How to release blocked mails with status "Other"

Questions and answers about how to do stuff
Post Reply
dwmp
Posts: 53
Joined: 05 Feb 2016 13:42

How to release blocked mails with status "Other"

Post by dwmp » 26 Apr 2016 10:16

Hello,

today our EFA (Version 3.0.0.9) blocked some mails with status "Other" (reason were the password-protected archives as attachment). Since it was false positive, I wanted to release these mails manually but determined that this option is not available.
In that case here I allowed password-protected-archives in the MailScanner.conf.
But for the future I need to be able to release blocked mails with status "Other". Also I would like to block password-protected-archives again (and that is only possible if I can release mistakenly blocked mails manually)
I would really appreciate your help, thanks.

BR,
dwmp

dwmp
Posts: 53
Joined: 05 Feb 2016 13:42

Re: How to release blocked mails with status "Other"

Post by dwmp » 10 May 2016 13:36

Can someone help me here? Anyone an idea to release or handle these mails?

DaN
Posts: 240
Joined: 19 Nov 2014 10:04
Location: Earth

Re: How to release blocked mails with status "Other"

Post by DaN » 10 May 2016 15:05

Sounds like mails with status "other" won't be stored. Did you read viewtopic.php?t=527?

dwmp
Posts: 53
Joined: 05 Feb 2016 13:42

Re: How to release blocked mails with status "Other"

Post by dwmp » 11 May 2016 06:35

Thanks for your answer!
I just read it now, but I think that problem is slightly different from mine. We did not have an unexpexted mount of mails which suddenly got the status "other". There were only some mails with password-protected zip files attached and just these got the status "other". All the other mails which got delivered in that time got handled correctly. Also our system is not even close to be overloaded.
Also after I allowed password-protected zip files in the MailScanner.conf the same mails have been sent again by the sender and were delivered correctly this time.

So one thing is to find out when and why mails get the status "other" but another - and for me more important - thing is how to deliver mails that get the status "other".
I don't know if these mails really did not get stored, but they looked like any other mail except for the status "other" and the fact that I cannot release them (there is just no check box/button).

dwmp
Posts: 53
Joined: 05 Feb 2016 13:42

Re: How to release blocked mails with status "Other"

Post by dwmp » 19 May 2016 05:51

Has someone an idea?

User avatar
shawniverson
Posts: 2821
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: How to release blocked mails with status "Other"

Post by shawniverson » 30 May 2016 13:11

Relevant logs and mail reports on the mail with the status of "other" would be helpful to try to help you.

There's a reason why they are not in the quarantine, we just need to figure it out.
Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

dwmp
Posts: 53
Joined: 05 Feb 2016 13:42

Re: How to release blocked mails with status "Other"

Post by dwmp » 31 May 2016 07:41

Thanks. I think the reason in my case was, that the messages had a password-protected attachment ("MailScanner: Message contained password-protected archive" - in the meantime I changed the setting to accept such attachments).
Is it a normal behaviour that such mails get the status "Other"?
Since it was some time ago, I think the logs are overwritten. I would have to wait for a new mail, which gets the status "other".
If a mail gets status "Other", is there a posibility to move them to quarantine to release it?

User avatar
shawniverson
Posts: 2821
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: How to release blocked mails with status "Other"

Post by shawniverson » 12 Jun 2016 00:25

Depends on whether MailScanner is set to quarantine in those cases. For example, viruses typically are not quarantined (just stripped), therefore, those attachments cannot be released because they were never stored in the first place.
Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

dwmp
Posts: 53
Joined: 05 Feb 2016 13:42

Re: How to release blocked mails with status "Other"

Post by dwmp » 30 Jun 2016 13:25

Thank you. So I assume that MailScanner is NOT set to quarantine by default, since I didn't change settings here. So the reason why some mails cannot be released is that they are not quarantined in the first place? Where and how can I change these settings, so that every incoming mail is being quarantined?

User avatar
shawniverson
Posts: 2821
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: How to release blocked mails with status "Other"

Post by shawniverson » 04 Jul 2016 11:32

dwmp wrote:Where and how can I change these settings, so that every incoming mail is being quarantined?
Take a look at various settings in /etc/MailScanner/MailScanner.conf

i.e.

Code: Select all

# Should archives which contain any password-protected files be allowed?
# Leaving this set to "no" is a good way of protecting against all the
# protected zip files used by viruses at the moment.
# This can also be the filename of a ruleset.
Allow Password-Protected Archives = no
Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

dwmp
Posts: 53
Joined: 05 Feb 2016 13:42

Re: How to release blocked mails with status "Other"

Post by dwmp » 05 Jul 2016 08:16

Thank you. I found
# Do you want to store copies of the infected attachments and messages?
# This can also be the filename of a ruleset.
Quarantine Infections = no
I will set that to yes and see if I can release also blocked mails then.

dwmp
Posts: 53
Joined: 05 Feb 2016 13:42

Re: How to release blocked mails with status "Other"

Post by dwmp » 18 Jul 2016 06:12

Okay, I did that (and activated also "Quarantine silent viruses") and now it is working - I can release such mails. Thank you very much!

Post Reply