx.nl>, relay=10.1.1.48[10.1.1.48]:25, delay=2.3, delays=2.2/0/0.01/0.11, dsn=2.6.0, status=sent (250 2.6.0 <WC20171122142818.74001F@xxxxx.nl> [InternalId=841813590064, Hostname=Exchange.Paswerk.ad] 4443 bytes in 0.104, 41,643 KB/sec Queued mail for delivery)
Nov 22 15:32:26 efa postfix/qmgr[17541]: DDE1E100054: removed
- Attachments
-
- 2017_11_22_15_32_37_MailWatch_for_MailScanner_Recent_Messages.png (11.88 KiB) Viewed 21570 times
Re: Unable to release some blocked messages
I'm trying to follow your method of releasing blocked content, but no matter what I try, I don't get the messages with blocked content in the list of Message Operations. My EFA appliance is on version 3.27. Do I need extra settings in the MailScanner.conf to achieve this?pdwalker wrote: ↑30 Jun 2017 04:17 Ok, here was the test I did:
1/ added the following to /etc/MailScanner/filename.rules.conf and restarted mailscanner2/ send myself a message with the a text file called "somebody.stop.me" attachedCode: Select all
# testing purposes only deny \.stop\.me test extension test extension that efa
as expected, the message was blocked with a status of "bad contact", and my admin account received a message to my inbox notifying me of the blocked message to check
3/ next I went into "Search and Reports, Message Operations" and clicked on the checkbox in the "R" column (for release) and then hit the learn button.
The message was then successfully delivered to my inbox.
So, it does appear to work for blocked content, at least with the settings I have. If you notice, my "postmaster@*" account is whitelisted so the system won't reject the message
somebody.stop.me1.png
I'll next have to test it with a "virus" infected message, and for a message stopped with the MCP.
Re: Unable to release some blocked messages
Possibly.
What message slows up in your /etc/log/mailllog when you try to release the message? Does anything show up inside your efa message listing after you release the message?
What message slows up in your /etc/log/mailllog when you try to release the message? Does anything show up inside your efa message listing after you release the message?
Re: Unable to release some blocked messages
I'm unable to release the message, because it's not listed in the SEARCH AND REPORTS/Message Operations list. Further more I can't release the message from RECENT MESSAGES, because there is no release option.
Is there a way to search for messages with Bad Content?
Is there a way to search for messages with Bad Content?
Re: Unable to release some blocked messages
Releasing blocked Bad Content (MailScanner: Attempt to hide real filename extension (xxxxxxxx.docx.pdf)
As admin I can release these messages without any problem, without any additional /etc/MailScanner/filename.rules.conf
See spam actions My partial /etc/MailScanner/conf.d/01_MailScanner.conf
My partial /var/www/html/mailscanner/conf.php
As admin I can release these messages without any problem, without any additional /etc/MailScanner/filename.rules.conf
See spam actions My partial /etc/MailScanner/conf.d/01_MailScanner.conf
Code: Select all
Virus Scanners = clamd sophos
Quarantine Infections = yes
#Sign Clean Messages = Yes
Deliver Cleaned Messages = yes
Notify Senders Of Blocked Filenames Or Filetypes = no
Notify Senders Of Other Blocked Content = no
Disarmed Modify Subject = start
Phishing Modify Subject = start
Send Notices = yes
Notices From = MailScanner
Spam List = SPAMHAUS SPAMCOP
Non Spam Actions = store deliver header "X-Spam-Status:No" custom(nonspam)
Spam Actions = store header "X-Spam-Status:Yes" custom(spam)
High Scoring Spam Actions = store
Code: Select all
// Hide High Spam and high mcp from regular users.
// Prevent regular users from seeing high spam and high mcp.
define('HIDE_HIGH_SPAM', false);
// Hide Non Spam from quarantine reports
define('HIDE_NON_SPAM', true);
// Hide Unknown Mail from quarantine reports
define('HIDE_UNKNOWN', true);
// Quarantine Auto Release
// Set true to allow auto release of quarantined items from quarantine report.
define('AUTO_RELEASE', false);
// Give Domain Admins ability to release dangerous content, like viruses
define('DOMAINADMIN_CAN_RELEASE_DANGEROUS_CONTENTS', false);
define('DOMAINADMIN_CAN_SEE_DANGEROUS_CONTENTS', false);
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Re: Unable to release some blocked messages
Hi Henk,
Thanks ever so much for your quick and spot-on reply. Your settings resulted, as expected, into the message with the blocked content in the list "Message Operations", and also with the option to be released.
Great work!
Thanks ever so much for your quick and spot-on reply. Your settings resulted, as expected, into the message with the blocked content in the list "Message Operations", and also with the option to be released.
Great work!
Re: Unable to release some blocked messages
OK, I applauded a little too soon. On my testing environment, released mail is delivered to a Dovecot IMAP server without a problem. With my Exchange server the released message is never delivered to the user. I think it is related to the conclusion as described by mreinder.
Is there a solution or workaround?mreinder wrote: ↑22 Nov 2017 14:36 UPDATE Found the problem why the message is not delivered.
Exchange en Domino check the message id, and the warning email is the same message id as the release email. Exchange and Domino refuse te send this email again. The release of normal spam mail is different because they get a spam message from efa instead of the original email.
Re: Unable to release some blocked messages
EFAai, just found this topic: viewtopic.php?p=4308
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Re: Unable to release some blocked messages
I am running into this issue now. would someone help me how to release it please? when i go to Message Operations and release that bad content email,
i get "Message not found in quarantine". Thank you so much.
i get "Message not found in quarantine". Thank you so much.
Re: Unable to release some blocked messages
Hi Bob
Just look at MailScanner.conf as mentioned in the comments above, aka do you store the bad content mail or not (move to Quarantine)
remember to restart mailscanner
And read EFAai's comment as he did mention some additional issues when using Exchange.
Just look at MailScanner.conf as mentioned in the comments above, aka do you store the bad content mail or not (move to Quarantine)
remember to restart mailscanner
And read EFAai's comment as he did mention some additional issues when using Exchange.
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams