I appear to be seeing this or at least something v similar today - dodgy clam sig?
I see various genuine messages being flagged by efa as "Virus (Denial of Service attack in message! )"
Not sure how to fix
Search found 24 matches
- 12 Jan 2023 11:26
- Forum: 4.x Bugs
- Topic: Virus Scanning: Denial Of Service attack detected!
- Replies: 40
- Views: 44424
- 17 Feb 2022 14:12
- Forum: How-to
- Topic: Rate-limiting relays
- Replies: 2
- Views: 2291
Re: Rate-limiting relays
Thanks for the reply Shawn
I'm not mad keen on putting another level of software on my box as a complication.
I'm tempted to play with the post-fix rate-limiting settings, I dont think there are many well-behaved senders who would be pissed off.
Will have a dig, though. Thanks
I'm not mad keen on putting another level of software on my box as a complication.
I'm tempted to play with the post-fix rate-limiting settings, I dont think there are many well-behaved senders who would be pissed off.
Will have a dig, though. Thanks
- 15 Feb 2022 13:40
- Forum: Discussion
- Topic: Problem with DBF attachment
- Replies: 3
- Views: 2611
Re: Problem with DBF attachment
This is a filetype rule that is firing... /etc/MailScanner/filetype.rules.conf deny executable No executables No programs allowed Hi Shawn I'm seeing lots of instances where mailscanner sees .dat files and blocks them as executable - I could do with excluding dat extension as executable same as thi...
- 14 Feb 2022 09:49
- Forum: How-to
- Topic: Rate-limiting relays
- Replies: 2
- Views: 2291
Rate-limiting relays
Hi Have searched forum, apologies if I've missed this... We have a bit of an issue where our SU is contacting >7k recipients here using an external company who send via sendgrid (urgh). They dump >7k messages in the inbound milter queue in a short space of time, leading to delays for other mail. I'v...
- 26 Nov 2021 11:36
- Forum: 4.x Bugs
- Topic: Detected and have disarmed denialofservice tags in HTML message
- Replies: 16
- Views: 10830
Re: Detected and have disarmed denialofservice tags in HTML message
Thanks v much shawn I will update next week.
- 25 Nov 2021 09:28
- Forum: 4.x Bugs
- Topic: Detected and have disarmed denialofservice tags in HTML message
- Replies: 16
- Views: 10830
Re: Detected and have disarmed denialofservice tags in HTML message
Possible workaround for this crude detection of DOS: /etc/MailScanner/MailScanner.conf Ignore Denial Of Service = yes This doesn't solve the problem but it does keep messages from getting quarantined. As for getting to the root cause, can anyone determine if any thing else stands out in any logs. S...
- 13 Oct 2021 13:34
- Forum: Discussion
- Topic: Error on fresh install
- Replies: 11
- Views: 27131
Re: Error on fresh install
Hi No, I never got to the bottom of what was wrong with my first attempt. I think I'd broken it somehow by trying to be clever. I had done all sorts like install webmin before installing efa - in the end I scrapped it, went for a minimum install, let it get to anywhere on any port in my edge firewal...
- 17 Jun 2021 15:50
- Forum: 4.x Bugs
- Topic: opendmarc.service failed - kills mailscanner?
- Replies: 60
- Views: 525052
Re: opendmarc.service failed - kills mailscanner?
Hi Shawn will this fix for opendmarc make it into the repo for yum to get hold of? Not sure I have it in me to compile a patch etc unless there are noddy instructions.
- 17 Jun 2021 10:55
- Forum: 4.x Bugs
- Topic: opendmarc.service failed - kills mailscanner?
- Replies: 60
- Views: 525052
Re: opendmarc.service failed - kills mailscanner?
bizzare, my opendmarc was crashing all over the weekend and always restarted itself.
There is another way to do it in opendamrc.conf, where you can configure restart auto restart behaviour, max attempts, rates, etc.
There is another way to do it in opendamrc.conf, where you can configure restart auto restart behaviour, max attempts, rates, etc.
- 17 Jun 2021 08:58
- Forum: 4.x Bugs
- Topic: opendmarc.service failed - kills mailscanner?
- Replies: 60
- Views: 525052
Re: opendmarc.service failed - kills mailscanner?
I did this, YMMV
then paste in:
Code: Select all
systemctl edit opendmarc
Code: Select all
[Service] Restart=always
- 17 Jun 2021 08:29
- Forum: 4.x Bugs
- Topic: opendmarc.service failed - kills mailscanner?
- Replies: 60
- Views: 525052
Re: opendmarc.service failed - kills mailscanner?
Nothing hit the repos as far as I know.
There are a couple of workarounds in the previous posts ^
Set opendmarc to auo-restart either in its own conf file or with systemctl
work out what IP Address[es] cause the crash and block them with firewall.
There are a couple of workarounds in the previous posts ^
Set opendmarc to auo-restart either in its own conf file or with systemctl
work out what IP Address[es] cause the crash and block them with firewall.
- 15 Jun 2021 05:24
- Forum: 4.x Bugs
- Topic: opendmarc.service failed - kills mailscanner?
- Replies: 60
- Views: 525052
Re: opendmarc.service failed - kills mailscanner?
I attempted to build an updated RPM with the new patch but I must not have all my dependencies sorted as I'm seeing a LOT of errors during the build. Has anyone had success with the patch? https://patch-diff.githubusercontent.com/raw/trusteddomainproject/OpenDMARC/pull/178.patch Sorry this sort of ...
- 14 Jun 2021 10:33
- Forum: 4.x Bugs
- Topic: opendmarc.service failed - kills mailscanner?
- Replies: 60
- Views: 525052
Re: opendmarc.service failed - kills mailscanner?
After trawling through logs from over the weekend, about a hundred instances of opendmarc failing, apart from the first couple, they all seem to immediately follow a connect from 1 ip, cortew3.mexicanafinanciero.com.mx[213.156.145.39], followed by an error in maillog can't read SMFIC_BODYEOB reply p...
- 12 Jun 2021 15:17
- Forum: 4.x Bugs
- Topic: opendmarc.service failed - kills mailscanner?
- Replies: 60
- Views: 525052
Re: opendmarc.service failed - kills mailscanner?
My Monday morning job (or tomorrow if I can’t sleep!) will be to check through the maillog to see if it’s a certain connection or action immediately before it dies.
- 12 Jun 2021 12:54
- Forum: 4.x Bugs
- Topic: opendmarc.service failed - kills mailscanner?
- Replies: 60
- Views: 525052
Re: opendmarc.service failed - kills mailscanner?
I appear to be automatically yumming updates on (gulp) and it’s installed what I suspect you got. Seems to be working but I haven’t checked /log/messages to see if opendmarc is dying.
- 11 Jun 2021 16:46
- Forum: 4.x Bugs
- Topic: opendmarc.service failed - kills mailscanner?
- Replies: 60
- Views: 525052
Re: opendmarc.service failed - kills mailscanner?
I have used systemctl to auto recover it
systemctl edit opendmarc then paste in:
[Service] Restart=always
systemctl edit opendmarc then paste in:
[Service] Restart=always
- 10 Jun 2021 20:30
- Forum: 4.x Bugs
- Topic: opendmarc.service failed - kills mailscanner?
- Replies: 60
- Views: 525052
Re: opendmarc.service failed - kills mailscanner?
Same - that’s my fix. It just feels strange that the only thing to have changed is that opendmarc has recently updated. Maybe now only a specific circumstance has found a bug. Like fastly
- 10 Jun 2021 18:13
- Forum: 4.x Bugs
- Topic: opendmarc.service failed - kills mailscanner?
- Replies: 60
- Views: 525052
Re: opendmarc.service failed - kills mailscanner?
I don’t *think* I have dns recursion enabled, as when I did I couldn’t lookup my relays/smarthost and I wasn’t clever enough to fix it.
Fingers crossed it’s been stable since 7.30 this morning, it initially died half 11 last night , then I fixed it at 5.15 and a couple of times afterwards.
Fingers crossed it’s been stable since 7.30 this morning, it initially died half 11 last night , then I fixed it at 5.15 and a couple of times afterwards.
- 10 Jun 2021 06:40
- Forum: 4.x Bugs
- Topic: opendmarc.service failed - kills mailscanner?
- Replies: 60
- Views: 525052
opendmarc.service failed - kills mailscanner?
Hi Overnight and a few times this morning my efa box has died - maillog shows 4.7.1 please try later to all connection attempts. This is logged in /var/log/messages Jun 9 23:37:51 Hyena kernel: opendmarc[23006]: segfault at 0 ip 00007f19a91b34a5 sp 00007f19a6c1c1a8 error 4 in libc-2.17.so[7f19a90720...
- 14 May 2021 14:51
- Forum: Discussion
- Topic: Error on fresh install
- Replies: 11
- Views: 27131
Re: Error on fresh install
I must've done something stupid to my server, I rebuilt it , minimal install, allowed it to talk out to anywhere on any port and it works. My bad.
- 13 May 2021 15:17
- Forum: Discussion
- Topic: Error on fresh install
- Replies: 11
- Views: 27131
Re: Error on fresh install
Are you blocking DNS, by chance? Confirmed not blocking DNS - have allowed $server to be able to talk to the outside to world to everywhere on everything. Checked FW logs and it's talking DNS so it's not that Yesterday I seemed to get further but today I am stuck at the Razor error again [eFa] - Co...
- 11 May 2021 09:06
- Forum: Discussion
- Topic: Error on fresh install
- Replies: 11
- Views: 27131
- 07 May 2021 13:45
- Forum: Discussion
- Topic: Error on fresh install
- Replies: 11
- Views: 27131
Re: Error on fresh install
Further info - I reverted my snap to the server-built stage. ran sudo systemctl enable NetworkManager install eFa "sudo su" "curl -sSL https://install.efa-project.org | bash" reboot login as root, run the configure. same error nextserver: Bootstrap discovery failed. Giving up nex...
- 07 May 2021 13:10
- Forum: Discussion
- Topic: Error on fresh install
- Replies: 11
- Views: 27131
Re: Error on fresh install
Hi With apologies for replying to a thread from a few months ago, but I've just hit this same issue. Attempted the workaround with the command "sudo systemctl enable NetworkManager" then reboot and login as root to start the config off again, but it still fails. Am I doing something wrong?...