Last night I had loads of email sent to the archive with a status of Other. This by far consisted on email that would normally get delivered. I noticed that the Inbound Mail Queue went very high during the evening with over 100 entries in there at one point. So some questions:
How can I stop these perfectly good emails being marked as Other?
What does "Other" mean?
Is there any way to release all of these in one go without having to go to each one in turn?
Archived mail with status of Other
Re: Archived mail with status of Other
Additional information. I am seeing a lot of this in the mail log at the time it was busy:
Mar 13 20:53:47 efa MailScanner[30341]: New Batch: Found 24 messages waiting
Mar 13 20:53:47 efa MailScanner[30341]: New Batch: Scanning 1 messages, 1409 bytes
Mar 13 20:53:47 efa MailScanner[30341]: Virus and Content Scanning: Starting
Mar 13 20:53:47 efa MailScanner[30341]: Clamd::INFECTED::Sanesecurity.Spam.10995.UNOFFICIAL :: ./A89931005A2.AE213/
Mar 13 20:53:47 efa MailScanner[30341]: Found spam-virus Sanesecurity.Spam.10995.UNOFFICIAL in A89931005A2.AE213
Mar 13 20:53:47 efa MailScanner[30341]: Clamd::INFECTED::Sanesecurity.Spam.10995.UNOFFICIAL :: ./78C221008B6.AA2C6/
Mar 13 20:53:47 efa MailScanner[30341]: Found spam-virus Sanesecurity.Spam.10995.UNOFFICIAL in 78C221008B6.AA2C6
Mar 13 20:53:47 efa MailScanner[30341]: Clamd::INFECTED::Sanesecurity.Spam.10995.UNOFFICIAL :: ./341B5100599.ACDAC/
Mar 13 20:53:47 efa MailScanner[30341]: Found spam-virus Sanesecurity.Spam.10995.UNOFFICIAL in 341B5100599.ACDAC
Mar 13 20:53:47 efa MailScanner[30341]: Clamd::INFECTED::Sanesecurity.Spam.10995.UNOFFICIAL :: ./0EE7B10059C.A02A4/
Mar 13 20:53:47 efa MailScanner[30341]: Found spam-virus Sanesecurity.Spam.10995.UNOFFICIAL in 0EE7B10059C.A02A4
Mar 13 20:53:47 efa postfix/postsuper[30410]: A89931005A2: removed
Mar 13 20:53:47 efa postfix/postsuper[30410]: Deleted: 1 message
Mar 13 20:53:47 efa MailScanner[30411]: MailScanner E-Mail Virus Scanner version 4.84.6 starting...
Mar 13 20:53:47 efa MailScanner[30411]: Reading configuration file /etc/MailScanner/MailScanner.conf
Mar 13 20:53:47 efa MailScanner[30411]: Reading configuration file /etc/MailScanner/conf.d/README
Mar 13 20:53:47 efa MailScanner[30411]: Read 875 hostnames from the phishing whitelist
Mar 13 20:53:47 efa MailScanner[30411]: Read 3347 hostnames from the phishing blacklists
Mar 13 20:53:47 efa MailScanner[30411]: Config: calling custom init function SQLBlacklist
Mar 13 20:53:47 efa MailScanner[30411]: Starting up SQL Blacklist
Mar 13 20:53:47 efa MailScanner[30411]: Read 24 blacklist entries
Mar 13 20:53:47 efa MailScanner[30411]: Config: calling custom init function MailWatchLogging
Mar 13 20:53:47 efa MailScanner[30411]: Started SQL Logging child
Mar 13 20:53:47 efa MailScanner[30411]: Config: calling custom init function SQLWhitelist
Mar 13 20:53:47 efa MailScanner[30411]: Starting up SQL Whitelist
Mar 13 20:53:47 efa MailScanner[30411]: Read 157 whitelist entries
Mar 13 20:53:47 efa MailScanner[30411]: Using SpamAssassin results cache
Mar 13 20:53:47 efa MailScanner[30411]: Connected to SpamAssassin cache database
Mar 13 20:53:47 efa MailScanner[30411]: Enabling SpamAssassin auto-whitelist functionality...
Mar 13 20:53:49 efa MailScanner[30202]: Warning: skipping message 89F79100540.AE211 as it has been attempted too many times
Mar 13 20:53:49 efa MailScanner[30202]: Quarantined message 89F79100540.AE211 as it caused MailScanner to crash several times
Mar 13 20:53:49 efa MailScanner[30202]: Saved entire message to /var/spool/MailScanner/quarantine/20140313/89F79100540.AE211
Mar 13 20:53:47 efa MailScanner[30341]: New Batch: Found 24 messages waiting
Mar 13 20:53:47 efa MailScanner[30341]: New Batch: Scanning 1 messages, 1409 bytes
Mar 13 20:53:47 efa MailScanner[30341]: Virus and Content Scanning: Starting
Mar 13 20:53:47 efa MailScanner[30341]: Clamd::INFECTED::Sanesecurity.Spam.10995.UNOFFICIAL :: ./A89931005A2.AE213/
Mar 13 20:53:47 efa MailScanner[30341]: Found spam-virus Sanesecurity.Spam.10995.UNOFFICIAL in A89931005A2.AE213
Mar 13 20:53:47 efa MailScanner[30341]: Clamd::INFECTED::Sanesecurity.Spam.10995.UNOFFICIAL :: ./78C221008B6.AA2C6/
Mar 13 20:53:47 efa MailScanner[30341]: Found spam-virus Sanesecurity.Spam.10995.UNOFFICIAL in 78C221008B6.AA2C6
Mar 13 20:53:47 efa MailScanner[30341]: Clamd::INFECTED::Sanesecurity.Spam.10995.UNOFFICIAL :: ./341B5100599.ACDAC/
Mar 13 20:53:47 efa MailScanner[30341]: Found spam-virus Sanesecurity.Spam.10995.UNOFFICIAL in 341B5100599.ACDAC
Mar 13 20:53:47 efa MailScanner[30341]: Clamd::INFECTED::Sanesecurity.Spam.10995.UNOFFICIAL :: ./0EE7B10059C.A02A4/
Mar 13 20:53:47 efa MailScanner[30341]: Found spam-virus Sanesecurity.Spam.10995.UNOFFICIAL in 0EE7B10059C.A02A4
Mar 13 20:53:47 efa postfix/postsuper[30410]: A89931005A2: removed
Mar 13 20:53:47 efa postfix/postsuper[30410]: Deleted: 1 message
Mar 13 20:53:47 efa MailScanner[30411]: MailScanner E-Mail Virus Scanner version 4.84.6 starting...
Mar 13 20:53:47 efa MailScanner[30411]: Reading configuration file /etc/MailScanner/MailScanner.conf
Mar 13 20:53:47 efa MailScanner[30411]: Reading configuration file /etc/MailScanner/conf.d/README
Mar 13 20:53:47 efa MailScanner[30411]: Read 875 hostnames from the phishing whitelist
Mar 13 20:53:47 efa MailScanner[30411]: Read 3347 hostnames from the phishing blacklists
Mar 13 20:53:47 efa MailScanner[30411]: Config: calling custom init function SQLBlacklist
Mar 13 20:53:47 efa MailScanner[30411]: Starting up SQL Blacklist
Mar 13 20:53:47 efa MailScanner[30411]: Read 24 blacklist entries
Mar 13 20:53:47 efa MailScanner[30411]: Config: calling custom init function MailWatchLogging
Mar 13 20:53:47 efa MailScanner[30411]: Started SQL Logging child
Mar 13 20:53:47 efa MailScanner[30411]: Config: calling custom init function SQLWhitelist
Mar 13 20:53:47 efa MailScanner[30411]: Starting up SQL Whitelist
Mar 13 20:53:47 efa MailScanner[30411]: Read 157 whitelist entries
Mar 13 20:53:47 efa MailScanner[30411]: Using SpamAssassin results cache
Mar 13 20:53:47 efa MailScanner[30411]: Connected to SpamAssassin cache database
Mar 13 20:53:47 efa MailScanner[30411]: Enabling SpamAssassin auto-whitelist functionality...
Mar 13 20:53:49 efa MailScanner[30202]: Warning: skipping message 89F79100540.AE211 as it has been attempted too many times
Mar 13 20:53:49 efa MailScanner[30202]: Quarantined message 89F79100540.AE211 as it caused MailScanner to crash several times
Mar 13 20:53:49 efa MailScanner[30202]: Saved entire message to /var/spool/MailScanner/quarantine/20140313/89F79100540.AE211
Re: Archived mail with status of Other
Other actually means that MailWatch does not know the status.
So mostly this is because something is going wrong.
Do the spamassassin and mailscanner lint tests (webinterface -> tools) show any errors?
Also check if you are running the latest version (EFA-Update -check command when logged in with SSH)
If the lint tests both are fine I guess it is best to enable debugging:
(set the option Debug = yes in /etc/MailScanner/MailScanner.conf and restart mailscanner)
So mostly this is because something is going wrong.
Do the spamassassin and mailscanner lint tests (webinterface -> tools) show any errors?
Also check if you are running the latest version (EFA-Update -check command when logged in with SSH)
If the lint tests both are fine I guess it is best to enable debugging:
(set the option Debug = yes in /etc/MailScanner/MailScanner.conf and restart mailscanner)
Version eFa 4.x now available!
Re: Archived mail with status of Other
I did what you suggested and we have no errors. We are on the latest version.
It has not played up again since so I suggest we leave it and do the debug if it reoccurs.
Thanks for your help.
It has not played up again since so I suggest we leave it and do the debug if it reoccurs.
Thanks for your help.
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Archived mail with status of Other
It is important to monitor the performance of your system under high load.
Also, a good rule of thumb is to have no more than 1-2 MailScanner children per processor. Too many MailScanner threads spawning will overload the system and things will start crashing.
Also, a good rule of thumb is to have no more than 1-2 MailScanner children per processor. Too many MailScanner threads spawning will overload the system and things will start crashing.
Re: Archived mail with status of Other
Hello,
is there a possibility by now to release such mails with status other? We also had some of these and for the future I would like to know how I can access/release these mails.
Thanks.
BR,
dwmp
is there a possibility by now to release such mails with status other? We also had some of these and for the future I would like to know how I can access/release these mails.
Thanks.
BR,
dwmp
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Archived mail with status of Other
Depends on whether mailscanner quarantined them. Do you have a sample report?
Re: Archived mail with status of Other
Thanks for your answer.
It says "MailScanner: Message contained password-protected archive" (that was one reason why it got quarantined - in the meantime I changed settings to accept password-protected archives. But for the future I would like to know how to release mail with status "Other").
How do I find out whether it got quarantined or not? I see them in the list (Mailwatch) and I can see the header, details etc. The only difference to mails with status != other is, that I can NOT see the area seen in the attached screenshot.
What exactly do you mean with sample report? How can I create one?
It says "MailScanner: Message contained password-protected archive" (that was one reason why it got quarantined - in the meantime I changed settings to accept password-protected archives. But for the future I would like to know how to release mail with status "Other").
How do I find out whether it got quarantined or not? I see them in the list (Mailwatch) and I can see the header, details etc. The only difference to mails with status != other is, that I can NOT see the area seen in the attached screenshot.
What exactly do you mean with sample report? How can I create one?
- Attachments
-
- releaseMail.JPG (33.04 KiB) Viewed 5939 times
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Archived mail with status of Other
Yeah, that's the report...
MailScanner: Message contained password-protected archive
MailScanner: Message contained password-protected archive