Mailwatch : Release quarantine fails - Solved

Submitted by rw on Thu, 02/21/2008 - 18:50.
in

MailWatch logoMailwatch is a GUI maintenance interface for MailScanner. One feature of the combined system is email quarantine. This traps dangerous email, perhaps you consider email with executable attachments dangerous, in a quarantine and advises the recipient. In the event that your users periodically expect and need email with executable attachments to be delivered normally, they can manage this themselves. All with a web GUI.

Failures in this "Release from Quarantine" function generate frequent questions on the MailWatch forums. Often the problem is in the file permissions of the quarantine queue. When quarantine permissions are incorrect, the release from quarantine link may fail to appear on the web page for the suspect email. Fortunately there is a fix_quarantine_permissions script provided with the MailWatch installation.

Another potential problem with "Release from Quarantine" that allows the Release from Quarantine link to display correctly, but to frustratingly generate an error when used.

Release: error (unable to add recipient [alias@example.com]: Invalid response code received from server)

The maillog may also provide the following clue.

NOQUEUE: reject: RCPT from mailserver.example.com[127.0.0.1]: 504 5.5.2
: Sender address rejected: need fully-qualified address; from=
to= proto=ESMTP helo=

The solution in my case was a configuration option in an out-of-the-way place.

edit mailwatch/mailscanner/conf.php to set

define(QUARANTINE_USE_SENDMAIL, true);

And away you go. no more server error. But we still have more to do.

More clues from the FAQ



Why are messages quarantined again when I release them in MailWatch?

This is because you need to bypass certain checks for messages from 127.0.0.1 to allow the released messages to pass through MailScanner without being quarantined again. Set the following in /etc/Mailscanner/Mailscanner.conf: 

Filename Rules = %etc-dir%/filename.rules
Filetype Rules = %etc-dir%/filetype.rules
Dangerous Content Scanning = %rules-dir%/content.scanning.rules
Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules


// In my case I left the whitelist line unchanged to continue using SQL whitelisting.

Then the following files should be set-up as follows: filename.rules 

From:          127.0.0.1       /etc/MailScanner/filename.rules.allowall.conf
FromOrTo:      default         /etc/MailScanner/filename.rules.conf

filetype.rules 

From:          127.0.0.1       /etc/MailScanner/filetype.rules.allowall.conf
FromOrTo:      default         /etc/MailScanner/filetype.rules.conf

content.scanning.rules 

From:           127.0.0.1      no
FromOrTo:       default        yes

spam.whitelist.rules 

From:           127.0.0.1      yes
FromOrTo:       default        no

filename.rules.allowall.conf 


allow   .*      -       -

filetype.rules.allowall.conf 

allow   .*      -       -


Happy Releasing from Quarantine.