Denial Of Service attack
Marcelo Machado
mmgomess at gmail.com
Sat Jan 21 16:52:15 UTC 2017
ls -l /var/spool/MailScanner/
total 16
drwxrwxr-x 2 mail mtagroup 4096 Dec 27 15:08 archive
drwxrwx--- 24 clamav mtagroup 4096 Jan 21 14:49 incoming
drwxrwxr-x 20 clamav mtagroup 4096 Jan 21 01:27 quarantine
drwx------ 2 postfix postfix 4096 Jan 21 14:31 spamassassin
and my mtagroup - mtagroup:x:1001:clamav,postfix,mail
2017-01-21 14:12 GMT-02:00 Jason Waters <jason at geeknocity.com>:
> What does ls -l /var/spool/MailScanner
>
> On Jan 21, 2017 10:24 AM, "Marcelo Machado" <mmgomess at gmail.com> wrote:
>>
>> I've tried several combinations but I still keep the same error.
>>
>> What are the correct settings and permissions?
>>
>> Marcelo
>>
>> 2017-01-20 15:21 GMT-02:00 Jason Waters <jason at geeknocity.com>:
>> > I had a couple things wrong. I had some of the user/group settings in
>> > MailScanner.conf wrong, and then I needed to set the permissions on
>> > /var/spool/MailScanner correctly.
>> >
>> > On Fri, Jan 20, 2017 at 11:21 AM, Marcelo Machado <mmgomess at gmail.com>
>> > wrote:
>> >>
>> >> Yes. So many lines with this message.
>> >>
>> >> And how did you resolv this issue?
>> >>
>> >> 2017-01-20 13:29 GMT-02:00 Jason Waters <jason at geeknocity.com>:
>> >> > Search your logs and see if it says status = 13, that is a permission
>> >> > thing.
>> >> > I had the same problem.
>> >> >
>> >> > cat /var/log/mail.log |grep "status = 13" -A4
>> >> >
>> >> >
>> >> >
>> >> > On Fri, Jan 20, 2017 at 10:18 AM, Marcelo Machado
>> >> > <mmgomess at gmail.com>
>> >> > wrote:
>> >> >>
>> >> >> Hi everyone.
>> >> >>
>> >> >> Many users of my domain are receiving the message below and the
>> >> >> original message is lost:
>> >> >>
>> >> >> MailScanner was attacked by a Denial Of Service attack, and has
>> >> >> therefore deleted this part of the message. Please contact your
>> >> >> e-mail
>> >> >> providers for more information if you need it, giving them the whole
>> >> >> of this report. Attack in:
>> >> >>
>> >> >>
>> >> >> /var/spool/MailScanner/incoming/5106/5B02C7C002C8.A3986/nmsg-5106-92.html
>> >> >>
>> >> >> In log mail.log the correspondent error is:
>> >> >>
>> >> >> "Content Checks: Detected and have disarmed KILLED tags in HTML
>> >> >> message
>> >> >> in"
>> >> >>
>> >> >> Anyone can help me?
>> >> >>
>> >> >>
>> >> >> Marcelo Gomes
>> >> >>
>> >> >>
>> >> >> --
>> >> >> MailScanner mailing list
>> >> >> mailscanner at lists.mailscanner.info
>> >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >> >>
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > MailScanner mailing list
>> >> > mailscanner at lists.mailscanner.info
>> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >> >
>> >> >
>> >>
>> >>
>> >> --
>> >> MailScanner mailing list
>> >> mailscanner at lists.mailscanner.info
>> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >>
>> >
>> >
>> >
>> >
>> > --
>> > MailScanner mailing list
>> > mailscanner at lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> >
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
More information about the MailScanner
mailing list