Knowledge Base Home

Call Support

Search the Knowledge Base

Skip to end of metadata
Go to start of metadata


Netmail Secure 5.x


Situations may arise where the quarantine directory must be moved to another node, such as when a node holding the quarantine directory is to be decommissioned, or if disk space on the node holding the quarantine directory is insufficient. This article will explain how to move the quarantine directory to another machine in a Netmail Secure cluster and point the logging database to that node, and (optionally), how to decommission the node that originally held the quarantine directory.


1)  Open an SSH session and connect to the Netmail Secure primary node.

2)  Login and gain root privileges by issuing the sudo su command.

30 Stop the netmail and cfs services by invoking the following commands:


service netmail stop

service cfsd stop


4)  Navigate to the quarantine directory, located in /var/netmail/store/quarantine.

Compress the existing quarantine directory in preparation for the move using the tar archiving utility. The syntax of the command is: 

tar -zcvf  <archivename.tar.gz> /var/netmail/store/quarantine  (insert the name of the compressed archive to be created between the angle brackets).

The archive will be created in the current directory unless otherwise specified. For example, to create a quarantine archive called qt-archive-sept-2014 in the current directory, the command would be:

tar -zcvf  qt-archive-sept-2014.tar.gz> /var/netmail/store/quarantine


5)  Once the quarantine archive is generated, move it to the equivalent quarantine directory on the target node and decompress the archive.

The syntax for the decompression command is:

tar –zxvf <archivename.tar.gz> where the name of the archive to be decompressed is inserted between the angle brackets; all files will be extracted to the current directory. In this example, the command would be:


tar –zxvf qt-archive-sept-2014.tar.gz


6)  The next step is to update the configuration on the target Secure node.  Configuration information is contained in the cfs.conf file.  The quarantine section of this file must be updated on the target node so that it contains the same information that is in the cfs.conf file on the primary Secure node.

7)  On the primary Secure node, stop the services listed in Step 3, and navigate to the directory holding the cfs.conf file; the file is located in /opt/ma/netmail/etc/

8)  Open the file for editing using the vi editor:       vi /opt/ma/netmail/etc/cfs.conf

A sample cfs.conf file is shown in the screenshot below. The file will look something like this:



9)  Take note of the information about the quarantine store parameter (3rd section of the file, highlighted in yellow in the screenshot above). Copy that section (quarantine store name, path, flags, id etc.; example shown below) to a text file so it remains accessible:



10)  Save the file and connect to the target node in the Secure cluster that will now host the quarantine through an SSH session.  

Open the cfs.conf file on the target node for editing, and modify the file so it contains the primary node’s quarantine store information (i.e., the information that was copied to the text file in Step 9).


11)  Since the quarantine information is also stored in the PostgreSQL database, the database configuration should also be modified as follows:

Ensure that all nodes in the cluster are trusted in the pg_hba.conf file ( located in /var/lib/pgsql/data). An example of the pg_hba.conf file is provided below:



# "local" is for Unix domain socket connections only

local           all                    all                                                    ident sameuser

# IPv4 local connections:

host            all                   all                      trust  sameuser

host            all                   all                  trust  sameuser

# IPv6 local connections:

host            all                  all                ::1/128                          trust  sameuser


Navigate to /root and view the .odbc.ini SQL database configuration file. Verify that logging is pointing to the new (target) server.  An example of an .odbc.ini file is provided below.

Make changes to the Servername (IP address of the target node) as needed:



Description=M+ Guardian










12) Once the configuration is updated, restart the netmail and cfsd services on the target node using the following commands:

service netmail start

service cfsd start


The target node will now hold the quarantine directory for the system.


13)  If the primary Netmail Secure node is to be decommissioned, make sure that the netmail service on the node was not restarted, and temporarily disable the firewall by issuing the following command:


service nmFirewall stop


After the service stops, connect to the Netmail Secure eDirectory tree using an LDAP browser.

Delete all OUs in eDirectory that reference the decommissioned primary node:


Disconnect from eDirectory and restart the firewall service:

service nmFirewall stop


Restart the netmail service on the node that now serves as the primary node in the secure cluster:

service netmail start



Help us improve!
Is this article helpful?
Is it well written?
Is the content complete?