How to release blocked mails with status "Other"

Questions and answers about how to do stuff
Post Reply
dwmp
Posts: 54
Joined: 05 Feb 2016 13:42

How to release blocked mails with status "Other"

Post by dwmp »

Hello,

today our EFA (Version 3.0.0.9) blocked some mails with status "Other" (reason were the password-protected archives as attachment). Since it was false positive, I wanted to release these mails manually but determined that this option is not available.
In that case here I allowed password-protected-archives in the MailScanner.conf.
But for the future I need to be able to release blocked mails with status "Other". Also I would like to block password-protected-archives again (and that is only possible if I can release mistakenly blocked mails manually)
I would really appreciate your help, thanks.

BR,
dwmp
dwmp
Posts: 54
Joined: 05 Feb 2016 13:42

Re: How to release blocked mails with status "Other"

Post by dwmp »

Can someone help me here? Anyone an idea to release or handle these mails?
DaN
Posts: 240
Joined: 19 Nov 2014 10:04
Location: Earth

Re: How to release blocked mails with status "Other"

Post by DaN »

Sounds like mails with status "other" won't be stored. Did you read viewtopic.php?t=527?
dwmp
Posts: 54
Joined: 05 Feb 2016 13:42

Re: How to release blocked mails with status "Other"

Post by dwmp »

Thanks for your answer!
I just read it now, but I think that problem is slightly different from mine. We did not have an unexpexted mount of mails which suddenly got the status "other". There were only some mails with password-protected zip files attached and just these got the status "other". All the other mails which got delivered in that time got handled correctly. Also our system is not even close to be overloaded.
Also after I allowed password-protected zip files in the MailScanner.conf the same mails have been sent again by the sender and were delivered correctly this time.

So one thing is to find out when and why mails get the status "other" but another - and for me more important - thing is how to deliver mails that get the status "other".
I don't know if these mails really did not get stored, but they looked like any other mail except for the status "other" and the fact that I cannot release them (there is just no check box/button).
dwmp
Posts: 54
Joined: 05 Feb 2016 13:42

Re: How to release blocked mails with status "Other"

Post by dwmp »

Has someone an idea?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: How to release blocked mails with status "Other"

Post by shawniverson »

Relevant logs and mail reports on the mail with the status of "other" would be helpful to try to help you.

There's a reason why they are not in the quarantine, we just need to figure it out.
dwmp
Posts: 54
Joined: 05 Feb 2016 13:42

Re: How to release blocked mails with status "Other"

Post by dwmp »

Thanks. I think the reason in my case was, that the messages had a password-protected attachment ("MailScanner: Message contained password-protected archive" - in the meantime I changed the setting to accept such attachments).
Is it a normal behaviour that such mails get the status "Other"?
Since it was some time ago, I think the logs are overwritten. I would have to wait for a new mail, which gets the status "other".
If a mail gets status "Other", is there a posibility to move them to quarantine to release it?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: How to release blocked mails with status "Other"

Post by shawniverson »

Depends on whether MailScanner is set to quarantine in those cases. For example, viruses typically are not quarantined (just stripped), therefore, those attachments cannot be released because they were never stored in the first place.
dwmp
Posts: 54
Joined: 05 Feb 2016 13:42

Re: How to release blocked mails with status "Other"

Post by dwmp »

Thank you. So I assume that MailScanner is NOT set to quarantine by default, since I didn't change settings here. So the reason why some mails cannot be released is that they are not quarantined in the first place? Where and how can I change these settings, so that every incoming mail is being quarantined?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: How to release blocked mails with status "Other"

Post by shawniverson »

dwmp wrote:Where and how can I change these settings, so that every incoming mail is being quarantined?
Take a look at various settings in /etc/MailScanner/MailScanner.conf

i.e.

Code: Select all

# Should archives which contain any password-protected files be allowed?
# Leaving this set to "no" is a good way of protecting against all the
# protected zip files used by viruses at the moment.
# This can also be the filename of a ruleset.
Allow Password-Protected Archives = no
dwmp
Posts: 54
Joined: 05 Feb 2016 13:42

Re: How to release blocked mails with status "Other"

Post by dwmp »

Thank you. I found
# Do you want to store copies of the infected attachments and messages?
# This can also be the filename of a ruleset.
Quarantine Infections = no
I will set that to yes and see if I can release also blocked mails then.
dwmp
Posts: 54
Joined: 05 Feb 2016 13:42

Re: How to release blocked mails with status "Other"

Post by dwmp »

Okay, I did that (and activated also "Quarantine silent viruses") and now it is working - I can release such mails. Thank you very much!
Post Reply