amavisd-release

Dominic Raferd dominic at timedicer.co.uk
Tue Aug 28 19:05:30 CEST 2018


On Tue, 28 Aug 2018 at 16:26, Deeztek Support <support at deeztek.com> wrote:
>
> What command are you using to release message?
>
> -----Original Message-----
> From: amavis-users [mailto:amavis-users-bounces+support=deeztek.com at amavis.org] On Behalf Of R. Sterenborg (Lists)
> Sent: Tuesday, August 28, 2018 5:23 AM
> To: amavis-users at amavis.org
> Subject: amavisd-release
>
> I'm struggling with getting amavisd-release to work.
>
> Amavisd 2.11.0 on CentOS 7.
>
>
> In amavisd.conf:
> =====================
> $inet_socket_port                 = [ 9998, 10024, 10026 ];
>
> $do_syslog                        = 0;
> $logfile                          = '/path/to/amavisd.log';
>
> $QUARANTINEDIR                    = '/path/to/amavisd/quarantine'; $virus_quarantine_method          = 'local:virus/virus-%i-%n'; $spam_quarantine_method           = 'local:spam/spam-%b-%i-%n'; $banned_files_quarantine_method   = 'local:banned/banned-%i-%n'; $bad_header_quarantine_method     = 'local:badh/badh-%i-%n';
>
> $interface_policy{'9998'}         = 'AM.PDP-INET'; $policy_bank{'AM.PDP-INET'}       = {
>    protocol                        => 'AM.PDP',
>    inet_acl                        => [qw( 127.0.0.1 )],
>    auth_required_release           => 0, }; =====================
>
>
> In amavisd-release:
> =====================
>    $socketname = '127.0.0.1:9998';
> =====================
>
>
>  From
> https://www.ijs.si/software/amavisd/amavisd-new-docs.html#quar-release:
>
> "The secret_id is stored in SQL table msgs when logging to SQL is enabled, otherwise this information is not accessible."
>
> We're not using SQL with amavisd, so I set auth_required_release to 0.
>
>
> Whenever I try to release an email, it fails:
>
> # amavisd-release virus/virus-20180827T110127-45477-09
> 250 2.5.0 No recipients, nothing to do
>
> # amavisd-release virus/virus-20180827T110127-45477-09 ''
> 250 2.5.0 No recipients, nothing to do
>
> # amavisd-release virus/virus-20180827T110127-45477-09 '' user at domain.tld
> 450 4.5.0 ERROR: Stored quarantine ID 'ziXFTUeDuvT7' does not match requested ID 'virus-20180827T110127-45477-09' at /usr/sbin/amavisd line 11904.
>
>
> Changing from inet_socket_port to unix_socketname doesn't change the result.
>
>
> Can someone please help me find the error I'm making?

Are you sure that the file you are trying to release is a valid email
which specifies a recipient?

Did you try:
# amavisd-release virus/virus-20180827T110127-45477-09 ziXFTUeDuvT7
user at domain.tld

If this works it reveals a vulnerability in the 'secret-id' system
used by amavisd-release, but it would enable you to move forward.


More information about the amavis-users mailing list