Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: ephraims on August 16, 2004, 09:37:40 AM

Title: Injecting emails back into system
Post by: ephraims on August 16, 2004, 09:37:40 AM

My Clamd died on one of my servers today and it put all the messages into the problems directory i have restarted qmail and clamd and all working now. How do i inject all the emails in the problems directory back into the system?

When i try the amavis-inject line i get /usr/bin/rsmtp no such file or directory.

i just want to inject all the emails back into the system to be delivered or sent

Please Help
Thanks

Title: "|" need be between the filename and rsmtp
Post by: hardijs on August 16, 2004, 11:31:46 AM

the pipe symbol "|" need be there -
also check if there is the rsmtp in the /usr/bin

best of all if the sme version is above 6 then use the amavis install from www.pagefault.org - the paner gives you the ability to delete or inject the mail.

Title: Should i create the rsmtp directory
Post by: ephraims on August 16, 2004, 01:20:37 PM

Do i need to create that directory and is there anyway to inject back into the system so the email will be rescaned before they are sent out or distrabuted through the organistion

Title: well it should be there......
Post by: hardijs on August 16, 2004, 01:30:06 PM

its an executable - "|" means that the amavis-inject output is being piped to this app - so this is not the a dir per se - just an app that redirects / informs mail engine that there is something to work on. (that's oversimplication)

now see the pagefault.org to see where you can get (ie from the same place ;) the rpm for reinjecting.....

That was some time ago when I went through this - so I do not remember what and in what order was done what -
if you follow the Knudsen or pagefault site then it should be ok.

Also which sme version are u using?

Title: 5.6
Post by: ephraims on August 16, 2004, 02:00:27 PM

I am using sme 5.6 i am using knudsen install and have installed the inject module from his site and still not working any ideas

Title: Clam error
Post by: cc_skavenger on August 16, 2004, 04:53:26 PM

I just fixed mine, with MasterSleepy's help.  Seems to be a common thing.
Try this command:
rpm -q qmail-bsmtp
you should get a response like this:
qmail-bsmtp-0.1-1
If not, then install this file:
http://ccskavenger.lc-usa.net/SME(E-SMITH)/contribs/clamav-old/qmail-bsmtp-0.1-1.noarch.rpm

This is copied directly from http://www.pagefault.org 's old howto:

'Problem' e-mails and Bug Reports
Clam Antivirus is being continually worked on to improve the quality and stability of the program.

If an error occurs with Clam Antivirus an e-mail will be sent to the administrator with the subject "Message put into problems directory".

The actual e-mail has been stored in /var/spool/amavis-ng/problems as <unique number>.msg and <unique number>.log, which will be stated in the e-mail.

There are several possible reasons for why this has occurred. Possibly the clamd process has either died or failed to start, you should run:

/sbin/service clamd start

Ensure that clamd has restarted successfully by running the tests mentioned in the 'A Few Simple Tests' section.

Before re-injecting the e-mails in the problems directory, you should determine if a certain message is the cause of the problem. You can test the messages by runnin g the following (on each mail message in the problems directory):

cat <unique number>.msg | clamscan --mbox -

For all messages that return successfully and that are not infected you should resubmit to the mail system by running the following command:

/usr/bin/amavis-inject -S 127.0.0.1 /var/spool/amavis-ng/problems/<unique number>.msg
You can then delete the email and logfile:

rm -f /var/spool/amavis-ng/problems/<unique number>.msg

If a message fails with the above test it must not be re-injected into the mail system directly. First determine if the mail is not spam, and if so re-inject it with the following command:

/usr/bin/amavis-inject /var/spool/amavis-ng/problems/<unique number>.msg | /usr/bin/rsmtp

If the e-mail is not confidential you should attach it (zipped) with the version information of Clam Antivirus (available by running clamscan --version) and send this to damien@pagefault.org and I'll attempt to debug your problem and role out a patch.

the howto can be found at:
http://www.pagefault.org/howto/amavis_clam.shtml

HTH

Title: Injecting emails back into system
Post by: ryan on August 24, 2004, 01:56:19 AM

I am not a linux guru, but I was able to get messages in an easy way.  Doing this may present a risk to your server, so do so at your own risk.  Any emails you re-acquire might have a virus, so treat them appropriately.  

1.  Login on SME root.  Start midnight commander by typing mc.

2.  Navagate the left panel of mc to the new mail directory for admin (root).

3.  Locate and copy the messages you want from the problem/quarantine directory to the admin mail directory...pressing F5 in mc will copy the selected file to the directory open in the opposite panel.

4.  In server manager, turn on webmail if it is not on.

5.  Login to webmail as user admin.  You should have the emails you copied and can print or forward them.

done.

I had to do this for several emails that had to be opened even though they where infected.  

ryan