Denial Of Service attack

Glenn Steen glenn.steen at
Tue Jan 24 10:51:20 UTC 2017


Could you please check the following:

ps -ef |egrep "postfix|clamd"

depending on the result, check the user running postfix and clamd with
something like:
id postfix
id clamav
change the users as needed/found in the ps listing.

This will show what your MailScanner.conf settings need be for both clamd
and postfix to be able to access the incoming work directory. The theory is
quite simple, just set the user to the one needed by the postfix processes,
and the group to match the clamd one.
Now, stop Mailscanner the ususal way, and use chown to change the actual
ownership on the actual files&directories. Something like
chown -R postfix.clamscan /var/spool/MailScanner/incoming
(adjust as neede, of course)
Start Mailscanner the usual way, and try sending a messege through... Other
things to check:
The permissions on the SpamAssassin directory (either you use the
~postfix/.spamassassin, or /var/spool/MailScanner/spamassassin ... or
both... it all depends...:))
Permissions on the quarantine directory
Permissions on the configuration files (remember that MailScanner has to
run as the postfix user, so all tests, like debugging and linting need be
done as that user! "su - postfix -s /bin/bash" is your friend... You might
need do a "sudo -i " first;-)).

-- Glenn

2017-01-23 10:43 GMT+01:00 Glenn Steen <glenn.steen at>:

> Actually, unless the OP has done something to the user/group setup, this
> is simply a case of malconfihuration...:-)
> Looking at my 16.04 install, postfix runs as user postfix with group
> postfix, and I wouldn't even hazard a guess at whst clamd is running as...
> These things should be checked, and the MS config made to comply (use ps to
> learn more:), and fix any errors with chown (with MS/postfix shut down)...
> After that, things should start working;-)
> Cheers
> --
> -- Glenn
> Den 22 jan. 2017 7:40 em skrev "Mark Sapiro" <mark at>:
> On 01/22/2017 10:32 AM, Marcelo Machado wrote:
> >
> > I work with some Ubuntu servers with MailScanner installed and I
> > noticed right now that this error does not occur in version 14.04, but
> > only in version 16.04.
> Which makes it likely that the issue is with apparmor.
> --
> Mark Sapiro <mark at>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
> --
> MailScanner mailing list
> mailscanner at

-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the MailScanner mailing list