Proposed Fix for the MIMEDefang Quarantine Directory Limit when using Ext3 By: Kevin A. McGrail Licensed as a modification of MIMEDefang which is licensed under the GNU General Public License, version 2, ***************************************************************************** Quarantining of messages in MIMEDefang stopped working on one of my servers. From researching, the issue is a problem with the Ext3 filesystem which has a fixed maximum of 32000 subdirectories in one directory. The problem was further exacerbated by poor error checking in my filter routine. I've already fixed my filter routine but we are getting hammered with phishing emails that are being quarantined. This made the 32K limit a huge issue that required an immediate fix. This led to what I see as a necessary feature extension needed in MIMEDefang's get_quarantine_dir routine. Luckily, the extension for MD is elegant in it's simplicity thanks to MIMEDefang's well-written code. But first, here is the fix I added to my filter to error check action_quarantine_entire_message. Because of the dangerous attachments, I still chose to run action_drop_with_warning at the end. if (action_quarantine_entire_message()) { $quarantine_dir = get_quarantine_dir(); $short_qdir = $quarantine_dir; $short_qdir =~ s/^.*\/qdir/qdir/; md_syslog( 'info', "$QueueID: MSG Quarantined: $quarantine_dir"); } else { md_syslog( 'error', "$QueueID: MSG Quarantine failed!"); $short_qdir = "[Error: The Message was Not Quarantined]\n"; } Now, as a solution for the underlying MIMEDefang problem, I added a subdirectory for day & hour (YYYY-MM-DD-HH) to the quarantine directory. The goal being to add more subdirectories to avoid an error trying to store more than 32K quarantined messages. NOTE: This code was submitted for inclusion in MIMEDefang and it (or something similar) will be added to the upstream version. In the meantime, you must modify your mimedefang.pl directly. On my server, this file is located at /usr/local/bin/mimedefang.pl First, a new routine is added to mimedefang.pl: #*********************************************************************** # %PROCEDURE: short_time_str # %ARGUMENTS: # None # %RETURNS: # The current time in the form: "YYYY-MM-DD-HH" # %DESCRIPTION: # Returns a string representing the current date and hour #*********************************************************************** sub short_time_str () { my($sec, $min, $hour, $mday, $mon, $year, $junk); ($sec, $min, $hour, $mday, $mon, $year, $junk) = localtime(time()); return sprintf("%04d-%02d-%02d-%02d", $year + 1900, $mon+1, $mday, $hour); } Then, in the routine get_quarantine_dir, add these lines below the line, "my ($tm);". This is line 1299 in 2.67: my($short_tm); $short_tm = short_time_str(); $QuarantineSubdir = sprintf("%s/%s", $Features{'Path:QUARANTINEDIR'}, $short_tm); #Create a subdir of the YYYY-MM-DD-HH to prevent a 32K limit for ext3 unless (-d $QuarantineSubdir) { if (mkdir($QuarantineSubdir, 0750)) { $success = 1; } if (!$success) { $QuarantineSubdir = ""; return ""; } } Finally, change: $QuarantineSubdir = sprintf("%s/%s/qdir-%s-%03d", $Features{'Path:QUARANTINEDIR'}, $short_tm, $tm, $counter); If you compile from source, a unified patch for this fix against the MIMEDefang v2.72 source is available at: http://www.pccc.com/downloads/MIMEDefang/contrib/get_quarantine_dir_fix_for_32000_limit_patch_2.72 Applying the patch to the source dir (patch -p1 < [patch file]) will modify mimedefang.pl.in. Configure and install then proceeds as normal. My goal with this patch is to make the issue of exceeding 32000 entries in the quarantine directory much less likely to occur.