MailScanner: Suspected QP DOS

Chaminda Indrajith indrajith at sltidc.lk
Sun Nov 29 00:58:49 UTC 2020


Hi Shawan,

Yes, it did. Last two days I have observed in all the gateways and so far,
there is no issue. Read receipts are not blocked.

Thanks for your support.

Regards

Chaminda Indrajith

 

From: Shawn Iverson <shawniverson at summitgrid.com> 
Sent: Sunday, November 29, 2020 4:02 AM
To: Chaminda Indrajith <indrajith at sltidc.lk>; 'MailScanner Discussion'
<mailscanner at lists.mailscanner.info>
Subject: Re: MailScanner: Suspected QP DOS

 

Hello Chaminda,

Can you confirm whether the patch worked?

On 11/25/20 12:31 PM, Chaminda Indrajith wrote:

Shawan,

Until fix is released, is there a temporary way for disabling the check QP
DOS

Thanks

Chaminda Indrajith

 

From: MailScanner
<mailto:mailscanner-bounces+indrajith=sltidc.lk at lists.mailscanner.info>
<mailscanner-bounces+indrajith=sltidc.lk at lists.mailscanner.info> On Behalf
Of Chaminda Indrajith
Sent: Wednesday, November 25, 2020 10:42 PM
To: 'Shawn Iverson'  <mailto:shawniverson at summitgrid.com>
<shawniverson at summitgrid.com>; 'MailScanner Discussion'
<mailto:mailscanner at lists.mailscanner.info>
<mailscanner at lists.mailscanner.info>
Subject: RE: MailScanner: Suspected QP DOS

 

Thanks Shawn,

Awaiting for your patch.

Regards

Chaminda Indrajith

 

From: Shawn Iverson <shawniverson at summitgrid.com
<mailto:shawniverson at summitgrid.com> > 
Sent: Wednesday, November 25, 2020 10:20 PM
To: Chaminda Indrajith <indrajith at sltidc.lk <mailto:indrajith at sltidc.lk> >;
'MailScanner Discussion' <mailscanner at lists.mailscanner.info
<mailto:mailscanner at lists.mailscanner.info> >
Subject: Re: MailScanner: Suspected QP DOS

 

Thank you for the information, your permissions look good.

I think I see the problem.  There is step on the MIME parsing in this check
that assumes that the email contains a regular body.  This is not always
true.

I will prepare a patch.

On 11/25/20 11:21 AM, Chaminda Indrajith wrote:

Thanks Shawn, for the reply. 

This happened after the upgrade from 5.0.3 to the latest. OS is CentOS 7.
So, the directory permission remains unchanged. SELINUX is in permissive
mode. MailScanner runs as user postfix. By the way, Is there a way of
disabling QP DOC Checking? For your information, here it shows the
permissions of /var/spool/MailScanner

 

[root at dot ~]# cd /var/spool/MailScanner/

[root at dot MailScanner]# ls -la

total 4

drwxr-xr-x.  9 root    root      122 Nov 24 14:40 .

drwxr-xr-x. 17 root    root      215 Apr 11  2018 ..

drwxrwxr-x.  2 root    mtagroup    6 Nov  4 22:21 archive

drwxrwx---.  9 postfix mtagroup  220 Nov 25 21:41 incoming

drwxrwxr-x.  2 postfix mtagroup    6 Nov  4 22:21 milterin

drwxrwxr-x.  2 postfix mtagroup    6 Nov  4 22:21 milterout

drwxrwxr-x. 26 postfix apache   4096 Nov 25 00:00 quarantine

drwxrwx---.  5 postfix mtagroup  107 Nov 24 14:33 ramdisk_store

drwxrwsr-x.  2 postfix apache     58 Sep 30 08:15 spamassassin

 

[root at dot MailScanner]# cd incoming

[root at dot incoming]# ls -la

total 308

drwxrwx---. 9 postfix mtagroup    220 Nov 25 21:45 .

drwxr-xr-x. 9 root    root        122 Nov 24 14:40 ..

drwxrwx---. 2 postfix mtagroup     40 Nov 25 21:44 3063

drwxrwx---. 2 postfix mtagroup     40 Nov 25 21:44 3225

drwxrwx---. 2 postfix mtagroup     40 Nov 25 21:42 3325

drwxrwx---. 4 postfix mtagroup    160 Nov 25 21:45 3489

drwxrwx---. 2 postfix mtagroup     40 Nov 25 21:41 3526

drwxr-xr-x. 2 root    postfix     200 Nov 25 18:31 Locks

-rw-------. 1 postfix postfix    4096 Nov 25 21:45 Processing.db

-rw-------. 1 postfix postfix  310272 Nov 25 21:45 SpamAssassin.cache.db

drwxr-xr-x. 2 postfix root        100 Nov 25 21:45 SpamAssassin-Temp

 

[root at dot incoming]# cd ../quarantine/

[root at dot quarantine]# ls -la

total 8

drwxrwxr-x. 26 postfix apache 4096 Nov 25 00:00 .

drwxr-xr-x.  9 root    root    122 Nov 24 14:40 ..

drwxrwx---.  4 postfix apache   31 Nov  2 23:13 20201102

drwxrwx---. 12 postfix apache  215 Nov  3 15:05 20201103

drwxrwx---.  6 postfix apache   77 Nov  4 08:00 20201104

drwxrwx---. 10 postfix apache  169 Nov  5 20:31 20201105

drwxrwx---. 14 postfix apache  261 Nov  6 18:00 20201106

drwxrwx---.  5 postfix apache   54 Nov  7 01:27 20201107

drwxrwx---.  6 postfix apache   77 Nov  8 10:45 20201108

drwxrwx---.  8 postfix apache  123 Nov  9 15:37 20201109

 

[root at dot quarantine]# groups postfix

postfix : postfix mail mtagroup

[root at dot quarantine]# groups clamav

groups: clamav: no such user

[root at dot quarantine]# groups clamscan

clamscan : clamscan virusgroup mtagroup

 

 

Regards

Chaminda Indrajith

 

From: MailScanner
<mailto:mailscanner-bounces+indrajith=sltidc.lk at lists.mailscanner.info>
<mailscanner-bounces+indrajith=sltidc.lk at lists.mailscanner.info> On Behalf
Of Shawn Iverson via MailScanner
Sent: Wednesday, November 25, 2020 9:24 PM
To: mailscanner at lists.mailscanner.info
<mailto:mailscanner at lists.mailscanner.info> 
Cc: Shawn Iverson  <mailto:shawniverson at summitgrid.com>
<shawniverson at summitgrid.com>
Subject: Re: MailScanner: Suspected QP DOS

 

"could not read file" seems to indicate some form of permissions or access
control problem.  Have you double checked permissions on key folders such as
those within /var/spool/MailScanner?

 

On 11/25/20 3:11 AM, Chaminda Indrajith wrote:

Hi,

After upgraded to the latest MailScanner (5.3.4), some of the read receipts
are blocked by MailScanner.

It shows the below message in the MailWatch. Let me know how to allow these
read receipts.

 

MailScanner: Suspected QP DOS
checks failed
could not read file

 

Thanks

Chaminda Indrajith






 
 

-- 
  <http://mailserver.summitgrid.org/logo_text_sig.png> 
Shawn Iverson
shawniverson at summitgrid.com <mailto:shawniverson at summitgrid.com> 

-- 
  <http://mailserver.summitgrid.org/logo_text_sig.png> 
Shawn Iverson
shawniverson at summitgrid.com <mailto:shawniverson at summitgrid.com> 

-- 
  <http://mailserver.summitgrid.org/logo_text_sig.png> 
Shawn Iverson
shawniverson at summitgrid.com <mailto:shawniverson at summitgrid.com> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20201129/69128b68/attachment.html>


More information about the MailScanner mailing list