efa-project.org

Last night I had loads of email sent to the archive with a status of Other. This by far consisted on email that would normally get delivered. I noticed that the Inbound Mail Queue went very high during the evening with over 100 entries in there at one point. So some questions:

How can I stop these perfectly good emails being marked as Other?
What does "Other" mean?
Is there any way to release all of these in one go without having to go to each one in turn?

Additional information. I am seeing a lot of this in the mail log at the time it was busy:

Mar 13 20:53:47 efa MailScanner[30341]: New Batch: Found 24 messages waiting
Mar 13 20:53:47 efa MailScanner[30341]: New Batch: Scanning 1 messages, 1409 bytes
Mar 13 20:53:47 efa MailScanner[30341]: Virus and Content Scanning: Starting
Mar 13 20:53:47 efa MailScanner[30341]: Clamd::INFECTED::Sanesecurity.Spam.10995.UNOFFICIAL :: ./A89931005A2.AE213/
Mar 13 20:53:47 efa MailScanner[30341]: Found spam-virus Sanesecurity.Spam.10995.UNOFFICIAL in A89931005A2.AE213
Mar 13 20:53:47 efa MailScanner[30341]: Clamd::INFECTED::Sanesecurity.Spam.10995.UNOFFICIAL :: ./78C221008B6.AA2C6/
Mar 13 20:53:47 efa MailScanner[30341]: Found spam-virus Sanesecurity.Spam.10995.UNOFFICIAL in 78C221008B6.AA2C6
Mar 13 20:53:47 efa MailScanner[30341]: Clamd::INFECTED::Sanesecurity.Spam.10995.UNOFFICIAL :: ./341B5100599.ACDAC/
Mar 13 20:53:47 efa MailScanner[30341]: Found spam-virus Sanesecurity.Spam.10995.UNOFFICIAL in 341B5100599.ACDAC
Mar 13 20:53:47 efa MailScanner[30341]: Clamd::INFECTED::Sanesecurity.Spam.10995.UNOFFICIAL :: ./0EE7B10059C.A02A4/
Mar 13 20:53:47 efa MailScanner[30341]: Found spam-virus Sanesecurity.Spam.10995.UNOFFICIAL in 0EE7B10059C.A02A4
Mar 13 20:53:47 efa postfix/postsuper[30410]: A89931005A2: removed
Mar 13 20:53:47 efa postfix/postsuper[30410]: Deleted: 1 message
Mar 13 20:53:47 efa MailScanner[30411]: MailScanner E-Mail Virus Scanner version 4.84.6 starting...
Mar 13 20:53:47 efa MailScanner[30411]: Reading configuration file /etc/MailScanner/MailScanner.conf
Mar 13 20:53:47 efa MailScanner[30411]: Reading configuration file /etc/MailScanner/conf.d/README
Mar 13 20:53:47 efa MailScanner[30411]: Read 875 hostnames from the phishing whitelist
Mar 13 20:53:47 efa MailScanner[30411]: Read 3347 hostnames from the phishing blacklists
Mar 13 20:53:47 efa MailScanner[30411]: Config: calling custom init function SQLBlacklist
Mar 13 20:53:47 efa MailScanner[30411]: Starting up SQL Blacklist
Mar 13 20:53:47 efa MailScanner[30411]: Read 24 blacklist entries
Mar 13 20:53:47 efa MailScanner[30411]: Config: calling custom init function MailWatchLogging
Mar 13 20:53:47 efa MailScanner[30411]: Started SQL Logging child
Mar 13 20:53:47 efa MailScanner[30411]: Config: calling custom init function SQLWhitelist
Mar 13 20:53:47 efa MailScanner[30411]: Starting up SQL Whitelist
Mar 13 20:53:47 efa MailScanner[30411]: Read 157 whitelist entries
Mar 13 20:53:47 efa MailScanner[30411]: Using SpamAssassin results cache
Mar 13 20:53:47 efa MailScanner[30411]: Connected to SpamAssassin cache database
Mar 13 20:53:47 efa MailScanner[30411]: Enabling SpamAssassin auto-whitelist functionality...
Mar 13 20:53:49 efa MailScanner[30202]: Warning: skipping message 89F79100540.AE211 as it has been attempted too many times
Mar 13 20:53:49 efa MailScanner[30202]: Quarantined message 89F79100540.AE211 as it caused MailScanner to crash several times
Mar 13 20:53:49 efa MailScanner[30202]: Saved entire message to /var/spool/MailScanner/quarantine/20140313/89F79100540.AE211

Other actually means that MailWatch does not know the status.

So mostly this is because something is going wrong.

Do the spamassassin and mailscanner lint tests (webinterface -> tools) show any errors?
Also check if you are running the latest version (EFA-Update -check command when logged in with SSH)

If the lint tests both are fine I guess it is best to enable debugging:
(set the option Debug = yes in /etc/MailScanner/MailScanner.conf and restart mailscanner)

I did what you suggested and we have no errors. We are on the latest version.

It has not played up again since so I suggest we leave it and do the debug if it reoccurs.

Thanks for your help.

It is important to monitor the performance of your system under high load.

Also, a good rule of thumb is to have no more than 1-2 MailScanner children per processor. Too many MailScanner threads spawning will overload the system and things will start crashing.

Hello,

is there a possibility by now to release such mails with status other? We also had some of these and for the future I would like to know how I can access/release these mails.
Thanks.

BR,
dwmp

Depends on whether mailscanner quarantined them. Do you have a sample report?

Thanks for your answer.
It says "MailScanner: Message contained password-protected archive" (that was one reason why it got quarantined - in the meantime I changed settings to accept password-protected archives. But for the future I would like to know how to release mail with status "Other").
How do I find out whether it got quarantined or not? I see them in the list (Mailwatch) and I can see the header, details etc. The only difference to mails with status != other is, that I can NOT see the area seen in the attached screenshot.

What exactly do you mean with sample report? How can I create one?

Yeah, that's the report...

MailScanner: Message contained password-protected archive