Denial Of Service attack

Glenn Steen glenn.steen at gmail.com
Wed Jan 25 15:41:38 UTC 2017


You might have a problem with MailWatch as well, but I'd be interrested to
hear what your findings about the permission bits are.
Also, check that you only have queue files in the postfix hold... If  for
example SpamAssassin puts files/directories in there, bad things will
happen:).

Looking at the MailWatch thing, have you verified that
- Your database is up and running
- You can connect to it with the credentials used in MailWatch.pm
- You have no typos in MailWatch.pm file (specifically the my($db,,,)
settings? Note that these need be in single quoteslike so:
my($db_name) = 'mailscanner';
my($db_host) = 'localhost';
my($db_user) = 'mailwatch';
my($db_pass) = 'secretpassword';

Cheers!
-- 
-- Glenn

2017-01-25 13:27 GMT+01:00 Marcelo Machado <mmgomess at gmail.com>:

> Hi everyone.
>
> I have not said that I use MailWatch and it seems that the problem is
> related to it.
>
> See this. https://github.com/mailwatch/1.2.0/issues/430
>
> 2017-01-24 8:51 GMT-02:00 Glenn Steen <glenn.steen at gmail.com>:
> > Marcelo,
> >
> > Could you please check the following:
> >
> > ps -ef |egrep "postfix|clamd"
> >
> > depending on the result, check the user running postfix and clamd with
> > something like:
> > id postfix
> > id clamav
> > change the users as needed/found in the ps listing.
> >
> > This will show what your MailScanner.conf settings need be for both clamd
> > and postfix to be able to access the incoming work directory. The theory
> is
> > quite simple, just set the user to the one needed by the postfix
> processes,
> > and the group to match the clamd one.
> > Now, stop Mailscanner the ususal way, and use chown to change the actual
> > ownership on the actual files&directories. Something like
> > chown -R postfix.clamscan /var/spool/MailScanner/incoming
> > (adjust as neede, of course)
> > Start Mailscanner the usual way, and try sending a messege through...
> Other
> > things to check:
> > The permissions on the SpamAssassin directory (either you use the
> > ~postfix/.spamassassin, or /var/spool/MailScanner/spamassassin ... or
> > both... it all depends...:))
> > Permissions on the quarantine directory
> > Permissions on the configuration files (remember that MailScanner has to
> run
> > as the postfix user, so all tests, like debugging and linting need be
> done
> > as that user! "su - postfix -s /bin/bash" is your friend... You might
> need
> > do a "sudo -i " first;-)).
> >
> > Cheers!
> > --
> > -- Glenn
> >
> >
> >
> > 2017-01-23 10:43 GMT+01:00 Glenn Steen <glenn.steen at gmail.com>:
> >>
> >> Actually, unless the OP has done something to the user/group setup, this
> >> is simply a case of malconfihuration...:-)
> >>
> >> Looking at my 16.04 install, postfix runs as user postfix with group
> >> postfix, and I wouldn't even hazard a guess at whst clamd is running
> as...
> >> These things should be checked, and the MS config made to comply (use
> ps to
> >> learn more:), and fix any errors with chown (with MS/postfix shut
> down)...
> >> After that, things should start working;-)
> >>
> >> Cheers
> >> --
> >> -- Glenn
> >>
> >> Den 22 jan. 2017 7:40 em skrev "Mark Sapiro" <mark at msapiro.net>:
> >>
> >> On 01/22/2017 10:32 AM, Marcelo Machado wrote:
> >> >
> >> > I work with some Ubuntu servers with MailScanner installed and I
> >> > noticed right now that this error does not occur in version 14.04, but
> >> > only in version 16.04.
> >>
> >>
> >> Which makes it likely that the issue is with apparmor.
> >>
> >> --
> >> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> >> San Francisco Bay Area, California    better use your sense - B. Dylan
> >>
> >>
> >> --
> >> MailScanner mailing list
> >> mailscanner at lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >>
> >
> >
> >
> > --
> > -- Glenn
> > email: glenn < dot > steen < at > gmail < dot > com
> > work: glenn < dot > steen < at > ap1 < dot > se
> >
> >
> >
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> >
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>


-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20170125/af93f4dd/attachment.html>


More information about the MailScanner mailing list