MailScanner marks messages as DOS attact
Valentin Laskov
it at festa.bg
Tue Apr 22 10:58:25 IST 2014
Hi,
There are some timeouts configured in MailScanner.conf which you may increase.
You can decrease MailScanner child processes too.
Valentin
----- Original Message -----
From: "Chris Stone" <axisml at gmail.com>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Tuesday, March 25, 2014 8:15 PM
Subject: Re: MailScanner marks messages as DOS attact
|I had a similar issue on a server build on CentOS 6 and the latest
| MailScanner. Never have found specific messages that cause the problem, but
| typically 5-6 times a week, I'd get an alert from our Nagios installation
| stating that there were zombie processes on the filtering server. I'd go
| look and see MailScanner processing, crashing and looping on messages -
| after 6 loops through, putting in the quarantine tagged as DoS message.
|
| So, I tried disabling the Processing Attempts Database by setting:
|
| Maximum Processing Attempts = 0
|
| in MailScanner.conf. I no longer am seeing *any* problem - the crashes have
| stopped, the looping has stopped (as expected with disabling), no messages
| marked as DoS sources and none quarantined as a result. All appears to be
| fine.
|
| So, it kind of looks like something with the Processing Attempts Database
| code - although I do use that on a number of other CentOS 4 and CentOS 5
| servers without issue.
|
|
| Chris
|
|
|
| On Sat, Mar 22, 2014 at 11:52 AM, Mark Sapiro <mark at msapiro.net> wrote:
|
| > On 03/22/2014 10:12 AM, simon at kmun.gov.kw wrote:
| > >
| > > after more investigation i realized the following..
| > >
| > > many of the users have subscribed to google groups ..
| > > now when a email is received from a user who belongs to the same group as
| > > our users belong maybe about 15 to 20 messages are marked clean ..
| > > subsequent messages are being marked with RED and the details page shows
| > > denial of service attack.
| > > Also the System becomes very slow as MailScanner consumes the entire CPU
| > > and also the outgoin email takes long time to reach the recipent.
| > >
| > > it remains in the incomming queue for a long time.. maybe 10 to 15 min at
| > > times
| >
| >
| > I'm not sure what the underlying issue is in this case, but looking at
| > the code I think that the DOS attack is raised when one of your virus
| > scanners times out on a message. You might try looking at logs to see if
| > you can determine why this happens.
| >
| > As a workaround, you could establish a "Virus Scanning" ruleset to skip
| > virus scanning for these messages. See
| > <http://www.mailscanner.info/MailScanner.conf.index.html#Virus%20Scanning
| > >.
| >
| > --
| > Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
| > San Francisco Bay Area, California better use your sense - B. Dylan
| > --
| > MailScanner mailing list
| > mailscanner at lists.mailscanner.info
| > http://lists.mailscanner.info/mailman/listinfo/mailscanner
| >
| > Before posting, read http://wiki.mailscanner.info/posting
| >
| > Support MailScanner development - buy the book off the website!
| >
|
|
|
| --
| Chris Stone
| AxisInternet, Inc.
| www.axint.net
|
--------------------------------------------------------------------------------
| --
| MailScanner mailing list
| mailscanner at lists.mailscanner.info
| http://lists.mailscanner.info/mailman/listinfo/mailscanner
|
| Before posting, read http://wiki.mailscanner.info/posting
|
| Support MailScanner development - buy the book off the website!
|
More information about the MailScanner
mailing list