Bogus "denial of service" messages, and postdrop not working

Jacques Caruso jacques at MONACO.NET
Mon Dec 15 14:28:02 GMT 2003


I'm encountering (surprise ! :-) some new problems. Some legitimate
messages get their attachments scrubbed by MS with the mention that they
contain a « denial of service attack ». I looked at the documentation,
the FAQ, the mailing-list archives (even grepped the source code files
for the 'DOSAttack' string), to no avail. I can't seem to find what
triggers those denial of service alerts, and how to deactivate them...

Another problem is that I've thus far failed to reinject a message into
the queue by conventional means. I quarantine messages with :

Quarantine Infections = yes
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = yes

When I use postdrop on a quarantined message, I get a cryptic error
message :

[root at sceuzi][/var/spool/MailScanner/quarantine/20031213/3CC271B8114]# postdrop < 3CC271B8114
queue_idEB92220C06Bpostdrop: fatal: uid=0: unexpected record type: 67

The only clue I've been able to find is a message where this behaviour
was attributed to a version discrepancy between postfix and the postdrop
command. Of course, I double-checked all my commands come from the same
version, thus I'm in the dark. A postcat on the same file works fine, so
I've for the moment settled on a script which parses the postcat output
and reinjects it on the internal Postfix instance, but it's a truly
lousy solution. Can someone point me to where I should look to get rid
of this problem ?

BTW, my MailScanner.conf (without comments) is at
<>. I don't know
if it can help in understanding what happens, but then, better safe than

[ Jacques Caruso <jacques at>                  Développeur PHP ]
[ Monaco Internet                  ]
[ Tél : (+377) 93 10 00 43                        Clé PGP : 0x41F5C63D ]
[ -*-  Quand le doigt montre la lune, l'imbécile regarde le doigt  -*- ]

More information about the MailScanner mailing list