Denial Of Service attack

Marcelo Machado mmgomess at gmail.com
Sun Jan 22 17:42:14 UTC 2017 

What´s wrong?

Run As User = postfix
Run As Group = mtagroup
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Incoming Work Group = mtagroup
Incoming Work Permissions = 0660

Below mtagroup in /etc/group
mtagroup:x:1001:clamav,postfix,mail

2017-01-21 15:05 GMT-02:00 Jason Waters <jason at geeknocity.com>:
> Try setting all of that to postfix:postfix recursively, restart and then
> see.  My guess if you have things wrong in the conf file.  What are all you
> user settings  in MailScanner.conf
>
> On Jan 21, 2017 11:52 AM, "Marcelo Machado" <mmgomess at gmail.com> wrote:
>>
>> ls -l /var/spool/MailScanner/
>> total 16
>> drwxrwxr-x  2 mail    mtagroup 4096 Dec 27 15:08 archive
>> drwxrwx--- 24 clamav  mtagroup 4096 Jan 21 14:49 incoming
>> drwxrwxr-x 20 clamav  mtagroup 4096 Jan 21 01:27 quarantine
>> drwx------  2 postfix postfix  4096 Jan 21 14:31 spamassassin
>>
>> and my mtagroup - mtagroup:x:1001:clamav,postfix,mail
>>
>> 2017-01-21 14:12 GMT-02:00 Jason Waters <jason at geeknocity.com>:
>> > What does ls -l /var/spool/MailScanner
>> >
>> > On Jan 21, 2017 10:24 AM, "Marcelo Machado" <mmgomess at gmail.com> wrote:
>> >>
>> >> I've tried several combinations but I still keep the same error.
>> >>
>> >> What are the correct settings and permissions?
>> >>
>> >> Marcelo
>> >>
>> >> 2017-01-20 15:21 GMT-02:00 Jason Waters <jason at geeknocity.com>:
>> >> > I had a couple things wrong.  I had some of the user/group settings
>> >> > in
>> >> > MailScanner.conf wrong, and then I needed to set the permissions on
>> >> > /var/spool/MailScanner correctly.
>> >> >
>> >> > On Fri, Jan 20, 2017 at 11:21 AM, Marcelo Machado
>> >> > <mmgomess at gmail.com>
>> >> > wrote:
>> >> >>
>> >> >> Yes. So many lines with this message.
>> >> >>
>> >> >> And how did you resolv this issue?
>> >> >>
>> >> >> 2017-01-20 13:29 GMT-02:00 Jason Waters <jason at geeknocity.com>:
>> >> >> > Search your logs and see if it says status = 13, that is a
>> >> >> > permission
>> >> >> > thing.
>> >> >> > I had the same problem.
>> >> >> >
>> >> >> > cat /var/log/mail.log |grep "status = 13" -A4
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > On Fri, Jan 20, 2017 at 10:18 AM, Marcelo Machado
>> >> >> > <mmgomess at gmail.com>
>> >> >> > wrote:
>> >> >> >>
>> >> >> >> Hi everyone.
>> >> >> >>
>> >> >> >> Many users of my domain are receiving the message below and the
>> >> >> >> original message is lost:
>> >> >> >>
>> >> >> >> MailScanner was attacked by a Denial Of Service attack, and has
>> >> >> >> therefore deleted this part of the message. Please contact your
>> >> >> >> e-mail
>> >> >> >> providers for more information if you need it, giving them the
>> >> >> >> whole
>> >> >> >> of this report. Attack in:
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> /var/spool/MailScanner/incoming/5106/5B02C7C002C8.A3986/nmsg-5106-92.html
>> >> >> >>
>> >> >> >> In log mail.log the correspondent error is:
>> >> >> >>
>> >> >> >> "Content Checks: Detected and have disarmed KILLED tags in HTML
>> >> >> >> message
>> >> >> >> in"
>> >> >> >>
>> >> >> >> Anyone can help me?
>> >> >> >>
>> >> >> >>
>> >> >> >> Marcelo Gomes
>> >> >> >>
>> >> >> >>
>> >> >> >> --
>> >> >> >> MailScanner mailing list
>> >> >> >> mailscanner at lists.mailscanner.info
>> >> >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >> >> >>
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > --
>> >> >> > MailScanner mailing list
>> >> >> > mailscanner at lists.mailscanner.info
>> >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >> >> >
>> >> >> >
>> >> >>
>> >> >>
>> >> >> --
>> >> >> MailScanner mailing list
>> >> >> mailscanner at lists.mailscanner.info
>> >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >> >>
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > MailScanner mailing list
>> >> > mailscanner at lists.mailscanner.info
>> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >> >
>> >> >
>> >>
>> >>
>> >> --
>> >> MailScanner mailing list
>> >> mailscanner at lists.mailscanner.info
>> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >>
>> >
>> >
>> >
>> > --
>> > MailScanner mailing list
>> > mailscanner at lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> >
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

More information about the MailScanner mailing list