mailscanner trouble

Tue Jul 24 16:48:37 IST 2007

I have the following setup and was running fine for the past 2 years or so

REDhat 8
bind-9.2.1-9
sendmail-8.12.5-7
mailScanner  4.28.6
spamassassin-2.31-16
clamav 0.91
domain name-- kmun.gov.kw

jus abt 2 days back i found the users not gettin mail and when i checked
the maillog i found the user mails were not gettin delivered to their
mailboxes .

also i tried to send mail from yahoo to my account n it was not gettin
delivered but if i restart my server i cd get the mail. and then again
there used to be problem

now i stoped mailscanner n only started sendmail and my mails were getting
delivered normally to users inboxes and was perfect.

wht cd be wrong with my mailscanner.. or is there problem with clamav

appreciet your help

here below are some maillogs

1) as i see denail of service attack

2) RBL Check ORDB-RBL timed out and was killed, consecutive failure 2 of 7

--------------------------------------------------------------
Jul 22 09:36:49 kmdns MailScanner[24383]: Spam Checks: Starting
Jul 22 09:36:54 kmdns MailScanner[25469]: RBL Check ORDB-RBL timed out and
was killed, consecutive failure 2 of 7
Jul 22 09:36:58 kmdns MailScanner[24645]: RBL Check ORDB-RBL timed out and
was killed, consecutive failure 5 of 7
Jul 22 09:36:59 kmdns MailScanner[24645]: Virus and Content Scanning:
Starting
Jul 22 09:36:59 kmdns MailScanner[24383]: RBL Check ORDB-RBL timed out and
was killed, consecutive failure 7 of 7
Jul 22 09:37:00 kmdns MailScanner[24383]: RBL checks: l6M5agX6025576 found
in SBL+XBL
Jul 22 09:37:00 kmdns MailScanner[24383]: Message l6M5agX6025576 from
58.69.248.98 (jquintana_eu at yahoo.co.uk) to kmun.gov.kw is spam, SBL+XBL
Jul 22 09:37:00 kmdns MailScanner[24383]: RBL checks: l6M5afX6025574 found
in SBL+XBL
Jul 22 09:37:01 kmdns MailScanner[24383]: Message l6M5afX6025574 from
58.69.248.98 (jquintana_eu at yahoo.co.uk) to kmun.gov.kw is spam, SBL+XBL
Jul 22 09:37:02 kmdns MailScanner[24383]: Spam Checks: Found 2 spam messages
Jul 22 09:37:02 kmdns MailScanner[24383]: Spam Actions: message
l6M5agX6025576 actions are delete
Jul 22 09:37:03 kmdns MailScanner[24383]: Spam Actions: message
l6M5afX6025574 actions are delete
Jul 22 09:37:04 kmdns MailScanner[24383]: Virus and Content Scanning:
Starting
Jul 22 09:37:05 kmdns MailScanner[25469]: RBL Check ORDB-RBL timed out and
was killed, consecutive failure 3 of 7
Jul 22 09:37:16 kmdns MailScanner[25469]: RBL Check ORDB-RBL timed out and
was killed, consecutive failure 4 of 7
Jul 22 09:37:17 kmdns MailScanner[25469]: Virus and Content Scanning:
Starting
Jul 22 09:41:34 kmdns MailScanner[24612]: Commercial scanner clamav timed
out!
Jul 22 09:41:35 kmdns MailScanner[24612]: Virus Scanning: Denial Of
Service attack detected!
Jul 22 09:41:35 kmdns MailScanner[24335]: Commercial scanner clamav timed
out!
Jul 22 09:41:35 kmdns MailScanner[24335]: Virus Scanning: Denial Of
Service attack detected!
Jul 22 09:41:35 kmdns MailScanner[24612]: New Batch: Found 7 messages waiting
Jul 22 09:41:36 kmdns MailScanner[24612]: New Batch: Scanning 1 messages,
4711 bytes
Jul 22 09:41:36 kmdns MailScanner[24612]: Spam Checks: Starting
Jul 22 09:41:36 kmdns MailScanner[24335]: MailScanner child dying of old age
Jul 22 09:41:37 kmdns MailScanner[24612]: RBL checks: l6M5aeX6025573 found
in SBL+XBL
Jul 22 09:41:37 kmdns MailScanner[24612]: Message l6M5aeX6025573 from
58.69.248.98 (jquintana_eu at yahoo.co.uk) to kmun.gov.kw is spam, SBL+XBL
Jul 22 09:41:37 kmdns MailScanner[24612]: Spam Checks: Found 1 spam messages
Jul 22 09:41:37 kmdns MailScanner[24612]: Spam Actions: message
l6M5aeX6025573 actions are delete
Jul 22 09:41:37 kmdns MailScanner[24612]: Virus and Content Scanning:
Starting
Jul 22 09:41:38 kmdns MailScanner[25614]: MailScanner E-Mail Virus Scanner
version 4.28.6 starting...
Jul 22 09:41:40 kmdns MailScanner[25614]: Using locktype = flock
Jul 22 09:42:00 kmdns MailScanner[24645]: Commercial scanner clamav timed
out!
Jul 22 09:42:01 kmdns MailScanner[24645]: Virus Scanning: Denial Of
Service attack detected!
Jul 22 09:42:02 kmdns MailScanner[24383]: Commercial scanner clamav timed
out!
Jul 22 09:42:03 kmdns MailScanner[24383]: Virus Scanning: Denial Of
Service attack detected!
Jul 22 09:42:18 kmdns MailScanner[25469]: Commercial scanner clamav timed
out!
Jul 22 09:42:18 kmdns MailScanner[25469]: Virus Scanning: Denial Of
Service attack

-------------------------------------------------------------------

Regards

simon

-- 
Network Administrator