Apparently, my quarantining had stopped working on one of my servers. From
researching, the issue is a problem with ext3 with "the max number of
subdirectories in one directory is fixed to 32000".
Moreover, the error was caused by poor error checking in my filter routine
coupled with what I see as a necessary feature extension needed in MD's
get_quarantine_dir routine.
I've already fixed my filter routine but we are getting hammered with
phishing emails that are being quarantined so the 32K limit is a huge issue.
For those that care, here is the fix I added to my filter to error check
action_quarantine_entire_message. Because of the dangerous attachments, I
still chose to run action_drop_with_warning at the end.
if (action_quarantine_entire_message()) {
$quarantine_dir = get_quarantine_dir();
$short_qdir = $quarantine_dir;
$short_qdir =~ s/^.*\/qdir/qdir/;
md_syslog( 'info', "$QueueID: MSG Quarantined: $quarantine_dir");
} else {
md_syslog( 'error', "$QueueID: MSG Quarantine failed!");
$short_qdir = "[Error: The Message was Not Quarantined]\n";
}
David, what do you think of adding a subdirectory for day/hour to the
quarantine dir? Below is a quick throw together (not compiled or tested) on
the issue. The goal being to add more subdirectories and not bomb out on
more than 32K quarantined messages.
First a new routine:
#***********************************************************************
# %PROCEDURE: short_time_str
# %ARGUMENTS:
# None
# %RETURNS:
# The current time in the form: "YYYY-MM-DD-HH"
# %DESCRIPTION:
# Returns a string representing the current date and hour
#***********************************************************************
sub short_time_str () {
my($sec, $min, $hour, $mday, $mon, $year, $junk);
($sec, $min, $hour, $mday, $mon, $year, $junk) = localtime(time());
return sprintf("%04d-%02d-%02d-%02d",
$year + 1900, $mon+1, $mday, $hour);
}
Then in get_quarantine_dir, adding these lines below the current my ($tm);
(line 1299 in 2.67):
my($short_tm);
$short_tm = short_time_str();
$QuarantineSubdir = sprintf("%s/%s",
$Features{'Path:QUARANTINEDIR'},
$short_tm);
unless (-d $QuarantineSubdir) {
if (mkdir($QuarantineSubdir, 0750)) {
$success = 1;
}
}
if (!$success)
$QuarantineSubdir = "";
return "";
}
Finally, change:
$QuarantineSubdir = sprintf("%s/%s/qdir-%s-%03d",
$Features{'Path:QUARANTINEDIR'},
$short_tm, $tm, $counter);
My belief is that these would seamlessly make the issue much less likely to
occur. Of course, that goes on the premise that subdirs of subdirs don't
count towards the 32000 limit.
Regards,
KAM
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
