<html><head></head><body><p dir="ltr">Yes, it can.<br><br></p>
<p dir="ltr"><!-- tmjah_g_1299s -->Jerry Benton <br>
+1 844-436-6245 </p>
<p dir="ltr">Sent from <a href="http://www.bluemail.me/r">BlueMail</a><!-- tmjah_g_1299e --><br><br></p>
<div class="gmail_quote" >On Aug 24, 2016, at 10:15, Andy Southgate <<a href="mailto:andy@z00b.com" target="_blank">andy@z00b.com</a>> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="blue">Would getting that wrong cause *intermittant* permissions errors though?<br><br>The fact that 99% of the time everything works leads me to assume that the basic permission is correct, is that assumption wrong?<br><br>Part of the problem I'm having is my mail server is very low throughput, I can go weeks without any error coming up and then get 10 errors in a row, it makes it extremely difficult to iterate changes.<br><br>-----Original Message-----<br>From: MailScanner [mailto:mailscanner-bounces+andy=<a href="http://z00b.com">z00b.com</a>@lists.mailscanner.info] On Behalf Of Jerry Benton<br>Sent: 24 August 2016 15:01<br>To: MailScanner Discussion<br>Subject: RE: Denial of Service attack Messages Constantly<br><br>Ok, as far as permissions go … I addressed this issue in v5. The installer creates a group called mtagroup. You MTA, virus scanners, etc should be added to this group automatically. However, you should confirm those accounts are members of that group. IF
you add extra virus scanners, add those system users to the mtagroup.<br><br>Next, the “Run As User” is dependent on what MTA and virus scanners you are using, but this is not as important as the next item.<br><br><br>What is very important is that the “Run As Group” should be mtagroup and the permissions should be 0660 in your config. By default this is what ships with v5. If you changed it or used your old config, well … that is on you. By using mtagroup and 0660 nothing will have any permissions issues.<br><br>If you need a reference to the defaults, it is here:<br><br><br><a href="https://github.com/MailScanner/v5/blob/master/common/etc/MailScanner/MailScanner.conf">https://github.com/MailScanner/v5/blob/master/common/etc/MailScanner/MailScanner.conf</a><br><br><br><br><br>-<br>Jerry Benton<br><a href="http://www.mailborder.com">www.mailborder.com</a><br>+1 - 844-436-6245<br><br><br>-----Original Message-----<br>From: Andy Southgate <andy@z00b.com><br>Reply:
MailScanner Discussion <mailscanner@lists.mailscanner.info><br>Date: August 24, 2016 at 9:36:01 AM<br>To: MailScanner Discussion <mailscanner@lists.mailscanner.info><br>Subject: RE: Denial of Service attack Messages Constantly<br><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"> can confirm, added that, restarted MailScanner service and still get <br> errors<br><br> -----Original Message-----<br> From: MailScanner <br> [mailto:mailscanner-bounces+andy=<a href="http://z00b.com">z00b.com</a>@lists.mailscanner.info]<br> On Behalf Of Azir Güleroglu<br> Sent: 23 August 2016 12:07<br> To: MailScanner Discussion<br> Subject: RE: Denial of Service attack Messages Constantly<br><br> I added this block to limits.conf but still our customers get same errors.<br><br> Azir Guleroglu<br><br><br> -----Original Message-----<br> From: MailScanner <br> [mailto:mailscanner-bounces+azir.guleroglu=<a
href="http://turknet.net.tr">turknet.net.tr</a>@lists.mailsc<br> <a href="http://anner.info">anner.info</a>]<br> On Behalf Of Jerry Benton<br> Sent: Monday, August 22, 2016 7:51 PM<br> To: MailScanner Discussion<br> Subject: Re: Denial of Service attack Messages Constantly<br><br> When I see this happen it is usually related to <br> /etc/security/limits.conf<br><br> The old MailScanner code tried to silently increase the limits. This <br> feature has been removed. Add this to /etc/security/limits.conf to try and resolve the issue:<br><br><br> * hard nofile 65535<br> * soft nofile 65535<br> root hard nofile 65535<br> root soft nofile 65535<br><br><br><br><br> -<br> Jerry Benton<br> <a href="http://www.mailborder.com">www.mailborder.com</a><br> +1 - 844-436-6245<br><br><br> -----Original Message-----<br> From: Steven Jardine<br> Reply: MailScanner Discussion<br> Date: August 22, 2016 at 10:29:54 AM<br> To: MailScanner Discussion<br> Subject: Re: Denial of Service attack Messages
Constantly<br><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ad7fa8; padding-left: 1ex;"> I can confirm this behavior....the error code that I was getting was<br> 13 which is a permission denied error. Unfortunately, it was <br> happening too often on legitimate mail that I had to turn off the feature.<br><br> I would really like to determine the cause....<br><br> On 08/22/2016 08:15 AM, Andy Southgate wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #8ae234; padding-left: 1ex;"><br> It still happens for me, AFAIK all that was worked out was that <br> for some reason there is an intermittant permission problem that <br> occasionally causes the spawned child process to fail to run <br> causing that error on the message, but there was never any insight <br> as to why that should be.<br><br> *From:*MailScanner<br> [mailto:mailscanner-bounces+andy=<a
href="http://z00b.com">z00b.com</a>@lists.mailscanner.info]<br> *On Behalf Of *Aaron Pursell<br> *Sent:* 22 August 2016 15:01<br> *To:* mailscanner@lists.mailscanner.info<br> *Subject:* Re: Denial of Service attack Messages Constantly<br><br> I read pretty much every message and tried everything, most of <br> those messages are years old and it appears it was fixed and now <br> in the new version is the first time I'm experiencing them in <br> many, many years, the fixes worked originally back in a way older versiona.<br> Nothing really changed except the fact there's this new version, <br> too bad it only happens to legitimate messages and not spam.... So who knows.<br> I'll continue to look, the log really never says anything specific.<br> I<br><br> ---<br><br><br><br> Regards,<br><br> Aaron<br><br><br> Message: 1<br> Date: Fri, 19 Aug 2016 08:26:31 -0600<br> From: Steven Jardine > > ><br> To: MailScanner Discussion > > ><br> Subject: Re: Denial of Service attack
Messages Constantly<br> Message-ID: <9dbfad5c-651a-3a7f-e9c8-2c623adf51c1@mjnservices.com<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #fcaf3e; padding-left: 1ex;"><br></blockquote> Content-Type: text/plain; charset=windows-1252; format=flowed<br><br> I still haven't found a good solution to this even after trying <br> all of the suggestions posted on the previous threads. If turn off <br> "Dangerous Content Scanning" the error goes away but you lose that functionality.<br><br> I have had to disable it until a solution can be found. Its not ideal.<br><br> Good luck!<br> Steve<br><br> On 08/18/2016 04:43 PM, Mark Sapiro wrote:<br><br> On 08/18/2016 08:49 AM, Aaron Pursell wrote:<br><br><br> The problem is, my users and I keep getting messages like this:<br><br> "<br><br> MailScanner was attacked by a Denial Of Service attack, and has <br> therefore deleted this part of the message. Please contact your <br> e-mail providers for more
information if you need it, giving them <br> the whole of this report. Attack in:<br> /var/spool/MailScanner/incoming/12835/78C9F481B0DA.ACDF4/nmsg-12835-2.html"<br><br><br> The path doesn't exist when you look and the message never gets <br> delivered. What can I turn off or adjust to make sure this doesn't <br> happen?<br><br><br> What's in the Mail log associated with this?<br><br> There's a long thread on this with Subject: Denial Of Service <br> Attack Messages in the archives of this list at<br><br> and<br><br> which may be helpful.<br><br><br><br><br> IMPORTANT: This email does not constitute a contract or an offer <br> or acceptance of an offer to enter into a contract. Further, this <br> email may not be used to modify, supplement, novate, or waive any <br> rights with respect to an existing contract or other binding <br> commercial terms. MJN Services, Inc. conducts business under our <br> service terms and conditions found at <a
href="http://www.mjnservices.com">www.mjnservices.com</a> unless <br> otherwise agreed to in writing by an officer of MJN Services, Inc.<br><br><br><br><hr><br><br> Message: 2<br> Date: Fri, 19 Aug 2016 09:30:29 -0500<br> From: Jerry Benton > > ><br> To: MailScanner Discussion > > ><br> Subject: Re: Denial of Service attack Messages Constantly<br> Message-ID:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #fcaf3e; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #e9b96e; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ccc; padding-left: 1ex;"><br></blockquote></blockquote></blockquote> Content-Type: text/plain; charset=UTF-8<br><br> Steve,<br><br> Can you zip the raw source of a message (the file) that triggers <br> this and email it directly to me?<br><br><br> -<br> Jerry Benton<br> <a
href="http://www.mailborder.com">www.mailborder.com</a><br> +1 - 844-436-6245<br><br><br> -----Original Message-----<br> From:?Steven Jardine > > ><br> Reply:?MailScanner Discussion > > > Date:?August 19, 2016 at <br> 10:27:05 AM To:?MailScanner Discussion > ><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #fcaf3e; padding-left: 1ex;"> Subject:? Re: Denial of Service attack Messages Constantly<br></blockquote><br> I still haven't found a good solution to this even after trying <br> all of the suggestions posted on the previous threads. If turn off <br> "Dangerous Content Scanning" the error goes away but you lose that functionality.<br><br> I have had to disable it until a solution can be found. Its not ideal.<br><br> Good luck!<br> Steve<br><br> On 08/18/2016 04:43 PM, Mark Sapiro wrote:<br><br> On 08/18/2016 08:49 AM, Aaron Pursell wrote:<br><br><br> The problem is, my users and I keep getting messages like
this:<br><br> "<br><br> MailScanner was attacked by a Denial Of Service attack, and has <br> therefore deleted this part of the message. Please contact your <br> e-mail providers for more information if you need it, giving them <br> the whole of this report. Attack in:<br> /var/spool/MailScanner/incoming/12835/78C9F481B0DA.ACDF4/nmsg-12835-2.html"<br><br><br> The path doesn't exist when you look and the message never gets <br> delivered. What can I turn off or adjust to make sure this doesn't <br> happen?<br><br><br> What's in the Mail log associated with this?<br><br> There's a long thread on this with Subject: Denial Of Service <br> Attack Messages in the archives of this list at<br><br> and<br><br> which may be helpful.<br><br><br><br><br> IMPORTANT: This email does not constitute a contract or an offer <br> or acceptance of an offer to enter into a contract. Further, this <br> email may not be used to modify, supplement, novate, or waive any <br> rights with respect to an
existing contract or other binding <br> commercial terms. MJN Services, Inc. conducts business under our <br> service terms and conditions found at <a href="http://www.mjnservices.com">www.mjnservices.com</a> unless <br> otherwise agreed to in writing by an officer of MJN Services, Inc.<br><br><br><br> --<br> MailScanner mailing list<br> mailscanner@lists.mailscanner.info<br><br> <a href="http://lists.mailscanner.info/listinfo/mailscanner">http://lists.mailscanner.info/listinfo/mailscanner</a><br><br><br><br><hr><br><br> Subject: Digest Footer<br><br><br><br> --<br> MailScanner mailing list<br> mailscanner@lists.mailscanner.info<br><br> <a href="http://lists.mailscanner.info/listinfo/mailscanner">http://lists.mailscanner.info/listinfo/mailscanner</a><br><br><br><hr><br><br> End of MailScanner Digest, Vol 128, Issue 16<br> ********************************************<br><br><br> --<br> This message has been scanned for viruses and dangerous content by<br> *MailScanner* , and is
believed to be clean.</blockquote><br><br><br><br><br><br><br> IMPORTANT: This email does not constitute a contract or an offer or <br> acceptance of an offer to enter into a contract. Further, this email <br> may not be used to modify, supplement, novate, or waive any rights <br> with respect to an existing contract or other binding commercial <br> terms. MJN Services, Inc. conducts business under our service terms <br> and conditions found at <a href="http://www.mjnservices.com">www.mjnservices.com</a> unless otherwise agreed <br> to in writing<br></blockquote> by an officer of MJN Services, Inc.<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ad7fa8; padding-left: 1ex;"><br><br><br> --<br> MailScanner mailing list<br> mailscanner@lists.mailscanner.info<br> <a href="http://lists.mailscanner.info/listinfo/mailscanner">http://lists.mailscanner.info/listinfo/mailscanner</a></blockquote><br><br><br><br> --<br> MailScanner mailing list<br>
mailscanner@lists.mailscanner.info<br> <a href="http://lists.mailscanner.info/listinfo/mailscanner">http://lists.mailscanner.info/listinfo/mailscanner</a><br><br><br><hr><br><br> Bu elektronik posta ve onunla iletilen bütün dosyalar sadece <br> göndericisi tarafından alması amaçlanan yetkili gerçek ya da tüzel <br> kişinin kullanımı içindir. Eğer söz konusu yetkili alıcı değilseniz bu <br> elektronik postanın içeriğini açıklamanız, kopyalamanız, <br> yönlendirmeniz ve kullanmanız kesinlikle yasaktır ve bu elektronik <br> postayı derhal silmeniz gerekmektedir. TurkNet bu mesajın içerdiği <br> bilgilerin doğruluğu veya eksiksiz olduğu konusunda herhangi bir <br> garanti vermemektedir. Bu nedenle bu bilgilerin ne şekilde olursa <br> olsun içeriğinden, iletilmesinden, alınmasından ve saklanmasından sorumlu değildir. Bu mesajdaki görüşler yalnızca gönderen kişiye aittir ve TurkNet'in görüşlerini yansıtmayabilir. Bu e-posta bilinen
bütün bilgisayar virüslerine karşı taranmıştır.<br><hr><br> This e-mail and any files transmitted with it are confidential and <br> intended solely for the use of the individual or entity to whom they <br> are addressed. If you are not the intended recipient you are hereby <br> notified that any dissemination, forwarding, copying or use of any of <br> the information is strictly prohibited, and the e-mail should <br> immediately be deleted. TurkNet makes no warranty as to the accuracy <br> or completeness of any information contained in this message and <br> hereby excludes any liability of any kind for the information <br> contained therein or for the information transmission, reception, <br> storage or use of such in any way whatsoever. The opinions expressed in this message belong to sender alone and may not necessarily reflect the opinions of TurkNet. This e-mail has been scanned for all known computer viruses.<br><br><br> --<br> MailScanner mailing list<br>
mailscanner@lists.mailscanner.info<br> <a href="http://lists.mailscanner.info/listinfo/mailscanner">http://lists.mailscanner.info/listinfo/mailscanner</a><br><br><br><br><br> --<br> MailScanner mailing list<br> mailscanner@lists.mailscanner.info<br> <a href="http://lists.mailscanner.info/listinfo/mailscanner">http://lists.mailscanner.info/listinfo/mailscanner</a></blockquote><br><br><br><br>--<br>MailScanner mailing list<br>mailscanner@lists.mailscanner.info<br><a href="http://lists.mailscanner.info/listinfo/mailscanner">http://lists.mailscanner.info/listinfo/mailscanner</a><br><br><br><br></pre></blockquote></div></body></html>