How to release blocked mails with status "Other"
How to release blocked mails with status "Other"
Hello,
today our EFA (Version 3.0.0.9) blocked some mails with status "Other" (reason were the password-protected archives as attachment). Since it was false positive, I wanted to release these mails manually but determined that this option is not available.
In that case here I allowed password-protected-archives in the MailScanner.conf.
But for the future I need to be able to release blocked mails with status "Other". Also I would like to block password-protected-archives again (and that is only possible if I can release mistakenly blocked mails manually)
I would really appreciate your help, thanks.
BR,
dwmp
today our EFA (Version 3.0.0.9) blocked some mails with status "Other" (reason were the password-protected archives as attachment). Since it was false positive, I wanted to release these mails manually but determined that this option is not available.
In that case here I allowed password-protected-archives in the MailScanner.conf.
But for the future I need to be able to release blocked mails with status "Other". Also I would like to block password-protected-archives again (and that is only possible if I can release mistakenly blocked mails manually)
I would really appreciate your help, thanks.
BR,
dwmp
Re: How to release blocked mails with status "Other"
Can someone help me here? Anyone an idea to release or handle these mails?
Re: How to release blocked mails with status "Other"
Sounds like mails with status "other" won't be stored. Did you read viewtopic.php?t=527?
Re: How to release blocked mails with status "Other"
Thanks for your answer!
I just read it now, but I think that problem is slightly different from mine. We did not have an unexpexted mount of mails which suddenly got the status "other". There were only some mails with password-protected zip files attached and just these got the status "other". All the other mails which got delivered in that time got handled correctly. Also our system is not even close to be overloaded.
Also after I allowed password-protected zip files in the MailScanner.conf the same mails have been sent again by the sender and were delivered correctly this time.
So one thing is to find out when and why mails get the status "other" but another - and for me more important - thing is how to deliver mails that get the status "other".
I don't know if these mails really did not get stored, but they looked like any other mail except for the status "other" and the fact that I cannot release them (there is just no check box/button).
I just read it now, but I think that problem is slightly different from mine. We did not have an unexpexted mount of mails which suddenly got the status "other". There were only some mails with password-protected zip files attached and just these got the status "other". All the other mails which got delivered in that time got handled correctly. Also our system is not even close to be overloaded.
Also after I allowed password-protected zip files in the MailScanner.conf the same mails have been sent again by the sender and were delivered correctly this time.
So one thing is to find out when and why mails get the status "other" but another - and for me more important - thing is how to deliver mails that get the status "other".
I don't know if these mails really did not get stored, but they looked like any other mail except for the status "other" and the fact that I cannot release them (there is just no check box/button).
Re: How to release blocked mails with status "Other"
Has someone an idea?
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: How to release blocked mails with status "Other"
Relevant logs and mail reports on the mail with the status of "other" would be helpful to try to help you.
There's a reason why they are not in the quarantine, we just need to figure it out.
There's a reason why they are not in the quarantine, we just need to figure it out.
Re: How to release blocked mails with status "Other"
Thanks. I think the reason in my case was, that the messages had a password-protected attachment ("MailScanner: Message contained password-protected archive" - in the meantime I changed the setting to accept such attachments).
Is it a normal behaviour that such mails get the status "Other"?
Since it was some time ago, I think the logs are overwritten. I would have to wait for a new mail, which gets the status "other".
If a mail gets status "Other", is there a posibility to move them to quarantine to release it?
Is it a normal behaviour that such mails get the status "Other"?
Since it was some time ago, I think the logs are overwritten. I would have to wait for a new mail, which gets the status "other".
If a mail gets status "Other", is there a posibility to move them to quarantine to release it?
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: How to release blocked mails with status "Other"
Depends on whether MailScanner is set to quarantine in those cases. For example, viruses typically are not quarantined (just stripped), therefore, those attachments cannot be released because they were never stored in the first place.
Re: How to release blocked mails with status "Other"
Thank you. So I assume that MailScanner is NOT set to quarantine by default, since I didn't change settings here. So the reason why some mails cannot be released is that they are not quarantined in the first place? Where and how can I change these settings, so that every incoming mail is being quarantined?
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: How to release blocked mails with status "Other"
Take a look at various settings in /etc/MailScanner/MailScanner.confdwmp wrote:Where and how can I change these settings, so that every incoming mail is being quarantined?
i.e.
Code: Select all
# Should archives which contain any password-protected files be allowed?
# Leaving this set to "no" is a good way of protecting against all the
# protected zip files used by viruses at the moment.
# This can also be the filename of a ruleset.
Allow Password-Protected Archives = no
Re: How to release blocked mails with status "Other"
Thank you. I found
I will set that to yes and see if I can release also blocked mails then.# Do you want to store copies of the infected attachments and messages?
# This can also be the filename of a ruleset.
Quarantine Infections = no
Re: How to release blocked mails with status "Other"
Okay, I did that (and activated also "Quarantine silent viruses") and now it is working - I can release such mails. Thank you very much!