MailScanner: Suspected QP DOS

Chaminda Indrajith indrajith at sltidc.lk
Wed Nov 25 16:21:31 UTC 2020 

Thanks Shawn, for the reply. 

This happened after the upgrade from 5.0.3 to the latest. OS is CentOS 7.
So, the directory permission remains unchanged. SELINUX is in permissive
mode. MailScanner runs as user postfix. By the way, Is there a way of
disabling QP DOC Checking? For your information, here it shows the
permissions of /var/spool/MailScanner

 

[root at dot ~]# cd /var/spool/MailScanner/

[root at dot MailScanner]# ls -la

total 4

drwxr-xr-x.  9 root    root      122 Nov 24 14:40 .

drwxr-xr-x. 17 root    root      215 Apr 11  2018 ..

drwxrwxr-x.  2 root    mtagroup    6 Nov  4 22:21 archive

drwxrwx---.  9 postfix mtagroup  220 Nov 25 21:41 incoming

drwxrwxr-x.  2 postfix mtagroup    6 Nov  4 22:21 milterin

drwxrwxr-x.  2 postfix mtagroup    6 Nov  4 22:21 milterout

drwxrwxr-x. 26 postfix apache   4096 Nov 25 00:00 quarantine

drwxrwx---.  5 postfix mtagroup  107 Nov 24 14:33 ramdisk_store

drwxrwsr-x.  2 postfix apache     58 Sep 30 08:15 spamassassin

 

[root at dot MailScanner]# cd incoming

[root at dot incoming]# ls -la

total 308

drwxrwx---. 9 postfix mtagroup    220 Nov 25 21:45 .

drwxr-xr-x. 9 root    root        122 Nov 24 14:40 ..

drwxrwx---. 2 postfix mtagroup     40 Nov 25 21:44 3063

drwxrwx---. 2 postfix mtagroup     40 Nov 25 21:44 3225

drwxrwx---. 2 postfix mtagroup     40 Nov 25 21:42 3325

drwxrwx---. 4 postfix mtagroup    160 Nov 25 21:45 3489

drwxrwx---. 2 postfix mtagroup     40 Nov 25 21:41 3526

drwxr-xr-x. 2 root    postfix     200 Nov 25 18:31 Locks

-rw-------. 1 postfix postfix    4096 Nov 25 21:45 Processing.db

-rw-------. 1 postfix postfix  310272 Nov 25 21:45 SpamAssassin.cache.db

drwxr-xr-x. 2 postfix root        100 Nov 25 21:45 SpamAssassin-Temp

 

[root at dot incoming]# cd ../quarantine/

[root at dot quarantine]# ls -la

total 8

drwxrwxr-x. 26 postfix apache 4096 Nov 25 00:00 .

drwxr-xr-x.  9 root    root    122 Nov 24 14:40 ..

drwxrwx---.  4 postfix apache   31 Nov  2 23:13 20201102

drwxrwx---. 12 postfix apache  215 Nov  3 15:05 20201103

drwxrwx---.  6 postfix apache   77 Nov  4 08:00 20201104

drwxrwx---. 10 postfix apache  169 Nov  5 20:31 20201105

drwxrwx---. 14 postfix apache  261 Nov  6 18:00 20201106

drwxrwx---.  5 postfix apache   54 Nov  7 01:27 20201107

drwxrwx---.  6 postfix apache   77 Nov  8 10:45 20201108

drwxrwx---.  8 postfix apache  123 Nov  9 15:37 20201109

 

[root at dot quarantine]# groups postfix

postfix : postfix mail mtagroup

[root at dot quarantine]# groups clamav

groups: clamav: no such user

[root at dot quarantine]# groups clamscan

clamscan : clamscan virusgroup mtagroup

 

 

Regards

Chaminda Indrajith

 

From: MailScanner
<mailscanner-bounces+indrajith=sltidc.lk at lists.mailscanner.info> On Behalf
Of Shawn Iverson via MailScanner
Sent: Wednesday, November 25, 2020 9:24 PM
To: mailscanner at lists.mailscanner.info
Cc: Shawn Iverson <shawniverson at summitgrid.com>
Subject: Re: MailScanner: Suspected QP DOS

 

"could not read file" seems to indicate some form of permissions or access
control problem.  Have you double checked permissions on key folders such as
those within /var/spool/MailScanner?

 

On 11/25/20 3:11 AM, Chaminda Indrajith wrote:

Hi,

After upgraded to the latest MailScanner (5.3.4), some of the read receipts
are blocked by MailScanner.

It shows the below message in the MailWatch. Let me know how to allow these
read receipts.

 

MailScanner: Suspected QP DOS
checks failed
could not read file

 

Thanks

Chaminda Indrajith





 
 

-- 
  <http://mailserver.summitgrid.org/logo_text_sig.png> 
Shawn Iverson
shawniverson at summitgrid.com <mailto:shawniverson at summitgrid.com> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20201125/88110a03/attachment.html>

More information about the MailScanner mailing list