emails that attempt to kill mailscanner {Scanned}

Mon Aug 19 11:43:31 IST 2013

Hi Jonathan,

Has --debug or --lint shown you anything?

Thanks,
Rich

From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jonathan Horne
Sent: 14 August 2013 14:43
To: MailScanner discussion
Subject: RE: emails that attempt to kill mailscanner {Scanned}

Hi richard, thanks for your reply.

personally, i dont have much mail traffic thru my server, i just have my one email domain, and an average day i process about 150 on a heavy day, 120 or so of which will be spam.  my server doesnt even hit a 1.0 load average.

i did install fail2ban, and i built some pretty effective regex to keep the repeaters from continually sending more spam to my server, but its these strange emails that try to kill mailscanner process that i see every day all day.  as i mentioned, they seem to be always high scoring spams anyway, i just wonder if there is malicious code in the emails that i doing this.   since my last /var/log/messages turn over, its happened 170 times.

thanks,
Jonathan

________________________________
From: richard at fastnet.co.uk<mailto:richard at fastnet.co.uk>
To: mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
Subject: RE: emails that attempt to kill mailscanner {Scanned}
Date: Wed, 14 Aug 2013 10:27:23 +0000
This issue only happens to me when my server is over loaded. Once I gave it more CPU's and RAM I've not had this problem again.
I find that running spamassassin as daemon and restarting that sometimes helps. The -U switch didn't do anything for me. I'm using FreeBSD.

You should look at installing fail2ban or RBL's on the MTA and check the server loan / swap information.

I do have a lot of mail coming my way, so I might be way off the mark here..

Rich

From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Ritchie P. Fraser
Sent: 14 August 2013 09:17
To: MailScanner discussion
Subject: RE: emails that attempt to kill mailscanner {Scanned}

At the end of the first line in /usr/sbin/MailScanner... like so...

#!/usr/bin/perl -I/usr/lib/MailScanner -U

Ritchie

From: mailscanner-bounces at lists.mailscanner.info<mailto:mailscanner-bounces at lists.mailscanner.info> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Martin Hepworth
Sent: 13 August 2013 19:38
To: MailScanner discussion
Subject: Re: emails that attempt to kill mailscanner {Scanned}

You need to put the -U at the first line on the MailScanner perl script

On Tuesday, 13 August 2013, Jonathan Horne wrote:
hmmm, its only some emails, not all of them (and its always emails that i would never accept anyway, high scoring spam).

taking a look at hte mailscanner.conf file, i dont see offhand where to add a -U.  any tips?

jonathan

________________________________
Date: Tue, 13 Aug 2013 17:06:50 +0100
Subject: Re: emails that attempt to kill mailscanner
From: maxsec at gmail.com<mailto:maxsec at gmail.com>
To: mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
this problem is normally caused by config issues, like not having the -U switch set in the main MailScanner executable.

--
Martin Hepworth, CISSP
Oxford, UK

On 13 August 2013 16:28, Jonathan Horne <jonathanmhorne at outlook.com<mailto:jonathanmhorne at outlook.com>> wrote:
i didnt try it yet... but if i set the number of attempts to 0 what will happen? i would like to just delete these emails immeidately, i dont see a need to retry it after 5 minutes.

if 0 is not the right way to accomplish this, what is the correct way to dump emails that attempt to kill the process?

thanks,
jonathan

--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

-- MailScanner mailing list mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info> http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website!

--
--
Martin Hepworth, CISSP
Oxford, UK

--
This message has been scanned for viruses and
dangerous content by MailScanner<http://www.mailscanner.info/>, and is
believed to be clean.

-- MailScanner mailing list mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info> http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130819/81fbb8f3/attachment.html 