MailScanner marks messages as DOS attact
mark at msapiro.net
Sat Mar 22 17:52:25 GMT 2014
On 03/22/2014 10:12 AM, simon at kmun.gov.kw wrote:
> after more investigation i realized the following..
> many of the users have subscribed to google groups ..
> now when a email is received from a user who belongs to the same group as
> our users belong maybe about 15 to 20 messages are marked clean ..
> subsequent messages are being marked with RED and the details page shows
> denial of service attack.
> Also the System becomes very slow as MailScanner consumes the entire CPU
> and also the outgoin email takes long time to reach the recipent.
> it remains in the incomming queue for a long time.. maybe 10 to 15 min at
I'm not sure what the underlying issue is in this case, but looking at
the code I think that the DOS attack is raised when one of your virus
scanners times out on a message. You might try looking at logs to see if
you can determine why this happens.
As a workaround, you could establish a "Virus Scanning" ruleset to skip
virus scanning for these messages. See
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner