MailScanner: Suspected QP DOS
Shawn Iverson
shawniverson at summitgrid.com
Sat Nov 28 22:32:29 UTC 2020
Hello Chaminda,
Can you confirm whether the patch worked?
On 11/25/20 12:31 PM, Chaminda Indrajith wrote:
>
> Shawan,
>
> Until fix is released, is there a temporary way for disabling the
> check QP DOS
>
> Thanks
>
> Chaminda Indrajith
>
> *From:* MailScanner
> <mailscanner-bounces+indrajith=sltidc.lk at lists.mailscanner.info> *On
> Behalf Of *Chaminda Indrajith
> *Sent:* Wednesday, November 25, 2020 10:42 PM
> *To:* 'Shawn Iverson' <shawniverson at summitgrid.com>; 'MailScanner
> Discussion' <mailscanner at lists.mailscanner.info>
> *Subject:* RE: MailScanner: Suspected QP DOS
>
> Thanks Shawn,
>
> Awaiting for your patch.
>
> Regards
>
> Chaminda Indrajith
>
> *From:* Shawn Iverson <shawniverson at summitgrid.com
> <mailto:shawniverson at summitgrid.com>>
> *Sent:* Wednesday, November 25, 2020 10:20 PM
> *To:* Chaminda Indrajith <indrajith at sltidc.lk
> <mailto:indrajith at sltidc.lk>>; 'MailScanner Discussion'
> <mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>>
> *Subject:* Re: MailScanner: Suspected QP DOS
>
> Thank you for the information, your permissions look good.
>
> I think I see the problem. There is step on the MIME parsing in this
> check that assumes that the email contains a regular body. This is
> not always true.
>
> I will prepare a patch.
>
> On 11/25/20 11:21 AM, Chaminda Indrajith wrote:
>
> Thanks Shawn, for the reply.
>
> This happened after the upgrade from 5.0.3 to the latest. OS is
> CentOS 7. So, the directory permission remains unchanged. SELINUX
> is in permissive mode. MailScanner runs as user postfix. By the
> way, Is there a way of disabling QP DOC Checking? For your
> information, here it shows the permissions of /var/spool/MailScanner
>
> [root at dot ~]# cd /var/spool/MailScanner/
>
> [root at dot MailScanner]# ls -la
>
> total 4
>
> drwxr-xr-x. 9 root root 122 Nov 24 14:40 .
>
> drwxr-xr-x. 17 root root 215 Apr 11 2018 ..
>
> drwxrwxr-x. 2 root mtagroup 6 Nov 4 22:21 archive
>
> drwxrwx---. 9 postfix mtagroup 220 Nov 25 21:41 incoming
>
> drwxrwxr-x. 2 postfix mtagroup 6 Nov 4 22:21 milterin
>
> drwxrwxr-x. 2 postfix mtagroup 6 Nov 4 22:21 milterout
>
> drwxrwxr-x. 26 postfix apache 4096 Nov 25 00:00 quarantine
>
> drwxrwx---. 5 postfix mtagroup 107 Nov 24 14:33 ramdisk_store
>
> drwxrwsr-x. 2 postfix apache 58 Sep 30 08:15 spamassassin
>
> [root at dot MailScanner]# cd incoming
>
> [root at dot incoming]# ls -la
>
> total 308
>
> drwxrwx---. 9 postfix mtagroup 220 Nov 25 21:45 .
>
> drwxr-xr-x. 9 root root 122 Nov 24 14:40 ..
>
> drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:44 3063
>
> drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:44 3225
>
> drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:42 3325
>
> drwxrwx---. 4 postfix mtagroup 160 Nov 25 21:45 3489
>
> drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:41 3526
>
> drwxr-xr-x. 2 root postfix 200 Nov 25 18:31 Locks
>
> -rw-------. 1 postfix postfix 4096 Nov 25 21:45 Processing.db
>
> -rw-------. 1 postfix postfix 310272 Nov 25 21:45
> SpamAssassin.cache.db
>
> drwxr-xr-x. 2 postfix root 100 Nov 25 21:45 SpamAssassin-Temp
>
> [root at dot incoming]# cd ../quarantine/
>
> [root at dot quarantine]# ls -la
>
> total 8
>
> drwxrwxr-x. 26 postfix apache 4096 Nov 25 00:00 .
>
> drwxr-xr-x. 9 root root 122 Nov 24 14:40 ..
>
> drwxrwx---. 4 postfix apache 31 Nov 2 23:13 20201102
>
> drwxrwx---. 12 postfix apache 215 Nov 3 15:05 20201103
>
> drwxrwx---. 6 postfix apache 77 Nov 4 08:00 20201104
>
> drwxrwx---. 10 postfix apache 169 Nov 5 20:31 20201105
>
> drwxrwx---. 14 postfix apache 261 Nov 6 18:00 20201106
>
> drwxrwx---. 5 postfix apache 54 Nov 7 01:27 20201107
>
> drwxrwx---. 6 postfix apache 77 Nov 8 10:45 20201108
>
> drwxrwx---. 8 postfix apache 123 Nov 9 15:37 20201109
>
> [root at dot quarantine]# groups postfix
>
> postfix : postfix mail mtagroup
>
> [root at dot quarantine]# groups clamav
>
> groups: clamav: no such user
>
> [root at dot quarantine]# groups clamscan
>
> clamscan : clamscan virusgroup mtagroup
>
> Regards
>
> Chaminda Indrajith
>
> *From:* MailScanner
> <mailscanner-bounces+indrajith=sltidc.lk at lists.mailscanner.info>
> <mailto:mailscanner-bounces+indrajith=sltidc.lk at lists.mailscanner.info>
> *On Behalf Of *Shawn Iverson via MailScanner
> *Sent:* Wednesday, November 25, 2020 9:24 PM
> *To:* mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>
> *Cc:* Shawn Iverson <shawniverson at summitgrid.com>
> <mailto:shawniverson at summitgrid.com>
> *Subject:* Re: MailScanner: Suspected QP DOS
>
> "could not read file" seems to indicate some form of permissions
> or access control problem. Have you double checked permissions on
> key folders such as those within /var/spool/MailScanner?
>
> On 11/25/20 3:11 AM, Chaminda Indrajith wrote:
>
> Hi,
>
> After upgraded to the latest MailScanner (5.3.4), some of the
> read receipts are blocked by MailScanner.
>
> It shows the below message in the MailWatch. Let me know how
> to allow these read receipts.
>
> MailScanner: Suspected QP DOS
> checks failed
> could not read file
>
> Thanks
>
> Chaminda Indrajith
>
>
>
>
>
>
>
> --
>
> Shawn Iverson
> shawniverson at summitgrid.com <mailto:shawniverson at summitgrid.com>
>
> --
>
> Shawn Iverson
> shawniverson at summitgrid.com <mailto:shawniverson at summitgrid.com>
>
--
Shawn Iverson
shawniverson at summitgrid.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20201128/3815089a/attachment.html>
More information about the MailScanner
mailing list