Denial of Service attack Messages Constantly
Jerry Benton
jerry.benton at mailborder.com
Wed Aug 24 14:22:42 UTC 2016
Yes, it can.
Jerry Benton
+1 844-436-6245
Sent from BlueMail
On Aug 24, 2016, 10:15, at 10:15, Andy Southgate <andy at z00b.com> wrote:
>Would getting that wrong cause *intermittant* permissions errors
>though?
>
>The fact that 99% of the time everything works leads me to assume that
>the basic permission is correct, is that assumption wrong?
>
>Part of the problem I'm having is my mail server is very low
>throughput, I can go weeks without any error coming up and then get 10
>errors in a row, it makes it extremely difficult to iterate changes.
>
>-----Original Message-----
>From: MailScanner
>[mailto:mailscanner-bounces+andy=z00b.com at lists.mailscanner.info] On
>Behalf Of Jerry Benton
>Sent: 24 August 2016 15:01
>To: MailScanner Discussion
>Subject: RE: Denial of Service attack Messages Constantly
>
>Ok, as far as permissions go … I addressed this issue in v5. The
>installer creates a group called mtagroup. You MTA, virus scanners, etc
>should be added to this group automatically. However, you should
>confirm those accounts are members of that group. IF you add extra
>virus scanners, add those system users to the mtagroup.
>
>Next, the “Run As User” is dependent on what MTA and virus scanners you
>are using, but this is not as important as the next item.
>
>
>What is very important is that the “Run As Group” should be mtagroup
>and the permissions should be 0660 in your config. By default this is
>what ships with v5. If you changed it or used your old config, well …
>that is on you. By using mtagroup and 0660 nothing will have any
>permissions issues.
>
>If you need a reference to the defaults, it is here:
>
>
>https://github.com/MailScanner/v5/blob/master/common/etc/MailScanner/MailScanner.conf
>
>
>
>
>-
>Jerry Benton
>www.mailborder.com
>+1 - 844-436-6245
>
>
>-----Original Message-----
>From: Andy Southgate <andy at z00b.com>
>Reply: MailScanner Discussion <mailscanner at lists.mailscanner.info>
>Date: August 24, 2016 at 9:36:01 AM
>To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
>Subject: RE: Denial of Service attack Messages Constantly
>
>> can confirm, added that, restarted MailScanner service and still get
>> errors
>>
>> -----Original Message-----
>> From: MailScanner
>> [mailto:mailscanner-bounces+andy=z00b.com at lists.mailscanner.info]
>> On Behalf Of Azir Güleroglu
>> Sent: 23 August 2016 12:07
>> To: MailScanner Discussion
>> Subject: RE: Denial of Service attack Messages Constantly
>>
>> I added this block to limits.conf but still our customers get same
>errors.
>>
>> Azir Guleroglu
>>
>>
>> -----Original Message-----
>> From: MailScanner
>>
>[mailto:mailscanner-bounces+azir.guleroglu=turknet.net.tr at lists.mailsc
>> anner.info]
>> On Behalf Of Jerry Benton
>> Sent: Monday, August 22, 2016 7:51 PM
>> To: MailScanner Discussion
>> Subject: Re: Denial of Service attack Messages Constantly
>>
>> When I see this happen it is usually related to
>> /etc/security/limits.conf
>>
>> The old MailScanner code tried to silently increase the limits. This
>> feature has been removed. Add this to /etc/security/limits.conf to
>try and resolve the issue:
>>
>>
>> * hard nofile 65535
>> * soft nofile 65535
>> root hard nofile 65535
>> root soft nofile 65535
>>
>>
>>
>>
>> -
>> Jerry Benton
>> www.mailborder.com
>> +1 - 844-436-6245
>>
>>
>> -----Original Message-----
>> From: Steven Jardine
>> Reply: MailScanner Discussion
>> Date: August 22, 2016 at 10:29:54 AM
>> To: MailScanner Discussion
>> Subject: Re: Denial of Service attack Messages Constantly
>>
>> > I can confirm this behavior....the error code that I was getting
>was
>> > 13 which is a permission denied error. Unfortunately, it was
>> > happening too often on legitimate mail that I had to turn off the
>feature.
>> >
>> > I would really like to determine the cause....
>> >
>> > On 08/22/2016 08:15 AM, Andy Southgate wrote:
>> > >
>> > > It still happens for me, AFAIK all that was worked out was that
>> > > for some reason there is an intermittant permission problem that
>> > > occasionally causes the spawned child process to fail to run
>> > > causing that error on the message, but there was never any
>insight
>> > > as to why that should be.
>> > >
>> > > *From:*MailScanner
>> > > [mailto:mailscanner-bounces+andy=z00b.com at lists.mailscanner.info]
>> > > *On Behalf Of *Aaron Pursell
>> > > *Sent:* 22 August 2016 15:01
>> > > *To:* mailscanner at lists.mailscanner.info
>> > > *Subject:* Re: Denial of Service attack Messages Constantly
>> > >
>> > > I read pretty much every message and tried everything, most of
>> > > those messages are years old and it appears it was fixed and now
>> > > in the new version is the first time I'm experiencing them in
>> > > many, many years, the fixes worked originally back in a way older
>versiona.
>> > > Nothing really changed except the fact there's this new version,
>> > > too bad it only happens to legitimate messages and not spam....
>So who knows.
>> > > I'll continue to look, the log really never says anything
>specific.
>> > > I
>> > >
>> > > ---
>> > >
>> > >
>> > >
>> > > Regards,
>> > >
>> > > Aaron
>> > >
>> > >
>> > > Message: 1
>> > > Date: Fri, 19 Aug 2016 08:26:31 -0600
>> > > From: Steven Jardine > > >
>> > > To: MailScanner Discussion > > >
>> > > Subject: Re: Denial of Service attack Messages Constantly
>> > > Message-ID: <9dbfad5c-651a-3a7f-e9c8-2c623adf51c1 at mjnservices.com
>> > > >
>> > > Content-Type: text/plain; charset=windows-1252; format=flowed
>> > >
>> > > I still haven't found a good solution to this even after trying
>> > > all of the suggestions posted on the previous threads. If turn
>off
>> > > "Dangerous Content Scanning" the error goes away but you lose
>that functionality.
>> > >
>> > > I have had to disable it until a solution can be found. Its not
>ideal.
>> > >
>> > > Good luck!
>> > > Steve
>> > >
>> > > On 08/18/2016 04:43 PM, Mark Sapiro wrote:
>> > >
>> > > On 08/18/2016 08:49 AM, Aaron Pursell wrote:
>> > >
>> > >
>> > > The problem is, my users and I keep getting messages like this:
>> > >
>> > > "
>> > >
>> > > MailScanner was attacked by a Denial Of Service attack, and has
>> > > therefore deleted this part of the message. Please contact your
>> > > e-mail providers for more information if you need it, giving them
>
>> > > the whole of this report. Attack in:
>> > >
>/var/spool/MailScanner/incoming/12835/78C9F481B0DA.ACDF4/nmsg-12835-2.html"
>> > >
>> > >
>> > > The path doesn't exist when you look and the message never gets
>> > > delivered. What can I turn off or adjust to make sure this
>doesn't
>> > > happen?
>> > >
>> > >
>> > > What's in the Mail log associated with this?
>> > >
>> > > There's a long thread on this with Subject: Denial Of Service
>> > > Attack Messages in the archives of this list at
>> > >
>> > > and
>> > >
>> > > which may be helpful.
>> > >
>> > >
>> > >
>> > >
>> > > IMPORTANT: This email does not constitute a contract or an offer
>> > > or acceptance of an offer to enter into a contract. Further, this
>
>> > > email may not be used to modify, supplement, novate, or waive any
>
>> > > rights with respect to an existing contract or other binding
>> > > commercial terms. MJN Services, Inc. conducts business under our
>> > > service terms and conditions found at www.mjnservices.com unless
>> > > otherwise agreed to in writing by an officer of MJN Services,
>Inc.
>> > >
>> > >
>> > >
>> > > ------------------------------
>> > >
>> > > Message: 2
>> > > Date: Fri, 19 Aug 2016 09:30:29 -0500
>> > > From: Jerry Benton > > >
>> > > To: MailScanner Discussion > > >
>> > > Subject: Re: Denial of Service attack Messages Constantly
>> > > Message-ID:
>> > > > > >
>> > > Content-Type: text/plain; charset=UTF-8
>> > >
>> > > Steve,
>> > >
>> > > Can you zip the raw source of a message (the file) that triggers
>> > > this and email it directly to me?
>> > >
>> > >
>> > > -
>> > > Jerry Benton
>> > > www.mailborder.com
>> > > +1 - 844-436-6245
>> > >
>> > >
>> > > -----Original Message-----
>> > > From:?Steven Jardine > > >
>> > > Reply:?MailScanner Discussion > > > Date:?August 19, 2016 at
>> > > 10:27:05 AM To:?MailScanner Discussion > >
>> > > > Subject:? Re: Denial of Service attack Messages Constantly
>> > >
>> > > I still haven't found a good solution to this even after trying
>> > > all of the suggestions posted on the previous threads. If turn
>off
>> > > "Dangerous Content Scanning" the error goes away but you lose
>that functionality.
>> > >
>> > > I have had to disable it until a solution can be found. Its not
>ideal.
>> > >
>> > > Good luck!
>> > > Steve
>> > >
>> > > On 08/18/2016 04:43 PM, Mark Sapiro wrote:
>> > >
>> > > On 08/18/2016 08:49 AM, Aaron Pursell wrote:
>> > >
>> > >
>> > > The problem is, my users and I keep getting messages like this:
>> > >
>> > > "
>> > >
>> > > MailScanner was attacked by a Denial Of Service attack, and has
>> > > therefore deleted this part of the message. Please contact your
>> > > e-mail providers for more information if you need it, giving them
>
>> > > the whole of this report. Attack in:
>> > >
>/var/spool/MailScanner/incoming/12835/78C9F481B0DA.ACDF4/nmsg-12835-2.html"
>> > >
>> > >
>> > > The path doesn't exist when you look and the message never gets
>> > > delivered. What can I turn off or adjust to make sure this
>doesn't
>> > > happen?
>> > >
>> > >
>> > > What's in the Mail log associated with this?
>> > >
>> > > There's a long thread on this with Subject: Denial Of Service
>> > > Attack Messages in the archives of this list at
>> > >
>> > > and
>> > >
>> > > which may be helpful.
>> > >
>> > >
>> > >
>> > >
>> > > IMPORTANT: This email does not constitute a contract or an offer
>> > > or acceptance of an offer to enter into a contract. Further, this
>
>> > > email may not be used to modify, supplement, novate, or waive any
>
>> > > rights with respect to an existing contract or other binding
>> > > commercial terms. MJN Services, Inc. conducts business under our
>> > > service terms and conditions found at www.mjnservices.com unless
>> > > otherwise agreed to in writing by an officer of MJN Services,
>Inc.
>> > >
>> > >
>> > >
>> > > --
>> > > MailScanner mailing list
>> > > mailscanner at lists.mailscanner.info
>> > >
>> > > http://lists.mailscanner.info/listinfo/mailscanner
>> > >
>> > >
>> > >
>> > > ------------------------------
>> > >
>> > > Subject: Digest Footer
>> > >
>> > >
>> > >
>> > > --
>> > > MailScanner mailing list
>> > > mailscanner at lists.mailscanner.info
>> > >
>> > > http://lists.mailscanner.info/listinfo/mailscanner
>> > >
>> > >
>> > > ------------------------------
>> > >
>> > > End of MailScanner Digest, Vol 128, Issue 16
>> > > ********************************************
>> > >
>> > >
>> > > --
>> > > This message has been scanned for viruses and dangerous content
>by
>> > > *MailScanner* , and is believed to be clean.
>> > >
>> > >
>> > >
>> > >
>> >
>> >
>> >
>> > IMPORTANT: This email does not constitute a contract or an offer or
>
>> > acceptance of an offer to enter into a contract. Further, this
>email
>> > may not be used to modify, supplement, novate, or waive any rights
>> > with respect to an existing contract or other binding commercial
>> > terms. MJN Services, Inc. conducts business under our service terms
>
>> > and conditions found at www.mjnservices.com unless otherwise agreed
>
>> > to in writing
>> by an officer of MJN Services, Inc.
>> >
>> >
>> >
>> > --
>> > MailScanner mailing list
>> > mailscanner at lists.mailscanner.info
>> > http://lists.mailscanner.info/listinfo/mailscanner
>> >
>> >
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/listinfo/mailscanner
>>
>>
>> ________________________________
>>
>> Bu elektronik posta ve onunla iletilen bütün dosyalar sadece
>> göndericisi tarafından alması amaçlanan yetkili gerçek ya da tüzel
>> kişinin kullanımı içindir. Eğer söz konusu yetkili alıcı değilseniz
>bu
>> elektronik postanın içeriğini açıklamanız, kopyalamanız,
>> yönlendirmeniz ve kullanmanız kesinlikle yasaktır ve bu elektronik
>> postayı derhal silmeniz gerekmektedir. TurkNet bu mesajın içerdiği
>> bilgilerin doğruluğu veya eksiksiz olduğu konusunda herhangi bir
>> garanti vermemektedir. Bu nedenle bu bilgilerin ne şekilde olursa
>> olsun içeriğinden, iletilmesinden, alınmasından ve saklanmasından
>sorumlu değildir. Bu mesajdaki görüşler yalnızca gönderen kişiye aittir
>ve TurkNet'in görüşlerini yansıtmayabilir. Bu e-posta bilinen bütün
>bilgisayar virüslerine karşı taranmıştır.
>> ________________________________________
>> This e-mail and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity to whom they
>> are addressed. If you are not the intended recipient you are hereby
>> notified that any dissemination, forwarding, copying or use of any of
>
>> the information is strictly prohibited, and the e-mail should
>> immediately be deleted. TurkNet makes no warranty as to the accuracy
>> or completeness of any information contained in this message and
>> hereby excludes any liability of any kind for the information
>> contained therein or for the information transmission, reception,
>> storage or use of such in any way whatsoever. The opinions expressed
>in this message belong to sender alone and may not necessarily reflect
>the opinions of TurkNet. This e-mail has been scanned for all known
>computer viruses.
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/listinfo/mailscanner
>>
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/listinfo/mailscanner
>>
>>
>
>
>--
>MailScanner mailing list
>mailscanner at lists.mailscanner.info
>http://lists.mailscanner.info/listinfo/mailscanner
>
>
>
>
>--
>MailScanner mailing list
>mailscanner at lists.mailscanner.info
>http://lists.mailscanner.info/listinfo/mailscanner
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20160824/d325cd91/attachment-0001.html>
More information about the MailScanner
mailing list