While moving the Debian 8.2 postfix email server with MailScanner installed to virtual machine environment, there is some limitation on its processing power. It happened that the MailScanner cannot process too many email at the same time, as a result, error messages such as “Denial of Service attack in message!” start appearing. e-mails were being wrongly quarantined because of limited processing power for Mailscanner to finish scanning all emails at once.
Googling does not help, “postdrop” and “postdrop -rv” cannot help with below format error. Direct copy to mailqueue does not work (or i cannot see instant feedback).
fatal: uid=0: unexpected record type: 67
Finally, what you need is this command to run in the quarantined folder:
root@email:/var/spool/MailScanner/quarantine/[date]/[msg.id]/$ postcat -bh [quarantined message] | sendmail -t
The command postcat -bh will read the raw internal queued email message into a proper email format containing the mail header (-h) and body (-h) parts.
The command sendmail -t will then read the email and send to the recipients listed in the email header.
Here is our system information:
Debian version 8.2.
Postfix version 2.11.3-1
MailScanner version 4.58.9
Snippet of MailScanner.conf:
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
Incoming Work Dir = /var/spool/MailScanner/incoming
Quarantine Dir = /var/spool/MailScanner/quarantine
Quarantine Infections = yes
Quarantine Silent Viruses = yes
Quarantine Modified Body = yes
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = yes
To locate which messages are quarantined because of denial of service attack, you may execute the following command to get a list of resulted message ids:
# grep "Denial Of Service attack" /var/log/mail.log | sed -n -e 's/^.*message //p'
I have also used the following command to check the To From and Subject of the quarantined email:
root@email:/var/spool/MailScanner/quarantine/[date]# for MSGID in `grep "Denial Of Service attack" /var/log/mail.log | sed -n -e 's/^.*message //p'` ;do postcat -bh ${MSGID}/* 2>/dev/null |grep '^To:\|^From:\|^Subject:' |sed -e "s/^/${MSGID} /" ; done
You may update the line so that it can resend whatever quarantined email.
RSS feed for comments on this post · TrackBack URI
Leave a reply