MailScanner marks messages as DOS attact
Mark Sapiro
mark at msapiro.net
Sat Mar 22 17:52:25 GMT 2014
On 03/22/2014 10:12 AM, simon at kmun.gov.kw wrote:
>
> after more investigation i realized the following..
>
> many of the users have subscribed to google groups ..
> now when a email is received from a user who belongs to the same group as
> our users belong maybe about 15 to 20 messages are marked clean ..
> subsequent messages are being marked with RED and the details page shows
> denial of service attack.
> Also the System becomes very slow as MailScanner consumes the entire CPU
> and also the outgoin email takes long time to reach the recipent.
>
> it remains in the incomming queue for a long time.. maybe 10 to 15 min at
> times
I'm not sure what the underlying issue is in this case, but looking at
the code I think that the DOS attack is raised when one of your virus
scanners times out on a message. You might try looking at logs to see if
you can determine why this happens.
As a workaround, you could establish a "Virus Scanning" ruleset to skip
virus scanning for these messages. See
<http://www.mailscanner.info/MailScanner.conf.index.html#Virus%20Scanning>.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list