OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Stucked mail from amavis

From: Vlada Macek (tuttlesandbox.cz)
Date: Tue Jan 03 2006 - 13:36:01 CST

Today I experienced a queue stucked mail. Amavis was unable to unpack a
gzipped attachment:

-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
366C29C0A5 71028 Tue Jan 3 16:27:13 EMAIL1
(host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing,
id=17863-06, decoding2-get-file-types FAILED: 'file' utility
(/usr/bin/file) failed, status=255 (65280 ) at /usr/sbin/amavisd-new
line 3853. (in reply to end of DATA command))
                                         EMAIL2

Corresponding log lines are:

Jan 3 16:27:28 amavis[29925]: (29925-01) Decoding of part-00003 (gzip
compressed data, from Unix, max compression) failed, leaving it
unpacked: Error running decompressor /bin/gzip -d on part-00003, exit
status 1 at /usr/sbin/amavisd-new line 4208.
Jan 3 16:27:28 amavis[29925]: (29925-01) TROUBLE in check_mail:
decoding2-get-file-types FAILED: 'file' utility (/usr/bin/file) failed,
status=255 (65280 ) at /usr/sbin/amavisd-new line 3853.
Jan 3 16:27:28 amavis[29925]: (29925-01) PRESERVING EVIDENCE in
/var/lib/amavis/amavis-20060103T162727-29925
Jan 3 16:27:28 postfix/lmtp[31198]: 366C29C0A5: to=<EMAIL2>,
relay=127.0.0.1[127.0.0.1], delay=15, status=deferred (host
127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=29925-01,
decoding2-get-file-types FAILED: 'file' utility (/usr/bin/file) failed,
status=255 (65280 ) at /usr/sbin/amavisd-new line 3853. (in reply to end
of DATA command))

Logcheck is of course mailing me similar new lines everytime Postfix try
to redeliver the message, which is often. :-)

Looking at the part-00003 I found it's an incomplete gzip file. That's
why gzip exits with return code 1.

What is the best way of handling such messages? I was looking up for how
to command Postfix to bounce an arbitrary queued message to the sender
immediately with some nice DSN, but I haven't found it.

I use Postfix 2.1.5 on Debian Sarge, here is the postconf -n in case
it's important:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
always_bcc = archiv
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
content_filter = lmtp-amavis:[127.0.0.1]:10024
delay_warning_time = 4h
local_destination_concurrency_limit = 1
mailbox_command = /usr/bin/maildrop
mailbox_size_limit = 0
max_use = 10
mydestination = $myself $myself3 $mydomain $myself.$mydomain
www.$mydomain web.$mydomain mail.$mydomain ftp.$mydomain
$mydomain2 $myself.$mydomain2 www.$mydomain2 web.$mydomain2
mail.$mydomain2 ftp.$mydomain2 $mydomain3 $myself3.$mydomain3
www.$mydomain3 web.$mydomain3 mail.$mydomain3
mydomain = hieronymus.cz
myhostname = $myself.$mydomain
mynetworks = 127.0.0.1 10.80.0.0/12
myorigin = $mydomain
receive_override_options = no_address_mappings
recipient_delimiter = +
show_user_unknown_table_name = no
smtp_helo_name = $myorigin
smtpd_banner = $myhostname ESMTP Welcome.
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
check_sender_access hash:/etc/postfix/sender_checks
smtpd_tls_CAfile = /etc/apache/Hieronymus__CA.crt
smtpd_tls_cert_file = /etc/apache/Hieronymus__ALL.hieronymus.cz.crt
smtpd_tls_key_file = /etc/apache/Hieronymus__ALL.hieronymus.cz.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = no
smtpd_use_tls = no
soft_bounce = no
virtual_alias_maps = hash:/etc/postfix/virtual

Thanks in advance.

--

\//\/\
(Sometimes credited as 1494 F8DD 6379 4CD7 E7E3 1FC9 D750 4243 1F05 9424.)

 [ When you find a virus in mail from me, then I intended to infect you, ]
 [ because I use SW that is not distributing viruses w/o my knowledge.:) ]