# Reading mail banned by amavis

## Fred Krogh

I've got an email message containing a tar file that I would like to unpack.  Amavis has put the mail message in a directory.  I can cat the message through sendmail, but it just gets banned again.  Is there anyway to get at this file?  (I've tried loading the message in emacs and copying the part that looks like it might be the tar file, but as I suspected that is not going to work.)  I've tried changing various things in amvavisd.conf, and restarting amavisd, but if there is a setting that lets it through, I've missed it.  I should mention that clamd is also running.  Is there a way to get at that tar file?  Thanks,

Fred

----------

## magic919

Tried Mutt?

----------

## Fred Krogh

I haven't tried Mutt, but don't see how that would be a solution.  Please correct me if I'm wrong, but I think the damage has been done by postfix/amavis/clamd/spamassasin (some combination of these) prior to it even getting to the mail reader.  Thanks,

Fredamavis banned

----------

## magic919

 *Quote:*   

> Amavis has put the mail message in a directory.

 

So open it there, that's what I'm saying.  Using Mutt.

----------

## Fred Krogh

I guess it's supposed to be easy, but not for me.  I emerged mutt.  The only way I could get at the file was to move it into /var/spool/mail/xxx for user xxx.  I had to copy some header information in to make mutt think it was a mail box entry.  So now with mutt I can open the message and look at it pretty much like I could with emacs.  There seems to be no way to get it to save the tar file.  It seems it does not even realize the file type since it does display the encoded text.  If mutt is the solution, I need more help.  Thanks,

Fred

----------

## Princess Nell

Which version of amavis is this? Do you mean it has quarantined the file? Which directory was it saved to?

Can you post the output of

file <path/to/file>

and, if it's an ascii file, the output of

head -10 <path/to/file>.

----------

## Fred Krogh

My amavisd: mail-filter/amavisd-new-2.4.3 

File is quarantined to directory /var/amavis/quarantine *Quote:*   

> # file /var/amavis/quarantine/banned-WeU+37CMot3Z
> 
> /var/amavis/quarantine/banned-WeU+37CMot3Z: smtp mail text
> 
> 

 

 *Quote:*   

> # head -10 /var/amavis/quarantine/banned-WeU+37CMot3Z
> 
> Return-Path: <>
> 
> Delivered-To: banned-quarantine
> ...

 

Note that the above was the result of my trying to send the file to myself using sendmail.  The original was the same except for the from part.  Thanks,

Fred

P.S. I have managed to get the files in question by other means, but I would still like to know how to do get at such files if this should happen again.

----------

## Princess Nell

Ok. I just wanted to see how amavisd-new quarantines mail  :Smile: 

All that misses to convert these files to mbx format is a "From " line, adding it will then make it

readable with any mailreader, such as mutt.

amavis-ng (see SF project page) comes with a script amavis-inject to reinject quarantined emails.

It is mainly useful for a postfix setup, it allows to inject messages into the localhost[127.0.0.1] instance which does not run amavis. By default, it prints the file to stdout in BSMTP format, which in

turn requires a bit of editing to bring it into mbox format.

To work properly with amavisd-new, the script would need a bit of editing.

s/^X-Quarantined-From:/X-Envelope-From:/

s/^X-Quarantined-To:/X-Envelope-To:/

----------

## Janne Pikkarainen

What happens if you release a quarantined message with amavisd-release?

----------

