MailScanner marks messages as DOS attact
axisml at gmail.com
Tue Mar 25 17:15:41 GMT 2014
I had a similar issue on a server build on CentOS 6 and the latest
MailScanner. Never have found specific messages that cause the problem, but
typically 5-6 times a week, I'd get an alert from our Nagios installation
stating that there were zombie processes on the filtering server. I'd go
look and see MailScanner processing, crashing and looping on messages -
after 6 loops through, putting in the quarantine tagged as DoS message.
So, I tried disabling the Processing Attempts Database by setting:
Maximum Processing Attempts = 0
in MailScanner.conf. I no longer am seeing *any* problem - the crashes have
stopped, the looping has stopped (as expected with disabling), no messages
marked as DoS sources and none quarantined as a result. All appears to be
So, it kind of looks like something with the Processing Attempts Database
code - although I do use that on a number of other CentOS 4 and CentOS 5
servers without issue.
On Sat, Mar 22, 2014 at 11:52 AM, Mark Sapiro <mark at msapiro.net> wrote:
> On 03/22/2014 10:12 AM, simon at kmun.gov.kw wrote:
> > after more investigation i realized the following..
> > many of the users have subscribed to google groups ..
> > now when a email is received from a user who belongs to the same group as
> > our users belong maybe about 15 to 20 messages are marked clean ..
> > subsequent messages are being marked with RED and the details page shows
> > denial of service attack.
> > Also the System becomes very slow as MailScanner consumes the entire CPU
> > and also the outgoin email takes long time to reach the recipent.
> > it remains in the incomming queue for a long time.. maybe 10 to 15 min at
> > times
> I'm not sure what the underlying issue is in this case, but looking at
> the code I think that the DOS attack is raised when one of your virus
> scanners times out on a message. You might try looking at logs to see if
> you can determine why this happens.
> As a workaround, you could establish a "Virus Scanning" ruleset to skip
> virus scanning for these messages. See
> Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
> San Francisco Bay Area, California better use your sense - B. Dylan
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> Before posting, read http://wiki.mailscanner.info/posting
> Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the MailScanner