Denial of Service messages from MailScanner
Posted: 22 Jul 2015 18:34
We recently had an issue where a bunch of our users got emails that said something like:
The mail system was attacked by a Denial Of Service attack, and has therefore \ deleted this part of the message. Please contact your e-mail providers \ for more information if you need it, giving them the whole of this report. Attack in: /var/spool/MailScanner/incoming/20408/B6DB6605DB.A6375/nmsg-20408-13594.html
When we went to the folder to investigate the issue... the path did not exist. Does anybody know:
a. why this happened (I don't think we actually had a DOS attack)
b. if I can change the behavior so it does not actually send this email in this instance and instead either drops the mail completely or sends it to an alternate mailbox.
Sending this sort of message to an end user that has no recourse is bad enough but when I try to hunt down the non-existent files and ultimately need to tell them the mail is lost... that is way worse.
Any help would be greatly appreciated.
Thanks,
Drew
The mail system was attacked by a Denial Of Service attack, and has therefore \ deleted this part of the message. Please contact your e-mail providers \ for more information if you need it, giving them the whole of this report. Attack in: /var/spool/MailScanner/incoming/20408/B6DB6605DB.A6375/nmsg-20408-13594.html
When we went to the folder to investigate the issue... the path did not exist. Does anybody know:
a. why this happened (I don't think we actually had a DOS attack)
b. if I can change the behavior so it does not actually send this email in this instance and instead either drops the mail completely or sends it to an alternate mailbox.
Sending this sort of message to an end user that has no recourse is bad enough but when I try to hunt down the non-existent files and ultimately need to tell them the mail is lost... that is way worse.
Any help would be greatly appreciated.
Thanks,
Drew