Denial Of Service Attack Messages

Richard Mealing richard at fastnet.co.uk
Tue Mar 8 13:25:15 UTC 2016


Have you tried -
Maximum Processing Attempts = 0 # to disable the rule.

I did this a few years ago as I got these problems. I’ve never looked back.
I used to have to cd /var/db/clamav && rm * && freshclam (then download any extra sigs).

It was such an annoyance and I never found the problem. Obviously clamd wasn’t liking something, but I used so many extra sigs I couldn’t narrow it down.

From: MailScanner [mailto:mailscanner-bounces+richard=fastnet.co.uk at lists.mailscanner.info] On Behalf Of Valentin Laskov
Sent: 08 March 2016 13:08
To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Subject: Re: Denial Of Service Attack Messages

Sometimes this occurs just after updating clamav signatures while clamd reloads new signatures.
На 08.03.2016 в 14:53, Andrew Southgate написа:
Its random and sporadic for me, but I havent had it occur in the last week so I dont have logs for it.

That script gave everything an OK for me, and which timeout is it in MailScanner.conf, the SpamAssassin one?

SpamAssassin Timeout = 75


From: MailScanner [mailto:mailscanner-bounces+andy=z00b.com at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 08 March 2016 12:19
To: MailScanner Discussion
Subject: Re: Denial Of Service Attack Messages

Thanks Andrew.

Could those people seeing this error please check your Perl modules using this script:

https://github.com/MailScanner/v4/blob/master/check_modules.sh


Also make sure your timeout settings in MailScanner.conf are not too short. I cannot remember if I reduced the defaults in MailScanner.conf. I will have to review the changes.

Also please check your logs for as much information as possible and send it to the list. Please try to filter out the important parts and send only that information.



-
Jerry Benton
www.mailborder.com<http://www.mailborder.com>



On Mar 8, 2016, at 6:54 AM, Andrew Southgate <andy at z00b.com<mailto:andy at z00b.com>> wrote:

I'm getting it on 4.85.2-3

From: MailScanner [mailto:mailscanner-bounces+andy=z00b.com at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 08 March 2016 11:50
To: MailScanner Discussion
Subject: Re: Denial Of Service Attack Messages

Just so everyone knows, 4.86.1 is not released. It is beta. It looks like I need to go back through the changes made between the two versions unless someone is seeing this in 4.85.2-3.

-
Jerry Benton
www.mailborder.com<http://www.mailborder.com>



On Mar 7, 2016, at 12:21 PM, Steven Jardine <steve at mjnservices.com<mailto:steve at mjnservices.com>> wrote:

Yes.  I recently upgraded to 4.86.1-1 and the install log shows:

HTML::Parser => OK



On 03/07/2016 10:19 AM, Jerry Benton wrote:
is the HTML parser installed?
-
Jerry Benton
www.mailborder.com<http://www.mailborder.com>
Sent from my iPhone

On Mar 7, 2016, at 11:25, Steven Jardine <steve at mjnservices.com<mailto:steve at mjnservices.com>> wrote:
I upgraded MailScanner several months ago to v4.85.2-3 and now v4.86.1-1. Often I am getting the error message:
MailScanner was attacked by a Denial Of Service attack, and has therefore deleted this part of the message. Please contact your e-mail providers for more information if you need it, giving them the whole of this report. Attack in: /var/spool/MailScanner/incoming/20499/u27Em5eK000564/nmsg-20499-47.html
The file reported in the attack is not there so I am unable to to any troubleshooting.
I am using a OpenVZ container with Ubuntu 14.04 - 6 CPUs and 12GB RAM. The messages are causing problems with valid mail messages both incoming and outgoing.
Is there a way to disable this feature?  Any ideas on how to suppress these messages?

Thanks!
Steve
IMPORTANT: This email does not constitute a contract or an offer or acceptance of an offer to enter into a contract. Further, this email may not be used to modify, supplement, novate, or waive any rights with respect to an existing contract or other binding commercial terms.


--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner








IMPORTANT: This email does not constitute a contract or an offer or acceptance of an offer to enter into a contract. Further, this email may not be used to modify, supplement, novate, or waive any rights with respect to an existing contract or other binding commercial terms.


--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner



--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner











--

Поздрави!



Валентин Ласков

Отговорник КИПО

"Феста Холдинг" АД

бул. "Вл. Варненчик" 48

9000 гр. Варна

тел.:   +359 52 669137

GSM: +359 888 669137

Fax:   +359 52 669110
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20160308/ed3aa083/attachment-0001.html>


More information about the MailScanner mailing list