MailScanner: Suspected QP DOS
Chaminda Indrajith
indrajith at sltidc.lk
Sun Nov 29 00:58:49 UTC 2020
Hi Shawan,
Yes, it did. Last two days I have observed in all the gateways and so far,
there is no issue. Read receipts are not blocked.
Thanks for your support.
Regards
Chaminda Indrajith
From: Shawn Iverson <shawniverson at summitgrid.com>
Sent: Sunday, November 29, 2020 4:02 AM
To: Chaminda Indrajith <indrajith at sltidc.lk>; 'MailScanner Discussion'
<mailscanner at lists.mailscanner.info>
Subject: Re: MailScanner: Suspected QP DOS
Hello Chaminda,
Can you confirm whether the patch worked?
On 11/25/20 12:31 PM, Chaminda Indrajith wrote:
Shawan,
Until fix is released, is there a temporary way for disabling the check QP
DOS
Thanks
Chaminda Indrajith
From: MailScanner
<mailto:mailscanner-bounces+indrajith=sltidc.lk at lists.mailscanner.info>
<mailscanner-bounces+indrajith=sltidc.lk at lists.mailscanner.info> On Behalf
Of Chaminda Indrajith
Sent: Wednesday, November 25, 2020 10:42 PM
To: 'Shawn Iverson' <mailto:shawniverson at summitgrid.com>
<shawniverson at summitgrid.com>; 'MailScanner Discussion'
<mailto:mailscanner at lists.mailscanner.info>
<mailscanner at lists.mailscanner.info>
Subject: RE: MailScanner: Suspected QP DOS
Thanks Shawn,
Awaiting for your patch.
Regards
Chaminda Indrajith
From: Shawn Iverson <shawniverson at summitgrid.com
<mailto:shawniverson at summitgrid.com> >
Sent: Wednesday, November 25, 2020 10:20 PM
To: Chaminda Indrajith <indrajith at sltidc.lk <mailto:indrajith at sltidc.lk> >;
'MailScanner Discussion' <mailscanner at lists.mailscanner.info
<mailto:mailscanner at lists.mailscanner.info> >
Subject: Re: MailScanner: Suspected QP DOS
Thank you for the information, your permissions look good.
I think I see the problem. There is step on the MIME parsing in this check
that assumes that the email contains a regular body. This is not always
true.
I will prepare a patch.
On 11/25/20 11:21 AM, Chaminda Indrajith wrote:
Thanks Shawn, for the reply.
This happened after the upgrade from 5.0.3 to the latest. OS is CentOS 7.
So, the directory permission remains unchanged. SELINUX is in permissive
mode. MailScanner runs as user postfix. By the way, Is there a way of
disabling QP DOC Checking? For your information, here it shows the
permissions of /var/spool/MailScanner
[root at dot ~]# cd /var/spool/MailScanner/
[root at dot MailScanner]# ls -la
total 4
drwxr-xr-x. 9 root root 122 Nov 24 14:40 .
drwxr-xr-x. 17 root root 215 Apr 11 2018 ..
drwxrwxr-x. 2 root mtagroup 6 Nov 4 22:21 archive
drwxrwx---. 9 postfix mtagroup 220 Nov 25 21:41 incoming
drwxrwxr-x. 2 postfix mtagroup 6 Nov 4 22:21 milterin
drwxrwxr-x. 2 postfix mtagroup 6 Nov 4 22:21 milterout
drwxrwxr-x. 26 postfix apache 4096 Nov 25 00:00 quarantine
drwxrwx---. 5 postfix mtagroup 107 Nov 24 14:33 ramdisk_store
drwxrwsr-x. 2 postfix apache 58 Sep 30 08:15 spamassassin
[root at dot MailScanner]# cd incoming
[root at dot incoming]# ls -la
total 308
drwxrwx---. 9 postfix mtagroup 220 Nov 25 21:45 .
drwxr-xr-x. 9 root root 122 Nov 24 14:40 ..
drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:44 3063
drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:44 3225
drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:42 3325
drwxrwx---. 4 postfix mtagroup 160 Nov 25 21:45 3489
drwxrwx---. 2 postfix mtagroup 40 Nov 25 21:41 3526
drwxr-xr-x. 2 root postfix 200 Nov 25 18:31 Locks
-rw-------. 1 postfix postfix 4096 Nov 25 21:45 Processing.db
-rw-------. 1 postfix postfix 310272 Nov 25 21:45 SpamAssassin.cache.db
drwxr-xr-x. 2 postfix root 100 Nov 25 21:45 SpamAssassin-Temp
[root at dot incoming]# cd ../quarantine/
[root at dot quarantine]# ls -la
total 8
drwxrwxr-x. 26 postfix apache 4096 Nov 25 00:00 .
drwxr-xr-x. 9 root root 122 Nov 24 14:40 ..
drwxrwx---. 4 postfix apache 31 Nov 2 23:13 20201102
drwxrwx---. 12 postfix apache 215 Nov 3 15:05 20201103
drwxrwx---. 6 postfix apache 77 Nov 4 08:00 20201104
drwxrwx---. 10 postfix apache 169 Nov 5 20:31 20201105
drwxrwx---. 14 postfix apache 261 Nov 6 18:00 20201106
drwxrwx---. 5 postfix apache 54 Nov 7 01:27 20201107
drwxrwx---. 6 postfix apache 77 Nov 8 10:45 20201108
drwxrwx---. 8 postfix apache 123 Nov 9 15:37 20201109
[root at dot quarantine]# groups postfix
postfix : postfix mail mtagroup
[root at dot quarantine]# groups clamav
groups: clamav: no such user
[root at dot quarantine]# groups clamscan
clamscan : clamscan virusgroup mtagroup
Regards
Chaminda Indrajith
From: MailScanner
<mailto:mailscanner-bounces+indrajith=sltidc.lk at lists.mailscanner.info>
<mailscanner-bounces+indrajith=sltidc.lk at lists.mailscanner.info> On Behalf
Of Shawn Iverson via MailScanner
Sent: Wednesday, November 25, 2020 9:24 PM
To: mailscanner at lists.mailscanner.info
<mailto:mailscanner at lists.mailscanner.info>
Cc: Shawn Iverson <mailto:shawniverson at summitgrid.com>
<shawniverson at summitgrid.com>
Subject: Re: MailScanner: Suspected QP DOS
"could not read file" seems to indicate some form of permissions or access
control problem. Have you double checked permissions on key folders such as
those within /var/spool/MailScanner?
On 11/25/20 3:11 AM, Chaminda Indrajith wrote:
Hi,
After upgraded to the latest MailScanner (5.3.4), some of the read receipts
are blocked by MailScanner.
It shows the below message in the MailWatch. Let me know how to allow these
read receipts.
MailScanner: Suspected QP DOS
checks failed
could not read file
Thanks
Chaminda Indrajith
--
<http://mailserver.summitgrid.org/logo_text_sig.png>
Shawn Iverson
shawniverson at summitgrid.com <mailto:shawniverson at summitgrid.com>
--
<http://mailserver.summitgrid.org/logo_text_sig.png>
Shawn Iverson
shawniverson at summitgrid.com <mailto:shawniverson at summitgrid.com>
--
<http://mailserver.summitgrid.org/logo_text_sig.png>
Shawn Iverson
shawniverson at summitgrid.com <mailto:shawniverson at summitgrid.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20201129/69128b68/attachment.html>
More information about the MailScanner
mailing list