DoS lack of logs
Jim Holland
mailscanner at mango.zw
Mon Oct 9 13:18:20 IST 2006
On Mon, 9 Oct 2006, shuttlebox wrote:
> Date: Mon, 9 Oct 2006 13:17:28 +0200
> From: shuttlebox <shuttlebox at gmail.com>
> Reply-To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> Subject: DoS lack of logs
>
> I have been hit with some archive that uses all the resources and
> slows mail thruput to the point that the incoming queue only grows and
> grows.
>
> When the virus scanner times out that is logged and MailScanner
> records a denial of service attempt but only the MS process in shown
> in the syslogs. I would like the message id's of that batch in the
> logs, or better yet the offending message id if it's possible.
>
> It's now hard to find the message that causes this or do you guys have
> a good way of finding it?
I am pretty sure that this is only a problem on older versions of
MailScanner and that if you update to the current version the problem will
disappear. Not only does the current version minimise the chances of a
denial of service problem occurring, but if it does occur it will also
report more helpfully:
Virus Scanning: Denial Of Service attack is in message k7GDK0Nb020871
so that you know where the problem is. The problem message will then be
quarantined so that it can be dealt with manually if required and the rest
of the system will carry on without interference.
Regards
Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service
More information about the MailScanner
mailing list