Denial Of Service Attack Messages

Steven Jardine steve at mjnservices.com
Tue Mar 8 15:44:56 UTC 2016 

I have been getting these errors since my upgrade to 4.85.2-3.  I hadn't 
upgraded for several years prior so I am not sure which version it 
started showing up.

Check modules shows all OK.

I cannot find the messages either in the quarantine or incoming directories.

Logs are clean for specific senders I checked.  No indication of timeout 
or errors.

Steve

On 03/08/2016 05:18 AM, Jerry Benton wrote:
> Thanks Andrew.
>
> Could those people seeing this error please check your Perl modules 
> using this script:
>
> https://github.com/MailScanner/v4/blob/master/check_modules.sh
>
>
> Also make sure your timeout settings in MailScanner.conf are not too 
> short. I cannot remember if I reduced the defaults in 
> MailScanner.conf. I will have to review the changes.
>
> Also please check your logs for as much information as possible and 
> send it to the list. Please try to filter out the important parts and 
> send only that information.
>
>
>
> -
> Jerry Benton
> www.mailborder.com <http://www.mailborder.com>
>
>
>
>> On Mar 8, 2016, at 6:54 AM, Andrew Southgate <andy at z00b.com 
>> <mailto:andy at z00b.com>> wrote:
>>
>> I'm getting it on 4.85.2-3
>> *From:*MailScanner 
>> [mailto:mailscanner-bounces+andy=z00b.com at lists.mailscanner.info]*On 
>> Behalf Of*Jerry Benton
>> *Sent:*08 March 2016 11:50
>> *To:*MailScanner Discussion
>> *Subject:*Re: Denial Of Service Attack Messages
>> Just so everyone knows, 4.86.1 is not released. It is beta. It looks 
>> like I need to go back through the changes made between the two 
>> versions unless someone is seeing this in 4.85.2-3.
>>
>> -
>> Jerry Benton
>> www.mailborder.com <http://www.mailborder.com/>
>>> On Mar 7, 2016, at 12:21 PM, Steven Jardine <steve at mjnservices.com 
>>> <mailto:steve at mjnservices.com>> wrote:
>>>
>>> Yes.  I recently upgraded to 4.86.1-1 and the install log shows:
>>>
>>> HTML::Parser => OK
>>>
>>> On 03/07/2016 10:19 AM, Jerry Benton wrote:
>>>>
>>>> is the HTML parser installed?
>>>>
>>>> -
>>>> Jerry Benton
>>>> www.mailborder.com <http://www.mailborder.com/>
>>>> Sent from my iPhone
>>>>
>>>>
>>>> On Mar 7, 2016, at 11:25, Steven Jardine <steve at mjnservices.com 
>>>> <mailto:steve at mjnservices.com>> wrote:
>>>>
>>>>> I upgraded MailScanner several months ago to v4.85.2-3 and now 
>>>>> v4.86.1-1. Often I am getting the error message:
>>>>>
>>>>>> MailScanner was attacked by a Denial Of Service attack, and has 
>>>>>> therefore deleted this part of the message. Please contact your 
>>>>>> e-mail providers for more information if you need it, giving them 
>>>>>> the whole of this report. Attack in: 
>>>>>> /var/spool/MailScanner/incoming/20499/u27Em5eK000564/nmsg-20499-47.html
>>>>>
>>>>> The file reported in the attack is not there so I am unable to to 
>>>>> any troubleshooting.
>>>>>
>>>>> I am using a OpenVZ container with Ubuntu 14.04 - 6 CPUs and 12GB 
>>>>> RAM. The messages are causing problems with valid mail messages 
>>>>> both incoming and outgoing.
>>>>>
>>>>> Is there a way to disable this feature?  Any ideas on how to 
>>>>> suppress these messages?
>>>>>
>>>>> Thanks!
>>>>> Steve
>>>>> *IMPORTANT:*This email does not constitute a contract or an offer 
>>>>> or acceptance of an offer to enter into a contract. Further, this 
>>>>> email may not be used to modify, supplement, novate, or waive any 
>>>>> rights with respect to an existing contract or other binding 
>>>>> commercial terms.
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> MailScanner mailing list
>>>>> mailscanner at lists.mailscanner.info 
>>>>> <mailto:mailscanner at lists.mailscanner.info>
>>>>> http://lists.mailscanner.info/listinfo/mailscanner
>>>>>
>>>>
>>>>
>>>>
>>> *IMPORTANT:*This email does not constitute a contract or an offer or 
>>> acceptance of an offer to enter into a contract. Further, this email 
>>> may not be used to modify, supplement, novate, or waive any rights 
>>> with respect to an existing contract or other binding commercial terms.
>>>
>>>
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info 
>>> <mailto:mailscanner at lists.mailscanner.info>
>>> http://lists.mailscanner.info/listinfo/mailscanner
>>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info 
>> <mailto:mailscanner at lists.mailscanner.info>
>> http://lists.mailscanner.info/listinfo/mailscanner
>
>
>
>



IMPORTANT: This email does not constitute a contract or an offer or acceptance of an offer to enter into a contract.  Further, this email may not be used to modify, supplement, novate, or waive any rights with respect to an existing contract or other binding commercial terms.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20160308/4639cb11/attachment.html>

More information about the MailScanner mailing list