1

Topic: Release of Quarantined mails

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
======== Required information ====
- iRedMail version: 0.8.4
-iRedAdmin-Pro version: 1.7.0
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: CentOS 6.4
- Related log if you're reporting an issue:
====

Oct 11 08:21:55 poruke amavis[31617]: (rel-15oefOX5fjm9) (!!)policy_server FAILED: File /var/spool/amavisd/quarantine/15oefOX5fjm9 does not exist at (eval 96) line 385, <GEN24> line 4.

When i try to release a mail this error shows and the mail disappears .

This is my config from amavisd :

$virus_quarantine_to     = 'virus-quarantine';
$virus_quarantine_method = 'sql:';

This is very urgent for me , i need to put this server in production but i cant before i can release mails .

2

Re: Release of Quarantined mails

*) Do you have below settings in Amavisd config file?

# Change below two settings to D_DISCARD.
$final_spam_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;

#
# Quarantine SPAM into SQL server.
#
$spam_quarantine_to = 'spam-quarantine';    # <- Remove '#' at the beginning of line.
$spam_quarantine_method = 'sql:';           # <- Remove '#' at the beginning of line.

#
# Quarantine VIRUS into SQL server.
#
$virus_quarantine_to = 'virus-quarantine';   # <- Remove '#' at the beginning of line.
$virus_quarantine_method = 'sql:';           # <- Remove '#' at the beginning of line.

#
# Quarantine BANNED emails into SQL server.
#
$banned_quarantine_to = 'banned-quarantine';
$banned_files_quarantine_method = 'sql:';

*) Do you have duplicate settings in Amavisd config file? The last one will override earlier ones.

3

Re: Release of Quarantined mails

ZhangHuangbin wrote:

*) Do you have below settings in Amavisd config file?

# Change below two settings to D_DISCARD.
$final_spam_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;

#
# Quarantine SPAM into SQL server.
#
$spam_quarantine_to = 'spam-quarantine';    # <- Remove '#' at the beginning of line.
$spam_quarantine_method = 'sql:';           # <- Remove '#' at the beginning of line.

#
# Quarantine VIRUS into SQL server.
#
$virus_quarantine_to = 'virus-quarantine';   # <- Remove '#' at the beginning of line.
$virus_quarantine_method = 'sql:';           # <- Remove '#' at the beginning of line.

#
# Quarantine BANNED emails into SQL server.
#
$banned_quarantine_to = 'banned-quarantine';
$banned_files_quarantine_method = 'sql:';

*) Do you have duplicate settings in Amavisd config file? The last one will override earlier ones.

I only want to quarantine virus , spam , at this moment will go to the user. this is my config:

$final_virus_destiny      = D_REJECT;
$final_banned_destiny     = D_PASS;
$final_spam_destiny       = D_PASS;
$final_bad_header_destiny = D_PASS;

$bad_header_quarantine_method = undef;
$spam_quarantine_method = undef;
$virus_quarantine_to     = 'virus-quarantine';
$virus_quarantine_method = 'sql:';
$banned_files_quarantine_method = undef;

The virus messages go to quarantine but when i release them the error shows in log and the messages disappears .

4

Re: Release of Quarantined mails

cts.cobra wrote:

$final_virus_destiny      = D_REJECT;

Does change above parameter to 'D_DISCARD' solve your issue? Note: it only impacts new emails after changed config.

5

Re: Release of Quarantined mails

ZhangHuangbin wrote:
cts.cobra wrote:

$final_virus_destiny      = D_REJECT;

Does change above parameter to 'D_DISCARD' solve your issue? Note: it only impacts new emails after changed config.

I tried but there is no change , still same error comes in log.

There is something wrong with the release commands .

6

Re: Release of Quarantined mails

cts.cobra wrote:
ZhangHuangbin wrote:
cts.cobra wrote:

$final_virus_destiny      = D_REJECT;

Does change above parameter to 'D_DISCARD' solve your issue? Note: it only impacts new emails after changed config.

I tried but there is no change , still same error comes in log.

There is something wrong with the release commands .

Maybe its related to this :
http://www.iredmail.org/forum/topic5307 … ntine.html

7

Re: Release of Quarantined mails

*) Did you check whether you have duplicate parameters of below two in Amavisd config files?

$virus_quarantine_to =
$virus_quarantine_method =

The error message you posted in first post shows Amavisd trying to release quarantined file from local file system, not from SQL database.

*) When a virus mail was quarantined, any related log in mail log file (/var/log/maillog)? Did you see new SQL record in SQL table "amavisd.quarantine"?

8

Re: Release of Quarantined mails

ZhangHuangbin wrote:

*) Did you check whether you have duplicate parameters of below two in Amavisd config files?

$virus_quarantine_to =
$virus_quarantine_method =

The error message you posted in first post shows Amavisd trying to release quarantined file from local file system, not from SQL database.

*) When a virus mail was quarantined, any related log in mail log file (/var/log/maillog)? Did you see new SQL record in SQL table "amavisd.quarantine"?

I see that mail in iRedAdmin-Pro .
This is log from /var/log/maillog

Oct 15 16:03:52 poruke postfix/smtpd[17717]: Anonymous TLS connection established from unknown[192.168.1.133]: TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)
Oct 15 16:03:52 poruke postfix/smtpd[17717]: DE9BB1815E1: client=unknown[192.168.1.133], sasl_method=PLAIN, sasl_username=xxxxxxxx
Oct 15 16:03:54 poruke postfix/cleanup[17721]: DE9BB1815E1: message-id=<525D4B48.2040801@xxxxxxxx>
Oct 15 16:03:54 poruke postfix/qmgr[2197]: DE9BB1815E1: from=<aleksandar.sasa.glumac@xxxxxxxx>, size=2580, nrcpt=2 (queue active)
Oct 15 16:03:54 poruke postfix/smtpd[17717]: disconnect from unknown[192.168.1.133]
Oct 15 16:03:54 poruke postfix/smtpd[17735]: connect from xxxxxxxx[127.0.0.1]
Oct 15 16:03:54 poruke postfix/smtpd[17735]: 4079618160C: client=xxxxxxxx[127.0.0.1]
Oct 15 16:03:54 poruke postfix/cleanup[17721]: 4079618160C: message-id=<20131015140354.4079618160C@xxxxxxxx>
Oct 15 16:03:54 poruke postfix/smtpd[17736]: connect from xxxxxxxx[127.0.0.1]
Oct 15 16:03:54 poruke postfix/smtpd[17736]: 4958D18160D: client=xxxxxxxx[127.0.0.1]
Oct 15 16:03:54 poruke postfix/cleanup[17737]: 4958D18160D: message-id=<20131015140354.4958D18160D@xxxxxxxx>
Oct 15 16:03:54 poruke postfix/smtpd[17735]: disconnect from xxxxxxxx.hr[127.0.0.1]
Oct 15 16:03:54 poruke postfix/qmgr[2197]: 4079618160C: from=<postmaster@xxxxxxxx>, size=1772, nrcpt=1 (queue active)
Oct 15 16:03:54 poruke postfix/qmgr[2197]: 4958D18160D: from=<postmaster@xxxxxxxx>, size=1772, nrcpt=1 (queue active)
Oct 15 16:03:54 poruke postfix/smtpd[17736]: disconnect from xxxxxxxx[127.0.0.1]
Oct 15 16:03:54 poruke postfix/smtp[17729]: DE9BB1815E1: to=<test1@xxxxxxxx>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.5, delays=1.1/0.02/0.01/0.32, dsn=5.7.0, status=bounced (host 127.0.0.1[127.0.0.1] said: 554 5.7.0 Reject, id=17713-01 - INFECTED:  (in reply to end of DATA command))
Oct 15 16:03:55 poruke postfix/pipe[17739]: 4958D18160D: to=<admin@xxxxxxxx>, relay=dovecot, delay=1, delays=0.06/0.04/0/0.92, dsn=2.0.0, status=sent (delivered via dovecot service)
Oct 15 16:03:55 poruke postfix/qmgr[2197]: 4958D18160D: removed
Oct 15 16:03:55 poruke postfix/pipe[17738]: 4079618160C: to=<admin@xxxxxxxx>, relay=dovecot, delay=1.1, delays=0.08/0.02/0/1, dsn=2.0.0, status=sent (delivered via dovecot service)
Oct 15 16:03:55 poruke postfix/qmgr[2197]: 4079618160C: removed
Oct 15 16:03:55 poruke postfix/smtp[17728]: DE9BB1815E1: to=<test3@yyyyyyy>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.6, delays=1.1/0.01/0.01/0.43, dsn=5.7.0, status=bounced (host 127.0.0.1[127.0.0.1] said: 554 5.7.0 Reject, id=17712-01 - INFECTED:  (in reply to end of DATA command))
Oct 15 16:03:55 poruke postfix/cleanup[17721]: 8FA1518160C: message-id=<20131015140355.8FA1518160C@xxxxxxxx>
Oct 15 16:03:55 poruke postfix/bounce[17740]: DE9BB1815E1: sender non-delivery notification: 8FA1518160C
Oct 15 16:03:55 poruke postfix/qmgr[2197]: 8FA1518160C: from=<>, size=4980, nrcpt=1 (queue active)
Oct 15 16:03:55 poruke postfix/qmgr[2197]: DE9BB1815E1: removed
Oct 15 16:03:55 poruke postfix/pipe[17739]: 8FA1518160C: to=<aleksandar.sasa.glumac@xxxxxxxx>, relay=dovecot, delay=0.06, delays=0/0/0/0.05, dsn=2.0.0, status=sent (delivered via dovecot service)
Oct 15 16:03:55 poruke postfix/qmgr[2197]: 8FA1518160C: removed

this is the amavisd config :

use strict;

$max_servers = 2;            # num of pre-forked children (2..30 is common), -m
$daemon_user  = 'amavis';     # (no default;  customary: vscan or amavis), -u
$daemon_group = 'amavis';     # (no default;  customary: vscan or amavis), -g

$mydomain = "poruke.yyyyyyyyyyyyyyyy";    # = 'example.com';   # a convenient default for other settings

$MYHOME = '/var/spool/amavisd';   # a convenient default for other settings, -H
$TEMPBASE = "$MYHOME/tmp";   # working directory, needs to exist, -T
$ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR, used by SA, etc.
$QUARANTINEDIR = "/var/spool/amavisd/quarantine";


$db_home   = "$MYHOME/db";        # dir for bdb nanny/cache/snmp databases, -D
$lock_file = "/var/run/amavisd/amavisd.lock";  # -L
$pid_file  = "/var/run/amavisd/amavisd.pid";   # -P

$log_level = 1;              # verbosity 0..5, -d
$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$syslog_facility = 'local6';   # Syslog facility as a string
           # e.g.: mail, daemon, user, local0, ... local7
$syslog_priority = 'debug';  # Syslog base (minimal) priority as a string,
           # choose from: emerg, alert, crit, err, warning, notice, info, debug

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1
$nanny_details_level = 2;    # nanny verbosity: 1: traditional, 2: detailed
$enable_dkim_verification = 1;  # enable DKIM signatures verification
$enable_dkim_signing = 1;    # load DKIM signing code, keys defined by dkim_key

@local_domains_maps = ( [".$mydomain","xxxxxxxxxxx"] );  # list of all local domains

@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
                  10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

$unix_socketname = "$MYHOME/amavisd.sock";  # amavisd-release or amavis-milter
               # option(s) -p overrides $inet_socket_port and $unix_socketname

$inet_socket_port = [10024, 9998];

$policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
  originating => 1,  # is true in MYNETS by default, but let's make it explicit
  os_fingerprint_method => undef,  # don't query p0f for internal clients
  allow_disclaimers => 1, # enables disclaimer insertion if available
};

$interface_policy{'10026'} = 'ORIGINATING';

$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
  originating => 1,  # declare that mail was submitted by our smtp client
  allow_disclaimers => 1,  # enables disclaimer insertion if available
  # notify administrator of locally originating malware
  virus_admin_maps => ["admin\@yyyyyyyyyyyyyyyy"],
  spam_admin_maps  => ["admin\@yyyyyyyyyyyyyyyy"],
  warnbadhsender   => 1,
  # forward to a smtpd service providing DKIM signing service
  forward_method => 'smtp:[127.0.0.1]:10027',
  # force MTA conversion to 7-bit (e.g. before DKIM signing)
  smtpd_discard_ehlo_keywords => ['8BITMIME'],
  bypass_banned_checks_maps => [1],  # allow sending any file names and types
  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
};

$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname

$policy_bank{'AM.PDP-SOCK'} = {
  protocol => 'AM.PDP',
  auth_required_release => 0,  # do not require secret_id for amavisd-release
};

$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.2;  # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.9;  # triggers spam evasive actions (e.g. blocks mail)
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From
$penpals_bonus_score = 8;    # (no effect without a @storage_sql_dsn database)
$penpals_threshold_high = $sa_kill_level_deflt;  # don't waste time on hi spam
$bounce_killer_score = 100;  # spam score points to add for joe-jobbed bounces

$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0;    # only tests which do not require internet access?

$virus_admin               = undef;                    # notifications recip.

$mailfrom_notify_admin     = undef;                    # notifications sender
$mailfrom_notify_recip     = undef;                    # notifications sender
$mailfrom_notify_spamadmin = undef;                    # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef

@addr_extension_virus_maps      = ('virus');
@addr_extension_banned_maps     = ('banned');
@addr_extension_spam_maps       = ('spam');
@addr_extension_bad_header_maps = ('badh');

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)

$sa_spam_subject_tag = '***SPAM*** ';
$defang_virus  = 1;  # MIME-wrap passed infected mail
$defang_banned = 0;  # MIME-wrap passed mail containing banned name
$defang_by_ccat{+CC_BADH.",3"} = 1;  # NUL or CR character in header
$defang_by_ccat{+CC_BADH.",5"} = 1;  # header line longer than 998 characters
$defang_by_ccat{+CC_BADH.",6"} = 1;  # header field syntax error

@keep_decoded_original_maps = (new_RE(
  qr'^MAIL$',   # retain full original message for virus checking
  qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
));


$banned_filename_re = new_RE(

  qr'^\.(exe-ms|dll)$',                   # banned file(1) types, rudimentary

### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES:
# [ qr'^\.(gz|bz2)$'             => 0 ],  # allow any in gzip or bzip2
  [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives

  qr'.\.(pif|scr)$'i,                     # banned extensions - rudimentary

  qr'^application/x-msdownload$'i,        # block these MIME types
  qr'^application/x-msdos-program$'i,
  qr'^application/hta$'i,

  qr'^(?!cid:).*\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i,


  qr'.\.(exe|vbs|pif|scr|cpl)$'i,             # banned extension - basic

);


@score_sender_maps = ({ # a by-recipient hash lookup table,
                        # results from all matching recipient tables are summed

  ## site-wide opinions about senders (the '.' matches any recipient)
  '.' => [  # the _first_ matching sender determines the score boost

   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],
    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],
    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],
    [qr'^(your_friend|greatoffers)@'i                                => 5.0],
    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],
   ),

#  read_hash("/var/amavis/sender_scores_sitewide"),

   { # a hash-type lookup table (associative array)
     'nobody@cert.org'                        => -3.0,
     'cert-advisory@us-cert.gov'              => -3.0,
     'owner-alert@iss.net'                    => -3.0,
     'slashdot@slashdot.org'                  => -3.0,
     'securityfocus.com'                      => -3.0,
     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
     'security-alerts@linuxsecurity.com'      => -3.0,
     'mailman-announce-admin@python.org'      => -3.0,
     'amavis-user-admin@lists.sourceforge.net'=> -3.0,
     'amavis-user-bounces@lists.sourceforge.net' => -3.0,
     'spamassassin.apache.org'                => -3.0,
     'notification-return@lists.sophos.com'   => -3.0,
     'owner-postfix-users@postfix.org'        => -3.0,
     'owner-postfix-announce@postfix.org'     => -3.0,
     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
     'sendmail-announce-request@lists.sendmail.org' => -3.0,
     'donotreply@sendmail.org'                => -3.0,
     'ca+envelope@sendmail.org'               => -3.0,
     'noreply@freshmeat.net'                  => -3.0,
     'owner-technews@postel.acm.org'          => -3.0,
     'ietf-123-owner@loki.ietf.org'           => -3.0,
     'cvs-commits-list-admin@gnome.org'       => -3.0,
     'rt-users-admin@lists.fsck.com'          => -3.0,
     'clp-request@comp.nus.edu.sg'            => -3.0,
     'surveys-errors@lists.nua.ie'            => -3.0,
     'emailnews@genomeweb.com'                => -5.0,
     'yahoo-dev-null@yahoo-inc.com'           => -3.0,
     'returns.groups.yahoo.com'               => -3.0,
     'clusternews@linuxnetworx.com'           => -3.0,
     lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,
     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,

     # soft-blacklisting (positive score)
     'sender@example.net'                     =>  3.0,
     '.example.net'                           =>  1.0,

   },
  ],  # end of site-wide tables
});


@decoders = (
  ['mail', \&do_mime_decode],
  ['asc',  \&do_ascii],
  ['uue',  \&do_ascii],
  ['hqx',  \&do_ascii],
  ['ync',  \&do_ascii],
  ['F',    \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
  ['Z',    \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
  ['gz',   \&do_uncompress,  'gzip -d'],
  ['gz',   \&do_gunzip],
  ['bz2',  \&do_uncompress,  'bzip2 -d'],
  ['lzo',  \&do_uncompress,  'lzop -d'],
  ['rpm',  \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
  ['cpio', \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
  ['tar',  \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
  ['deb',  \&do_ar,          'ar'],
# ['a',    \&do_ar,          'ar'],  # unpacking .a seems an overkill
  ['zip',  \&do_unzip],
  ['7z',   \&do_7zip,       ['7zr','7za','7z'] ],
  ['rar',  \&do_unrar,      ['rar','unrar'] ],
  ['arj',  \&do_unarj,      ['arj','unarj'] ],
  ['arc',  \&do_arc,        ['nomarch','arc'] ],
  ['zoo',  \&do_zoo,        ['zoo','unzoo'] ],
  ['lha',  \&do_lha,         'lha'],
# ['doc',  \&do_ole,         'ripole'],
  ['cab',  \&do_cabextract,  'cabextract'],
  ['tnef', \&do_tnef_ext,    'tnef'],
  ['tnef', \&do_tnef],
# ['sit',  \&do_unstuff,     'unstuff'],  # broken/unsafe decoder
  ['exe',  \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],
);
$sa_debug = 0;
$myhostname = "poruke.yyyyyyyyyyyyyyyy";

$notify_method  = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025';

$final_virus_destiny      = D_REJECT;
$final_banned_destiny     = D_PASS;
$final_spam_destiny       = D_PASS;
$final_bad_header_destiny = D_PASS;

@av_scanners = (

    #### http://www.clamav.net/
    ['ClamAV-clamd',
    \&ask_daemon, ["CONTSCAN {}\n", "/tmp/clamd.socket"],
    qr/\bOK$/, qr/\bFOUND$/,
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);

@av_scanners_backup = (

    ### http://www.clamav.net/   - backs up clamd or Mail::ClamAV
    ['ClamAV-clamscan', 'clamscan',
    "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);

$policy_bank{'MYUSERS'} = {
    # declare that mail was submitted by our smtp client
    originating => 1,

    # enables disclaimer insertion if available
    allow_disclaimers => 1,

    # notify administrator of locally originating malware
    virus_admin_maps => ["admin\@yyyyyyyyyyyyyyyy"],
    spam_admin_maps  => ["admin\@yyyyyyyyyyyyyyyy"],
    warnbadhsender   => 0,

    # forward to a smtpd service providing DKIM signing service
    #forward_method => 'smtp:[127.0.0.1]:10027',

    # force MTA conversion to 7-bit (e.g. before DKIM signing)
    smtpd_discard_ehlo_keywords => ['8BITMIME'],

    # don't remove NOTIFY=SUCCESS option
    terminate_dsn_on_notify_success => 0,

    # don't perform spam/virus/header check.
    #bypass_spam_checks_maps => [1],
    #bypass_virus_checks_maps => [1],
    #bypass_header_checks_maps => [1],

    # allow sending any file names and types
    #bypass_banned_checks_maps => [1],
};

    protocol => 'AM.PDP',       # select Amavis policy delegation protocol
    inet_acl => [qw( 127.0.0.1 [::1] )],    # restrict access to these IP addresses
    auth_required_release => 1,    # 0 - don't require secret_id for amavisd-release
    #log_level => 4,
    #always_bcc_by_ccat => {CC_CLEAN, 'admin@example.com'},
};

#########################
# Quarantine mails.
#

# Don't quarantine mails with bad header.
$bad_header_quarantine_method = undef;
$spam_quarantine_method = undef;

#########################
# Quarantine VIRUS mails.
#
$virus_quarantine_to     = 'virus-quarantine';
$virus_quarantine_method = 'sql:';

#########################
# Quarantine BANNED mails.
$banned_files_quarantine_method = undef;


$sa_spam_modifies_subj = 1;

$warnvirussender = 1;

$warnspamsender = 0;

$warnbannedsender = 0;

$warnbadhsender = 0;

$warn_offsite = 1;

$notify_sender_templ      = read_text('/var/amavis/notify_sender.txt');
$notify_virus_sender_templ= read_text('/var/amavis/notify_virus_sender.txt');
$notify_virus_admin_templ = read_text('/var/amavis/notify_virus_admin.txt');
$notify_virus_recips_templ= read_text('/var/amavis/notify_virus_recips.txt');
$notify_spam_sender_templ = read_text('/var/amavis/notify_spam_sender.txt');
$notify_spam_admin_templ  = read_text('/var/amavis/notify_spam_admin.txt');

$sql_allow_8bit_address = 1;
$timestamp_fmt_mysql = 1;

$undecipherable_subject_tag = undef;
$smtp_connection_cache_enable = 0;

$signed_header_fields{'received'} = 0;
$signed_header_fields{'to'} = 1;

$originating = 1;

# Add dkim_key here.
dkim_key("yyyyyyyyyyyyyyyy", "dkim", "/var/lib/dkim/yyyyyyyyyyyyyyyy.pem");

@dkim_signature_options_bysender_maps = ( {
    # ------------------------------------
    # For domain: yyyyyyyyyyyyyyyy.
    # ------------------------------------
    # 'd' defaults to a domain of an author/sender address,
    # 's' defaults to whatever selector is offered by a matching key

    #'postmaster@yyyyyyyyyyyyyyyy'    => { d => "yyyyyyyyyyyyyyyy", a => 'rsa-sha256', ttl =>  7*24*3600 },
    #"spam-reporter@yyyyyyyyyyyyyyyy"    => { d => "yyyyyyyyyyyyyyyy", a => 'rsa-sha256', ttl =>  7*24*3600 },

    # explicit 'd' forces a third-party signature on foreign (hosted) domains
    "yyyyyyyyyyyyyyyy"  => { d => "yyyyyyyyyyyyyyyy", a => 'rsa-sha256', ttl => 10*24*3600 },
    #"host1.yyyyyyyyyyyyyyyy"  => { d => "host1.yyyyyyyyyyyyyyyy", a => 'rsa-sha256', ttl => 10*24*3600 },
    #"host2.yyyyyyyyyyyyyyyy"  => { d => "host2.yyyyyyyyyyyyyyyy", a => 'rsa-sha256', ttl => 10*24*3600 },
    # ---- End domain: yyyyyyyyyyyyyyyy ----

    # catchall defaults
    '.' => { a => 'rsa-sha256', c => 'relaxed/simple', ttl => 30*24*3600 },
} );
$altermime = '/usr/bin/altermime';

# Disclaimer in plain text formart.
@altermime_args_disclaimer = qw(--disclaimer=/etc/postfix/disclaimer/_OPTION_.txt --disclaimer-html=/etc/postfix/disclaimer/_OPTION_.txt --force-for-bad-html);

@disclaimer_options_bysender_maps = ({
    # Per-domain disclaimer setting: /etc/postfix/disclaimer/host1.iredmail.org.txt
    #'host1.iredmail.org' => 'host1.iredmail.org',

    # Sub-domain disclaimer setting: /etc/postfix/disclaimer/iredmail.org.txt
    #'.iredmail.org'      => 'iredmail.org',

    # Per-user disclaimer setting: /etc/postfix/disclaimer/boss.iredmail.org.txt
    #'boss@iredmail.org'  => 'boss.iredmail.org',

    # Catch-all disclaimer setting: /etc/postfix/disclaimer/default.txt
    '.' => 'default',
},);
# ------------ End Disclaimer Setting ---------------
@storage_sql_dsn = (
    ['DBI:mysql:database=amavisd;host=127.0.0.1;port=3306', 'amavisd', '2w8EyPWCDZOnRjAjbirg41st9nnTOr'],
);
# Uncomment below two lines to lookup virtual mail domains from MySQL database.
#@lookup_sql_dsn =  (
#    ['DBI:mysql:database=vmail;host=127.0.0.1;port=3306', 'vmail', 'WcMVoAXZh6vHuqpxKJ5oE67BYjiU6U'],
#);
# For Amavisd-new-2.7.0 and later versions. Placeholder '%d' is available in Amavisd-2.7.0+.
#$sql_select_policy = "SELECT domain FROM domain WHERE domain='%d'";

# For Amavisd-new-2.6.x.
# WARNING: IN() may cause MySQL lookup performance issue.
#$sql_select_policy = "SELECT domain FROM domain WHERE CONCAT('@', domain) IN (%k)";

1;  # insure a defined return

9

Re: Release of Quarantined mails

*) Is it typo error or incomplete copy? You have just part of below setting in Amavisd config file:

#
# Port used to release quarantined mails.
#
$interface_policy{'9998'} = 'AM.PDP-INET';
$policy_bank{'AM.PDP-INET'} = {
    protocol => 'AM.PDP',       # select Amavis policy delegation protocol
    inet_acl => [qw( 127.0.0.1 [::1] )],    # restrict access to these IP addresses
    auth_required_release => 1,    # 0 - don't require secret_id for amavisd-release
    #log_level => 4,
    #always_bcc_by_ccat => {CC_CLEAN, 'admin@example.com'},
};

*) If it's just incomplete copy and you do have full setting, i have no idea yet. Sorry about this.

*) There's no Amavisd related log about quarantined virus mail in your last post, could you please paste it to help troubleshoot?

10

Re: Release of Quarantined mails

ZhangHuangbin wrote:

*) Is it typo error or incomplete copy? You have just part of below setting in Amavisd config file:

#
# Port used to release quarantined mails.
#
$interface_policy{'9998'} = 'AM.PDP-INET';
$policy_bank{'AM.PDP-INET'} = {
    protocol => 'AM.PDP',       # select Amavis policy delegation protocol
    inet_acl => [qw( 127.0.0.1 [::1] )],    # restrict access to these IP addresses
    auth_required_release => 1,    # 0 - don't require secret_id for amavisd-release
    #log_level => 4,
    #always_bcc_by_ccat => {CC_CLEAN, 'admin@example.com'},
};

*) If it's just incomplete copy and you do have full setting, i have no idea yet. Sorry about this.

*) There's no Amavisd related log about quarantined virus mail in your last post, could you please paste it to help troubleshoot?

I increased amavisd log level and sent new mail , this is the log :

Oct 16 11:07:20 poruke amavis[25538]: (25538-01) lookup [warnvirusrecip] => undef, "test1@yyyyyyyyyyyyyyyy" does not match
Oct 16 11:07:20 poruke amavis[25538]: (25538-01) DSN: sender is credible (orig), SA: 0.000, <xxxx@yyyyyyyyyyyyyyyy>
Oct 16 11:07:20 poruke amavis[25538]: (25538-01) lookup => true,  "xxxx@yyyyyyyyyyyyyyyy" matches, result="18", matching_key="(constant:18)"
Oct 16 11:07:20 poruke amavis[25538]: (25538-01) DSN: FAIL . 554 Virus, status propagated back: <xxxx@yyyyyyyyyyyyyyyy> -> <test1@yyyyyyyyyyyyyyyy>
Oct 16 11:07:20 poruke amavis[25538]: (25538-01) notif=N, suppressed=0, ndn_needed=, exit=69, 554 5.7.0 Reject, id=25538-01 - INFECTED:
Oct 16 11:07:20 poruke amavis[25538]: (25538-01) lookup_ip_acl (publicnetworks): key="192.168.1.133" matches "!192.168.0.0/16", result=0
Oct 16 11:07:20 poruke amavis[25538]: (25538-01) Blocked INFECTED (), MYNETS/MYUSERS LOCAL [192.168.1.133] [192.168.1.133] <xxxx@yyyyyyyyyyyyyyyy> -> <test1@yyyyyyyyyyyyyyyy>, quarantine: 1wh2rMXMj9pt, Message-ID: <525E5747.5010101@yyyyyyyyyyyyyyyy>, mail_id: 1wh2rMXMj9pt, Hits: -, size: 2585, 276 ms
Oct 16 11:07:20 poruke amavis[25538]: (25538-01) sql: preparing and executing: INSERT INTO msgrcpt (partition_tag, mail_id, rid, ds, rs, bl, wl, bspam_level, smtp_resp) VALUES (?,?,?,?,?,?,?,?,?)
Oct 16 11:07:20 poruke amavis[25538]: (25538-01) save_info_final 1wh2rMXMj9pt, V, Q, 1wh2rMXMj9pt, N, 0, Message-ID: <525E5747.5010101@yyyyyyyyyyyyyyyy>, From: 'Sasa <xxxx@yyyyyyyyyyyyyyyy>', Subject: 'Fwd: test'
Oct 16 11:07:20 poruke amavis[25538]: (25538-01) sql: preparing and executing: UPDATE msgs SET content=?, quar_type=?, quar_loc=?, dsn_sent=?, spam_level=?, message_id=?, from_addr=?, subject=?, client_addr=? WHERE partition_tag=? AND mail_id=?
Oct 16 11:07:20 poruke amavis[25538]: (25538-01) sending SMTP response: "554 5.7.0 Reject, id=25538-01 - INFECTED: "
Oct 16 11:07:20 poruke amavis[25538]: (25538-01) ESMTP> 554 5.7.0 Reject, id=25538-01 - INFECTED:
Oct 16 11:07:20 poruke amavis[25538]: (25538-01) TempDir::strip: /var/spool/amavisd/tmp/amavis-20131016T110720-25538
Oct 16 11:07:20 poruke amavis[25538]: (25538-01) rmdir_recursively: /var/spool/amavisd/tmp/amavis-20131016T110720-25538/parts, excl=1
Oct 16 11:07:20 poruke amavis[25538]: (25538-01) TIMING [total 295 ms] - SMTP greeting: 6 (2%)2, SMTP EHLO: 2 (1%)3, SMTP pre-MAIL: 2 (1%)3, mkdir tempdir: 1 (0%)4, create email.txt: 0 (0%)4, SMTP pre-DATA-flush: 4 (1%)5, SMTP DATA: 34 (11%)17, check_init: 1 (0%)17, digest_hdr: 2 (1%)18, digest_body_dkim: 1 (0%)18, sql-connect: 7 (2%)20, sql-enter: 56 (19%)39, mkdir parts: 4 (1%)41, mime_decode: 14 (5%)45, get-file-type2: 12 (4%)49, decompose_part: 2 (1%)50, parts_decode: 0 (0%)50, check_header: 1 (0%)50, AV-scan-1: 28 (10%)60, read_snmp_variables: 1 (0%)60, best_try_originator: 3 (1%)61, update_cache: 1 (0%)62, decide_mail_destiny: 3 (1%)62, notif-quar: 2 (1%)63, write-header: 3 (1%)64, fwd-sql: 29 (10%)74, fwd-connect: 21 (7%)81, fwd-mail-pip: 8 (3%)84, fwd-rcpt-pip: 0 (0%)84, fwd-data-chkpnt: 0 (0%)84, write-header: 0 (0%)84, fwd-data-contents: 2 (1%)85, fwd-end-chkpnt: 14 (5%)90, prepare-dsn: 2 (1%)90, main_log_entry: 10 (3%)94, sql-update: 13 (5%)98, update_snmp: 3 (1%)99, SMTP pre-response: 0 (...
Oct 16 11:07:20 poruke amavis[25538]: (25538-01) ...0%)99, SMTP response: 1 (0%)100, unlink-3-files: 1 (0%)100, rundown: 1 (0%)100
Oct 16 11:07:20 poruke amavis[25538]: (25538-01) ESMTP< QUIT\r\n
Oct 16 11:07:20 poruke amavis[25538]: (25538-01) ESMTP> 221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
Oct 16 11:07:20 poruke amavis[25538]: (25538-01) SMTP session over, timer stopped

#############################################################################
and then released it :

Oct 16 11:11:34 poruke amavis[25539]: loaded base policy bank
Oct 16 11:11:34 poruke amavis[25539]: loaded policy bank "AM.PDP-INET"
Oct 16 11:11:34 poruke amavis[25539]: lookup_ip_acl (inet_acl): key="127.0.0.1" matches "127.0.0.1", result=1
Oct 16 11:11:34 poruke amavis[25539]: process_request: fileno sock=12, STDIN=0, STDOUT=1
Oct 16 11:11:34 poruke amavis[25539]: policy protocol: request=release
Oct 16 11:11:34 poruke amavis[25539]: policy protocol: mail_id=1wh2rMXMj9pt
Oct 16 11:11:34 poruke amavis[25539]: policy protocol: secret_id=xxxxxxxxxxx
Oct 16 11:11:34 poruke amavis[25539]: (rel-1wh2rMXMj9pt) (!!)policy_server FAILED: File /var/spool/amavisd/quarantine/1wh2rMXMj9pt does not exist at (eval 96) line 385, <GEN25> line 4.
Oct 16 11:11:34 poruke amavis[25539]: (rel-1wh2rMXMj9pt) TIMING [total 1 ms] - got data: 0 (0%)0, rundown: 1 (100%)100

#############################################

This is amavisd segment in congig :

#
# Port used to release quarantined mails.
#
$interface_policy{'9998'} = 'AM.PDP-INET';
$policy_bank{'AM.PDP-INET'} = {
    protocol => 'AM.PDP',       # select Amavis policy delegation protocol
    inet_acl => [qw( 127.0.0.1 [::1] )],    # restrict access to these IP addresses
    auth_required_release => 1,    # 0 - don't require secret_id for amavisd-release
    #log_level => 4,
    #always_bcc_by_ccat => {CC_CLEAN, 'admin@example.com'},
};

#########################

11

Re: Release of Quarantined mails

*) Pasted log shows Amavisd correctly quarantined this email.
*) Log shows iRedAdmin-Pro sent correct commands to release this quarantined mail.
*) You have correct settings in Amavisd (AM.PDP-INET).

Well, unfortunately, no idea yet. Sorry.

Could you please show me SQL record of this quarantined mail in Amavisd database: amavisd.msgs (yes, it's table "msgs", not "quarantine")? I have to check the SQL record to dive deeper.

Also, you can find Amavisd SQL structure here: http://www.ijs.si/software/amavisd/README.sql-mysql.txt
And protocol of 'AM.PDP-INET': http://www.ijs.si/software/amavisd/README.protocol.txt (TIP: Search "request=release" will quickly show you how to release quarantined mail)

12

Re: Release of Quarantined mails

Does manually releasing this quarantined mail work for you? Try this on your iRedMail server:

# telnet localhost 9998        # <- Port 9998 is used to release quarantine
request=release
mail_id=1wh2rMXMj9pt
secret_id=xxxxxxxxxxx    # <- Double press 'Enter' key to submit your request

And if it failed, try this:

# telnet localhost 9998
request=release
mail_id=1wh2rMXMj9pt
secret_id=xxxxxxxxxxx
quar_type=Q         # <- Release a quarantined mail stored in SQL server

13

Re: Release of Quarantined mails

From MySQL:
##########################3

<?xml version="1.0" encoding="utf-8"?>
<!--
- phpMyAdmin XML Dump
- version 3.5.8.1
- http://www.phpmyadmin.net
-
- Host: localhost
- Generation Time: Oct 18, 2013 at 01:14 PM
- Server version: 5.1.69
- PHP Version: 5.3.3
-->

<pma_xml_export version="1.0" xmlns:pma="http://www.phpmyadmin.net/some_doc_url/">
    <!--
    - Structure schemas
    -->
    <pma:structure_schemas>
        <pma:database name="amavisd" collation="utf8_general_ci" charset="utf8">
            <pma:table name="msgs">
                CREATE TABLE `msgs` (
                  `partition_tag` int(11) NOT NULL DEFAULT '0',
                  `mail_id` varbinary(16) NOT NULL,
                  `secret_id` varbinary(16) DEFAULT '',
                  `am_id` varchar(20) NOT NULL,
                  `time_num` int(10) unsigned NOT NULL,
                  `time_iso` char(16) NOT NULL,
                  `sid` bigint(20) unsigned NOT NULL,
                  `policy` varchar(255) DEFAULT '',
                  `client_addr` varchar(255) DEFAULT '',
                  `size` int(10) unsigned NOT NULL,
                  `originating` char(1) NOT NULL DEFAULT '',
                  `content` char(1) DEFAULT NULL,
                  `quar_type` char(1) DEFAULT NULL,
                  `quar_loc` varbinary(255) DEFAULT '',
                  `dsn_sent` char(1) DEFAULT NULL,
                  `spam_level` float DEFAULT NULL,
                  `message_id` varchar(255) DEFAULT '',
                  `from_addr` varchar(255) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT '',
                  `subject` varchar(255) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT '',
                  `host` varchar(255) NOT NULL,
                  PRIMARY KEY (`partition_tag`,`mail_id`),
                  KEY `msgs_idx_sid` (`sid`),
                  KEY `msgs_idx_mess_id` (`message_id`),
                  KEY `msgs_idx_time_num` (`time_num`),
                  KEY `msgs_idx_mail_id` (`mail_id`),
                  KEY `msgs_idx_content` (`content`),
                  KEY `msgs_idx_content_time_num` (`content`,`time_num`)
                ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
            </pma:table>
        </pma:database>
    </pma:structure_schemas>

    <!--
    - Database: 'amavisd'
    -->
    <database name="amavisd">
        <!-- Table msgs -->
        <table name="msgs">
            <column name="partition_tag">0</column>
            <column name="mail_id">1wh2rMXMj9pt</column>
            <column name="secret_id">IrYTdbUt8npx</column>
            <column name="am_id">25538-01</column>
            <column name="time_num">1381914440</column>
            <column name="time_iso">20131016090720</column>
            <column name="sid">16</column>
            <column name="policy">MYNETS/MYUSERS</column>
            <column name="client_addr">192.168.1.133</column>
            <column name="size">2585</column>
            <column name="originating"></column>
            <column name="content">C</column>
            <column name="quar_type"></column>
            <column name="quar_loc">1wh2rMXMj9pt</column>
            <column name="dsn_sent">N</column>
            <column name="spam_level">0</column>
            <column name="message_id">&lt;525E5747.5010101@xxxxxxxxxxxx&gt;</column>
            <column name="from_addr">Sasa &lt;rrrrrrrrrrr@xxxxxxxxxx&gt;</column>
            <column name="subject">Fwd: test</column>
            <column name="host">yyyyyyyy</column>
        </table>
    </database>
</pma_xml_export>

###################

No it dosent work manualy without quar_type=Q
BUT IT DOES WORK WITH THAT LINE :

Oct 18 15:35:05 poruke amavis[6199]: (rel-HBCbzeI1S+dX) loaded policy bank "AM.PDP-INET"
Oct 18 15:36:22 poruke amavis[6199]: (rel-5u8lSEpURAle) release 5u8lSEpURAle /var/spool/amavisd/tmp:  ->
Oct 18 15:36:22 poruke amavis[6199]: (rel-5u8lSEpURAle) Quarantined message release (miscategorized): 5u8lSEpURAle <yyyyyyyy@xxxxxxx> -> <test1@xxxxxxxxxx>
Oct 18 15:36:22 poruke amavis[6199]: (rel-5u8lSEpURAle) FWD via SMTP: <yyyyyyyyyyy@xxxxxxxxx> -> <test1@xxxxxxxxxxx>, 250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C805F18165E
Oct 18 15:36:22 poruke amavis[6199]: (rel-5u8lSEpURAle) TIMING [total 80 ms] - got data: 0 (0%)0, fwd-connect: 23 (29%)29, fwd-mail-pip: 20 (25%)55, fwd-rcpt-pip: 0 (0%)55, fwd-data-chkpnt: 0 (0%)55, write-header: 2 (2%)57, fwd-data-contents: 0 (0%)57, fwd-end-chkpnt: 33 (42%)99, rundown: 1 (1%)100

###############################

I think that iRedAdmin-Pro does not send  " quar_type=Q "

14

Re: Release of Quarantined mails

OK, it's a bug in iRedAdmin-Pro. But it works without any issue before, not sure why it happened.

Here's patch to force iRedAdmin-Pro-MySQL-1.7.0 to send 'quar_type=Q' while releasing quarantined mail:

*) Open file libs/amavisd/quarantine.py, find below line (about line 245):

                 s.send('request=release\r\n' + cmd + '\r\n')

*) Modify it to below line:

s.send('request=release\r\n' + cmd + 'quar_type=Q\r\n' + '\r\n')

*) Save your modification, then restart Apache service to load modified file.

It should work for you now.

Will fix this in next release of iRedAdmin-Pro. Thanks very much for your feedback and help.

15

Re: Release of Quarantined mails

Ok this worked thanks.