Bogus "denial of service" messages, and postdrop not working
Jacques Caruso
jacques at MONACO.NET
Mon Dec 15 14:28:02 GMT 2003
Hi,
I'm encountering (surprise ! :-) some new problems. Some legitimate
messages get their attachments scrubbed by MS with the mention that they
contain a « denial of service attack ». I looked at the documentation,
the FAQ, the mailing-list archives (even grepped the source code files
for the 'DOSAttack' string), to no avail. I can't seem to find what
triggers those denial of service alerts, and how to deactivate them...
Another problem is that I've thus far failed to reinject a message into
the queue by conventional means. I quarantine messages with :
Quarantine Infections = yes
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = yes
When I use postdrop on a quarantined message, I get a cryptic error
message :
[root at sceuzi][/var/spool/MailScanner/quarantine/20031213/3CC271B8114]# postdrop < 3CC271B8114
queue_idEB92220C06Bpostdrop: fatal: uid=0: unexpected record type: 67
The only clue I've been able to find is a message where this behaviour
was attributed to a version discrepancy between postfix and the postdrop
command. Of course, I double-checked all my commands come from the same
version, thus I'm in the dark. A postcat on the same file works fine, so
I've for the moment settled on a script which parses the postcat output
and reinjects it on the internal Postfix instance, but it's a truly
lousy solution. Can someone point me to where I should look to get rid
of this problem ?
BTW, my MailScanner.conf (without comments) is at
<http://cagliostro.monaco.net/tmp/ms/3/MailScanner.conf>. I don't know
if it can help in understanding what happens, but then, better safe than
sorry...
Greets,
--
[ Jacques Caruso <jacques at monaco.net> Développeur PHP ]
[ Monaco Internet http://monaco-internet.mc/ ]
[ Tél : (+377) 93 10 00 43 Clé PGP : 0x41F5C63D ]
[ -*- Quand le doigt montre la lune, l'imbécile regarde le doigt -*- ]
More information about the MailScanner
mailing list