From indrajith at sltidc.lk Wed Nov 25 08:11:34 2020 From: indrajith at sltidc.lk (Chaminda Indrajith) Date: Wed, 25 Nov 2020 13:41:34 +0530 Subject: MailScanner: Suspected QP DOS Message-ID: <000001d6c302$99929640$ccb7c2c0$@sltidc.lk> Hi, After upgraded to the latest MailScanner (5.3.4), some of the read receipts are blocked by MailScanner. It shows the below message in the MailWatch. Let me know how to allow these read receipts. MailScanner: Suspected QP DOS checks failed could not read file Thanks Chaminda Indrajith -------------- next part -------------- An HTML attachment was scrubbed... URL: From shawniverson at summitgrid.com Wed Nov 25 15:53:56 2020 From: shawniverson at summitgrid.com (Shawn Iverson) Date: Wed, 25 Nov 2020 10:53:56 -0500 Subject: MailScanner: Suspected QP DOS In-Reply-To: <000001d6c302$99929640$ccb7c2c0$@sltidc.lk> References: <000001d6c302$99929640$ccb7c2c0$@sltidc.lk> Message-ID: <522d6256-db7f-3199-bb41-968ac9c41cf4@summitgrid.com> "could not read file" seems to indicate some form of permissions or access control problem.? Have you double checked permissions on key folders such as those within /var/spool/MailScanner? On 11/25/20 3:11 AM, Chaminda Indrajith wrote: > > Hi, > > After upgraded to the latest MailScanner (5.3.4), some of the read > receipts are blocked by MailScanner. > > It shows the below message in the MailWatch. Let me know how to allow > these read receipts. > > MailScanner: Suspected QP DOS > checks failed > could not read file > > Thanks > > Chaminda Indrajith > > > -- Shawn Iverson shawniverson at summitgrid.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From indrajith at sltidc.lk Wed Nov 25 16:21:31 2020 From: indrajith at sltidc.lk (Chaminda Indrajith) Date: Wed, 25 Nov 2020 21:51:31 +0530 Subject: MailScanner: Suspected QP DOS In-Reply-To: <522d6256-db7f-3199-bb41-968ac9c41cf4@summitgrid.com> References: <000001d6c302$99929640$ccb7c2c0$@sltidc.lk> <522d6256-db7f-3199-bb41-968ac9c41cf4@summitgrid.com> Message-ID: <000001d6c347$0c05cf50$24116df0$@sltidc.lk> Thanks Shawn, for the reply. This happened after the upgrade from 5.0.3 to the latest. OS is CentOS 7. So, the directory permission remains unchanged. SELINUX is in permissive mode. MailScanner runs as user postfix. By the way, Is there a way of disabling QP DOC Checking? For your information, here it shows the permissions of /var/spool/MailScanner [root at dot ~]# cd /var/spool/MailScanner/ [root at dot MailScanner]# ls -la total 4 drwxr-xr-x. 9 root root 122 Nov 24 14:40 . drwxr-xr-x. 17 root root 215 Apr 11 2018 .. drwxrwxr-x. 2 root mtagroup 6 Nov 4 22:21 archive drwxrwx---. 9 postfix mtagroup 220 Nov 25 21:41 incoming drwxrwxr-x. 2 postfix mtagroup 6 Nov 4 22:21 milterin drwxrwxr-x. 2 postfix mtagroup 6 Nov 4 22:21 milterout drwxrwxr-x. 26 postfix apache 4096 Nov 25 00:00 quarantine drwxrwx---. 5 postfix mtagroup 107 Nov 24 14:33 ramdisk_store drwxrwsr-x. 2 postfix apache 58 Sep 30 08:15 spamassassin [root at dot MailScanner]# cd incoming [root at dot incoming]# ls -la total 308 drwxrwx---. 9 postfix mtagroup 220 Nov 25 21:45 . drwxr-xr-x. 9 root root 122 Nov 24 14:40 .. drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:44 3063 drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:44 3225 drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:42 3325 drwxrwx---. 4 postfix mtagroup 160 Nov 25 21:45 3489 drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:41 3526 drwxr-xr-x. 2 root postfix 200 Nov 25 18:31 Locks -rw-------. 1 postfix postfix 4096 Nov 25 21:45 Processing.db -rw-------. 1 postfix postfix 310272 Nov 25 21:45 SpamAssassin.cache.db drwxr-xr-x. 2 postfix root 100 Nov 25 21:45 SpamAssassin-Temp [root at dot incoming]# cd ../quarantine/ [root at dot quarantine]# ls -la total 8 drwxrwxr-x. 26 postfix apache 4096 Nov 25 00:00 . drwxr-xr-x. 9 root root 122 Nov 24 14:40 .. drwxrwx---. 4 postfix apache 31 Nov 2 23:13 20201102 drwxrwx---. 12 postfix apache 215 Nov 3 15:05 20201103 drwxrwx---. 6 postfix apache 77 Nov 4 08:00 20201104 drwxrwx---. 10 postfix apache 169 Nov 5 20:31 20201105 drwxrwx---. 14 postfix apache 261 Nov 6 18:00 20201106 drwxrwx---. 5 postfix apache 54 Nov 7 01:27 20201107 drwxrwx---. 6 postfix apache 77 Nov 8 10:45 20201108 drwxrwx---. 8 postfix apache 123 Nov 9 15:37 20201109 [root at dot quarantine]# groups postfix postfix : postfix mail mtagroup [root at dot quarantine]# groups clamav groups: clamav: no such user [root at dot quarantine]# groups clamscan clamscan : clamscan virusgroup mtagroup Regards Chaminda Indrajith From: MailScanner On Behalf Of Shawn Iverson via MailScanner Sent: Wednesday, November 25, 2020 9:24 PM To: mailscanner at lists.mailscanner.info Cc: Shawn Iverson Subject: Re: MailScanner: Suspected QP DOS "could not read file" seems to indicate some form of permissions or access control problem. Have you double checked permissions on key folders such as those within /var/spool/MailScanner? On 11/25/20 3:11 AM, Chaminda Indrajith wrote: Hi, After upgraded to the latest MailScanner (5.3.4), some of the read receipts are blocked by MailScanner. It shows the below message in the MailWatch. Let me know how to allow these read receipts. MailScanner: Suspected QP DOS checks failed could not read file Thanks Chaminda Indrajith -- Shawn Iverson shawniverson at summitgrid.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From shawniverson at summitgrid.com Wed Nov 25 16:50:21 2020 From: shawniverson at summitgrid.com (Shawn Iverson) Date: Wed, 25 Nov 2020 11:50:21 -0500 Subject: MailScanner: Suspected QP DOS In-Reply-To: <000001d6c347$0c05cf50$24116df0$@sltidc.lk> References: <000001d6c302$99929640$ccb7c2c0$@sltidc.lk> <522d6256-db7f-3199-bb41-968ac9c41cf4@summitgrid.com> <000001d6c347$0c05cf50$24116df0$@sltidc.lk> Message-ID: Thank you for the information, your permissions look good. I think I see the problem.? There is step on the MIME parsing in this check that assumes that the email contains a regular body. This is not always true. I will prepare a patch. On 11/25/20 11:21 AM, Chaminda Indrajith wrote: > > Thanks Shawn, for the reply. > > This happened after the upgrade from 5.0.3 to the latest. OS is CentOS > 7. So, the directory permission remains unchanged. SELINUX is in > permissive mode. MailScanner runs as user postfix. By the way, Is > there a way of disabling QP DOC Checking? For your information, here > it shows the permissions of /var/spool/MailScanner > > [root at dot ~]# cd /var/spool/MailScanner/ > > [root at dot MailScanner]# ls -la > > total 4 > > drwxr-xr-x.? 9 root??? root 122 Nov 24 14:40 . > > drwxr-xr-x. 17 root??? root 215 Apr 11? 2018 .. > > drwxrwxr-x.? 2 root??? mtagroup 6 Nov? 4 22:21 archive > > drwxrwx---.? 9 postfix mtagroup 220 Nov 25 21:41 incoming > > drwxrwxr-x.? 2 postfix mtagroup 6 Nov? 4 22:21 milterin > > drwxrwxr-x.? 2 postfix mtagroup 6 Nov? 4 22:21 milterout > > drwxrwxr-x. 26 postfix apache 4096 Nov 25 00:00 quarantine > > drwxrwx---.? 5 postfix mtagroup 107 Nov 24 14:33 ramdisk_store > > drwxrwsr-x.? 2 postfix apache 58 Sep 30 08:15 spamassassin > > [root at dot MailScanner]# cd incoming > > [root at dot incoming]# ls -la > > total 308 > > drwxrwx---. 9 postfix mtagroup 220 Nov 25 21:45 . > > drwxr-xr-x. 9 root??? root 122 Nov 24 14:40 .. > > drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:44 3063 > > drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:44 3225 > > drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:42 3325 > > drwxrwx---. 4 postfix mtagroup 160 Nov 25 21:45 3489 > > drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:41 3526 > > drwxr-xr-x. 2 root??? postfix 200 Nov 25 18:31 Locks > > -rw-------. 1 postfix postfix 4096 Nov 25 21:45 Processing.db > > -rw-------. 1 postfix postfix 310272 Nov 25 21:45 SpamAssassin.cache.db > > drwxr-xr-x. 2 postfix root 100 Nov 25 21:45 SpamAssassin-Temp > > [root at dot incoming]# cd ../quarantine/ > > [root at dot quarantine]# ls -la > > total 8 > > drwxrwxr-x. 26 postfix apache 4096 Nov 25 00:00 . > > drwxr-xr-x.? 9 root??? root??? 122 Nov 24 14:40 .. > > drwxrwx---.? 4 postfix apache?? 31 Nov? 2 23:13 20201102 > > drwxrwx---. 12 postfix apache? 215 Nov? 3 15:05 20201103 > > drwxrwx---.? 6 postfix apache?? 77 Nov? 4 08:00 20201104 > > drwxrwx---. 10 postfix apache? 169 Nov? 5 20:31 20201105 > > drwxrwx---. 14 postfix apache? 261 Nov? 6 18:00 20201106 > > drwxrwx---.? 5 postfix apache?? 54 Nov? 7 01:27 20201107 > > drwxrwx---.? 6 postfix apache?? 77 Nov? 8 10:45 20201108 > > drwxrwx---.? 8 postfix apache? 123 Nov? 9 15:37 20201109 > > [root at dot quarantine]# groups postfix > > postfix : postfix mail mtagroup > > [root at dot quarantine]# groups clamav > > groups: clamav: no such user > > [root at dot quarantine]# groups clamscan > > clamscan : clamscan virusgroup mtagroup > > Regards > > Chaminda Indrajith > > *From:* MailScanner > *On > Behalf Of *Shawn Iverson via MailScanner > *Sent:* Wednesday, November 25, 2020 9:24 PM > *To:* mailscanner at lists.mailscanner.info > *Cc:* Shawn Iverson > *Subject:* Re: MailScanner: Suspected QP DOS > > "could not read file" seems to indicate some form of permissions or > access control problem.? Have you double checked permissions on key > folders such as those within /var/spool/MailScanner? > > On 11/25/20 3:11 AM, Chaminda Indrajith wrote: > > Hi, > > After upgraded to the latest MailScanner (5.3.4), some of the read > receipts are blocked by MailScanner. > > It shows the below message in the MailWatch. Let me know how to > allow these read receipts. > > MailScanner: Suspected QP DOS > checks failed > could not read file > > Thanks > > Chaminda Indrajith > > > > -- > > Shawn Iverson > shawniverson at summitgrid.com > -- Shawn Iverson shawniverson at summitgrid.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From indrajith at sltidc.lk Wed Nov 25 17:11:46 2020 From: indrajith at sltidc.lk (Chaminda Indrajith) Date: Wed, 25 Nov 2020 22:41:46 +0530 Subject: MailScanner: Suspected QP DOS In-Reply-To: References: <000001d6c302$99929640$ccb7c2c0$@sltidc.lk> <522d6256-db7f-3199-bb41-968ac9c41cf4@summitgrid.com> <000001d6c347$0c05cf50$24116df0$@sltidc.lk> Message-ID: <000c01d6c34e$10d6db30$32849190$@sltidc.lk> Thanks Shawn, Awaiting for your patch. Regards Chaminda Indrajith From: Shawn Iverson Sent: Wednesday, November 25, 2020 10:20 PM To: Chaminda Indrajith ; 'MailScanner Discussion' Subject: Re: MailScanner: Suspected QP DOS Thank you for the information, your permissions look good. I think I see the problem. There is step on the MIME parsing in this check that assumes that the email contains a regular body. This is not always true. I will prepare a patch. On 11/25/20 11:21 AM, Chaminda Indrajith wrote: Thanks Shawn, for the reply. This happened after the upgrade from 5.0.3 to the latest. OS is CentOS 7. So, the directory permission remains unchanged. SELINUX is in permissive mode. MailScanner runs as user postfix. By the way, Is there a way of disabling QP DOC Checking? For your information, here it shows the permissions of /var/spool/MailScanner [root at dot ~]# cd /var/spool/MailScanner/ [root at dot MailScanner]# ls -la total 4 drwxr-xr-x. 9 root root 122 Nov 24 14:40 . drwxr-xr-x. 17 root root 215 Apr 11 2018 .. drwxrwxr-x. 2 root mtagroup 6 Nov 4 22:21 archive drwxrwx---. 9 postfix mtagroup 220 Nov 25 21:41 incoming drwxrwxr-x. 2 postfix mtagroup 6 Nov 4 22:21 milterin drwxrwxr-x. 2 postfix mtagroup 6 Nov 4 22:21 milterout drwxrwxr-x. 26 postfix apache 4096 Nov 25 00:00 quarantine drwxrwx---. 5 postfix mtagroup 107 Nov 24 14:33 ramdisk_store drwxrwsr-x. 2 postfix apache 58 Sep 30 08:15 spamassassin [root at dot MailScanner]# cd incoming [root at dot incoming]# ls -la total 308 drwxrwx---. 9 postfix mtagroup 220 Nov 25 21:45 . drwxr-xr-x. 9 root root 122 Nov 24 14:40 .. drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:44 3063 drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:44 3225 drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:42 3325 drwxrwx---. 4 postfix mtagroup 160 Nov 25 21:45 3489 drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:41 3526 drwxr-xr-x. 2 root postfix 200 Nov 25 18:31 Locks -rw-------. 1 postfix postfix 4096 Nov 25 21:45 Processing.db -rw-------. 1 postfix postfix 310272 Nov 25 21:45 SpamAssassin.cache.db drwxr-xr-x. 2 postfix root 100 Nov 25 21:45 SpamAssassin-Temp [root at dot incoming]# cd ../quarantine/ [root at dot quarantine]# ls -la total 8 drwxrwxr-x. 26 postfix apache 4096 Nov 25 00:00 . drwxr-xr-x. 9 root root 122 Nov 24 14:40 .. drwxrwx---. 4 postfix apache 31 Nov 2 23:13 20201102 drwxrwx---. 12 postfix apache 215 Nov 3 15:05 20201103 drwxrwx---. 6 postfix apache 77 Nov 4 08:00 20201104 drwxrwx---. 10 postfix apache 169 Nov 5 20:31 20201105 drwxrwx---. 14 postfix apache 261 Nov 6 18:00 20201106 drwxrwx---. 5 postfix apache 54 Nov 7 01:27 20201107 drwxrwx---. 6 postfix apache 77 Nov 8 10:45 20201108 drwxrwx---. 8 postfix apache 123 Nov 9 15:37 20201109 [root at dot quarantine]# groups postfix postfix : postfix mail mtagroup [root at dot quarantine]# groups clamav groups: clamav: no such user [root at dot quarantine]# groups clamscan clamscan : clamscan virusgroup mtagroup Regards Chaminda Indrajith From: MailScanner On Behalf Of Shawn Iverson via MailScanner Sent: Wednesday, November 25, 2020 9:24 PM To: mailscanner at lists.mailscanner.info Cc: Shawn Iverson Subject: Re: MailScanner: Suspected QP DOS "could not read file" seems to indicate some form of permissions or access control problem. Have you double checked permissions on key folders such as those within /var/spool/MailScanner? On 11/25/20 3:11 AM, Chaminda Indrajith wrote: Hi, After upgraded to the latest MailScanner (5.3.4), some of the read receipts are blocked by MailScanner. It shows the below message in the MailWatch. Let me know how to allow these read receipts. MailScanner: Suspected QP DOS checks failed could not read file Thanks Chaminda Indrajith -- Shawn Iverson shawniverson at summitgrid.com -- Shawn Iverson shawniverson at summitgrid.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From indrajith at sltidc.lk Wed Nov 25 17:31:07 2020 From: indrajith at sltidc.lk (Chaminda Indrajith) Date: Wed, 25 Nov 2020 23:01:07 +0530 Subject: MailScanner: Suspected QP DOS In-Reply-To: <000c01d6c34e$10d6db30$32849190$@sltidc.lk> References: <000001d6c302$99929640$ccb7c2c0$@sltidc.lk> <522d6256-db7f-3199-bb41-968ac9c41cf4@summitgrid.com> <000001d6c347$0c05cf50$24116df0$@sltidc.lk> <000c01d6c34e$10d6db30$32849190$@sltidc.lk> Message-ID: <001b01d6c350$c49298b0$4db7ca10$@sltidc.lk> Shawan, Until fix is released, is there a temporary way for disabling the check QP DOS Thanks Chaminda Indrajith From: MailScanner On Behalf Of Chaminda Indrajith Sent: Wednesday, November 25, 2020 10:42 PM To: 'Shawn Iverson' ; 'MailScanner Discussion' Subject: RE: MailScanner: Suspected QP DOS Thanks Shawn, Awaiting for your patch. Regards Chaminda Indrajith From: Shawn Iverson > Sent: Wednesday, November 25, 2020 10:20 PM To: Chaminda Indrajith >; 'MailScanner Discussion' > Subject: Re: MailScanner: Suspected QP DOS Thank you for the information, your permissions look good. I think I see the problem. There is step on the MIME parsing in this check that assumes that the email contains a regular body. This is not always true. I will prepare a patch. On 11/25/20 11:21 AM, Chaminda Indrajith wrote: Thanks Shawn, for the reply. This happened after the upgrade from 5.0.3 to the latest. OS is CentOS 7. So, the directory permission remains unchanged. SELINUX is in permissive mode. MailScanner runs as user postfix. By the way, Is there a way of disabling QP DOC Checking? For your information, here it shows the permissions of /var/spool/MailScanner [root at dot ~]# cd /var/spool/MailScanner/ [root at dot MailScanner]# ls -la total 4 drwxr-xr-x. 9 root root 122 Nov 24 14:40 . drwxr-xr-x. 17 root root 215 Apr 11 2018 .. drwxrwxr-x. 2 root mtagroup 6 Nov 4 22:21 archive drwxrwx---. 9 postfix mtagroup 220 Nov 25 21:41 incoming drwxrwxr-x. 2 postfix mtagroup 6 Nov 4 22:21 milterin drwxrwxr-x. 2 postfix mtagroup 6 Nov 4 22:21 milterout drwxrwxr-x. 26 postfix apache 4096 Nov 25 00:00 quarantine drwxrwx---. 5 postfix mtagroup 107 Nov 24 14:33 ramdisk_store drwxrwsr-x. 2 postfix apache 58 Sep 30 08:15 spamassassin [root at dot MailScanner]# cd incoming [root at dot incoming]# ls -la total 308 drwxrwx---. 9 postfix mtagroup 220 Nov 25 21:45 . drwxr-xr-x. 9 root root 122 Nov 24 14:40 .. drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:44 3063 drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:44 3225 drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:42 3325 drwxrwx---. 4 postfix mtagroup 160 Nov 25 21:45 3489 drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:41 3526 drwxr-xr-x. 2 root postfix 200 Nov 25 18:31 Locks -rw-------. 1 postfix postfix 4096 Nov 25 21:45 Processing.db -rw-------. 1 postfix postfix 310272 Nov 25 21:45 SpamAssassin.cache.db drwxr-xr-x. 2 postfix root 100 Nov 25 21:45 SpamAssassin-Temp [root at dot incoming]# cd ../quarantine/ [root at dot quarantine]# ls -la total 8 drwxrwxr-x. 26 postfix apache 4096 Nov 25 00:00 . drwxr-xr-x. 9 root root 122 Nov 24 14:40 .. drwxrwx---. 4 postfix apache 31 Nov 2 23:13 20201102 drwxrwx---. 12 postfix apache 215 Nov 3 15:05 20201103 drwxrwx---. 6 postfix apache 77 Nov 4 08:00 20201104 drwxrwx---. 10 postfix apache 169 Nov 5 20:31 20201105 drwxrwx---. 14 postfix apache 261 Nov 6 18:00 20201106 drwxrwx---. 5 postfix apache 54 Nov 7 01:27 20201107 drwxrwx---. 6 postfix apache 77 Nov 8 10:45 20201108 drwxrwx---. 8 postfix apache 123 Nov 9 15:37 20201109 [root at dot quarantine]# groups postfix postfix : postfix mail mtagroup [root at dot quarantine]# groups clamav groups: clamav: no such user [root at dot quarantine]# groups clamscan clamscan : clamscan virusgroup mtagroup Regards Chaminda Indrajith From: MailScanner On Behalf Of Shawn Iverson via MailScanner Sent: Wednesday, November 25, 2020 9:24 PM To: mailscanner at lists.mailscanner.info Cc: Shawn Iverson Subject: Re: MailScanner: Suspected QP DOS "could not read file" seems to indicate some form of permissions or access control problem. Have you double checked permissions on key folders such as those within /var/spool/MailScanner? On 11/25/20 3:11 AM, Chaminda Indrajith wrote: Hi, After upgraded to the latest MailScanner (5.3.4), some of the read receipts are blocked by MailScanner. It shows the below message in the MailWatch. Let me know how to allow these read receipts. MailScanner: Suspected QP DOS checks failed could not read file Thanks Chaminda Indrajith -- Shawn Iverson shawniverson at summitgrid.com -- Shawn Iverson shawniverson at summitgrid.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From shawniverson at summitgrid.com Sat Nov 28 22:32:29 2020 From: shawniverson at summitgrid.com (Shawn Iverson) Date: Sat, 28 Nov 2020 17:32:29 -0500 Subject: MailScanner: Suspected QP DOS In-Reply-To: <001b01d6c350$c49298b0$4db7ca10$@sltidc.lk> References: <000001d6c302$99929640$ccb7c2c0$@sltidc.lk> <522d6256-db7f-3199-bb41-968ac9c41cf4@summitgrid.com> <000001d6c347$0c05cf50$24116df0$@sltidc.lk> <000c01d6c34e$10d6db30$32849190$@sltidc.lk> <001b01d6c350$c49298b0$4db7ca10$@sltidc.lk> Message-ID: <3b401456-bbc9-7aa1-17a3-0ee41ad6a53d@summitgrid.com> Hello Chaminda, Can you confirm whether the patch worked? On 11/25/20 12:31 PM, Chaminda Indrajith wrote: > > Shawan, > > Until fix is released, is there a temporary way for disabling the > check QP DOS > > Thanks > > Chaminda Indrajith > > *From:* MailScanner > *On > Behalf Of *Chaminda Indrajith > *Sent:* Wednesday, November 25, 2020 10:42 PM > *To:* 'Shawn Iverson' ; 'MailScanner > Discussion' > *Subject:* RE: MailScanner: Suspected QP DOS > > Thanks Shawn, > > Awaiting for your patch. > > Regards > > Chaminda Indrajith > > *From:* Shawn Iverson > > *Sent:* Wednesday, November 25, 2020 10:20 PM > *To:* Chaminda Indrajith >; 'MailScanner Discussion' > > > *Subject:* Re: MailScanner: Suspected QP DOS > > Thank you for the information, your permissions look good. > > I think I see the problem.? There is step on the MIME parsing in this > check that assumes that the email contains a regular body.? This is > not always true. > > I will prepare a patch. > > On 11/25/20 11:21 AM, Chaminda Indrajith wrote: > > Thanks Shawn, for the reply. > > This happened after the upgrade from 5.0.3 to the latest. OS is > CentOS 7. So, the directory permission remains unchanged. SELINUX > is in permissive mode. MailScanner runs as user postfix. By the > way, Is there a way of disabling QP DOC Checking? For your > information, here it shows the permissions of /var/spool/MailScanner > > [root at dot ~]# cd /var/spool/MailScanner/ > > [root at dot MailScanner]# ls -la > > total 4 > > drwxr-xr-x.? 9 root root????? 122 Nov 24 14:40 . > > drwxr-xr-x. 17 root root????? 215 Apr 11? 2018 .. > > drwxrwxr-x.? 2 root mtagroup??? 6 Nov? 4 22:21 archive > > drwxrwx---.? 9 postfix mtagroup? 220 Nov 25 21:41 incoming > > drwxrwxr-x.? 2 postfix mtagroup??? 6 Nov? 4 22:21 milterin > > drwxrwxr-x.? 2 postfix mtagroup??? 6 Nov? 4 22:21 milterout > > drwxrwxr-x. 26 postfix apache?? 4096 Nov 25 00:00 quarantine > > drwxrwx---.? 5 postfix mtagroup? 107 Nov 24 14:33 ramdisk_store > > drwxrwsr-x.? 2 postfix apache???? 58 Sep 30 08:15 spamassassin > > [root at dot MailScanner]# cd incoming > > [root at dot incoming]# ls -la > > total 308 > > drwxrwx---. 9 postfix mtagroup??? 220 Nov 25 21:45 . > > drwxr-xr-x. 9 root root??????? 122 Nov 24 14:40 .. > > drwxrwx---. 2 postfix mtagroup???? 40 Nov 25 21:44 3063 > > drwxrwx---. 2 postfix mtagroup???? 40 Nov 25 21:44 3225 > > drwxrwx---. 2 postfix mtagroup???? 40 Nov 25 21:42 3325 > > drwxrwx---. 4 postfix mtagroup??? 160 Nov 25 21:45 3489 > > drwxrwx---. 2 postfix mtagroup???? 40 Nov 25 21:41 3526 > > drwxr-xr-x. 2 root postfix???? 200 Nov 25 18:31 Locks > > -rw-------. 1 postfix postfix??? 4096 Nov 25 21:45 Processing.db > > -rw-------. 1 postfix postfix? 310272 Nov 25 21:45 > SpamAssassin.cache.db > > drwxr-xr-x. 2 postfix root??????? 100 Nov 25 21:45 SpamAssassin-Temp > > [root at dot incoming]# cd ../quarantine/ > > [root at dot quarantine]# ls -la > > total 8 > > drwxrwxr-x. 26 postfix apache 4096 Nov 25 00:00 . > > drwxr-xr-x.? 9 root root??? 122 Nov 24 14:40 .. > > drwxrwx---.? 4 postfix apache?? 31 Nov? 2 23:13 20201102 > > drwxrwx---. 12 postfix apache? 215 Nov? 3 15:05 20201103 > > drwxrwx---.? 6 postfix apache?? 77 Nov? 4 08:00 20201104 > > drwxrwx---. 10 postfix apache? 169 Nov? 5 20:31 20201105 > > drwxrwx---. 14 postfix apache? 261 Nov? 6 18:00 20201106 > > drwxrwx---.? 5 postfix apache?? 54 Nov? 7 01:27 20201107 > > drwxrwx---.? 6 postfix apache?? 77 Nov? 8 10:45 20201108 > > drwxrwx---.? 8 postfix apache? 123 Nov? 9 15:37 20201109 > > [root at dot quarantine]# groups postfix > > postfix : postfix mail mtagroup > > [root at dot quarantine]# groups clamav > > groups: clamav: no such user > > [root at dot quarantine]# groups clamscan > > clamscan : clamscan virusgroup mtagroup > > Regards > > Chaminda Indrajith > > *From:* MailScanner > > > *On Behalf Of *Shawn Iverson via MailScanner > *Sent:* Wednesday, November 25, 2020 9:24 PM > *To:* mailscanner at lists.mailscanner.info > > *Cc:* Shawn Iverson > > *Subject:* Re: MailScanner: Suspected QP DOS > > "could not read file" seems to indicate some form of permissions > or access control problem.? Have you double checked permissions on > key folders such as those within /var/spool/MailScanner? > > On 11/25/20 3:11 AM, Chaminda Indrajith wrote: > > Hi, > > After upgraded to the latest MailScanner (5.3.4), some of the > read receipts are blocked by MailScanner. > > It shows the below message in the MailWatch. Let me know how > to allow these read receipts. > > MailScanner: Suspected QP DOS > checks failed > could not read file > > Thanks > > Chaminda Indrajith > > > > > > > > -- > > Shawn Iverson > shawniverson at summitgrid.com > > -- > > Shawn Iverson > shawniverson at summitgrid.com > -- Shawn Iverson shawniverson at summitgrid.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From indrajith at sltidc.lk Sun Nov 29 00:58:49 2020 From: indrajith at sltidc.lk (Chaminda Indrajith) Date: Sun, 29 Nov 2020 06:28:49 +0530 Subject: MailScanner: Suspected QP DOS In-Reply-To: <3b401456-bbc9-7aa1-17a3-0ee41ad6a53d@summitgrid.com> References: <000001d6c302$99929640$ccb7c2c0$@sltidc.lk> <522d6256-db7f-3199-bb41-968ac9c41cf4@summitgrid.com> <000001d6c347$0c05cf50$24116df0$@sltidc.lk> <000c01d6c34e$10d6db30$32849190$@sltidc.lk> <001b01d6c350$c49298b0$4db7ca10$@sltidc.lk> <3b401456-bbc9-7aa1-17a3-0ee41ad6a53d@summitgrid.com> Message-ID: <000101d6c5ea$cf342ad0$6d9c8070$@sltidc.lk> Hi Shawan, Yes, it did. Last two days I have observed in all the gateways and so far, there is no issue. Read receipts are not blocked. Thanks for your support. Regards Chaminda Indrajith From: Shawn Iverson Sent: Sunday, November 29, 2020 4:02 AM To: Chaminda Indrajith ; 'MailScanner Discussion' Subject: Re: MailScanner: Suspected QP DOS Hello Chaminda, Can you confirm whether the patch worked? On 11/25/20 12:31 PM, Chaminda Indrajith wrote: Shawan, Until fix is released, is there a temporary way for disabling the check QP DOS Thanks Chaminda Indrajith From: MailScanner On Behalf Of Chaminda Indrajith Sent: Wednesday, November 25, 2020 10:42 PM To: 'Shawn Iverson' ; 'MailScanner Discussion' Subject: RE: MailScanner: Suspected QP DOS Thanks Shawn, Awaiting for your patch. Regards Chaminda Indrajith From: Shawn Iverson > Sent: Wednesday, November 25, 2020 10:20 PM To: Chaminda Indrajith >; 'MailScanner Discussion' > Subject: Re: MailScanner: Suspected QP DOS Thank you for the information, your permissions look good. I think I see the problem. There is step on the MIME parsing in this check that assumes that the email contains a regular body. This is not always true. I will prepare a patch. On 11/25/20 11:21 AM, Chaminda Indrajith wrote: Thanks Shawn, for the reply. This happened after the upgrade from 5.0.3 to the latest. OS is CentOS 7. So, the directory permission remains unchanged. SELINUX is in permissive mode. MailScanner runs as user postfix. By the way, Is there a way of disabling QP DOC Checking? For your information, here it shows the permissions of /var/spool/MailScanner [root at dot ~]# cd /var/spool/MailScanner/ [root at dot MailScanner]# ls -la total 4 drwxr-xr-x. 9 root root 122 Nov 24 14:40 . drwxr-xr-x. 17 root root 215 Apr 11 2018 .. drwxrwxr-x. 2 root mtagroup 6 Nov 4 22:21 archive drwxrwx---. 9 postfix mtagroup 220 Nov 25 21:41 incoming drwxrwxr-x. 2 postfix mtagroup 6 Nov 4 22:21 milterin drwxrwxr-x. 2 postfix mtagroup 6 Nov 4 22:21 milterout drwxrwxr-x. 26 postfix apache 4096 Nov 25 00:00 quarantine drwxrwx---. 5 postfix mtagroup 107 Nov 24 14:33 ramdisk_store drwxrwsr-x. 2 postfix apache 58 Sep 30 08:15 spamassassin [root at dot MailScanner]# cd incoming [root at dot incoming]# ls -la total 308 drwxrwx---. 9 postfix mtagroup 220 Nov 25 21:45 . drwxr-xr-x. 9 root root 122 Nov 24 14:40 .. drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:44 3063 drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:44 3225 drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:42 3325 drwxrwx---. 4 postfix mtagroup 160 Nov 25 21:45 3489 drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:41 3526 drwxr-xr-x. 2 root postfix 200 Nov 25 18:31 Locks -rw-------. 1 postfix postfix 4096 Nov 25 21:45 Processing.db -rw-------. 1 postfix postfix 310272 Nov 25 21:45 SpamAssassin.cache.db drwxr-xr-x. 2 postfix root 100 Nov 25 21:45 SpamAssassin-Temp [root at dot incoming]# cd ../quarantine/ [root at dot quarantine]# ls -la total 8 drwxrwxr-x. 26 postfix apache 4096 Nov 25 00:00 . drwxr-xr-x. 9 root root 122 Nov 24 14:40 .. drwxrwx---. 4 postfix apache 31 Nov 2 23:13 20201102 drwxrwx---. 12 postfix apache 215 Nov 3 15:05 20201103 drwxrwx---. 6 postfix apache 77 Nov 4 08:00 20201104 drwxrwx---. 10 postfix apache 169 Nov 5 20:31 20201105 drwxrwx---. 14 postfix apache 261 Nov 6 18:00 20201106 drwxrwx---. 5 postfix apache 54 Nov 7 01:27 20201107 drwxrwx---. 6 postfix apache 77 Nov 8 10:45 20201108 drwxrwx---. 8 postfix apache 123 Nov 9 15:37 20201109 [root at dot quarantine]# groups postfix postfix : postfix mail mtagroup [root at dot quarantine]# groups clamav groups: clamav: no such user [root at dot quarantine]# groups clamscan clamscan : clamscan virusgroup mtagroup Regards Chaminda Indrajith From: MailScanner On Behalf Of Shawn Iverson via MailScanner Sent: Wednesday, November 25, 2020 9:24 PM To: mailscanner at lists.mailscanner.info Cc: Shawn Iverson Subject: Re: MailScanner: Suspected QP DOS "could not read file" seems to indicate some form of permissions or access control problem. Have you double checked permissions on key folders such as those within /var/spool/MailScanner? On 11/25/20 3:11 AM, Chaminda Indrajith wrote: Hi, After upgraded to the latest MailScanner (5.3.4), some of the read receipts are blocked by MailScanner. It shows the below message in the MailWatch. Let me know how to allow these read receipts. MailScanner: Suspected QP DOS checks failed could not read file Thanks Chaminda Indrajith -- Shawn Iverson shawniverson at summitgrid.com -- Shawn Iverson shawniverson at summitgrid.com -- Shawn Iverson shawniverson at summitgrid.com -------------- next part -------------- An HTML attachment was scrubbed... URL: