RE: [Declude.JunkMail] Declude Woes

[Michael Jaworski]

Title: Message

I can second the need for a gateway defense when under attack. We run a Windows shop and were being crushed under multiple dictionary attacks for two domains on a daily basis. I took the daunting task to build our first Linux box running Postfix.  The first box was a tough start though I had a employee who had Linux experience. We are running Postfix on OpenBSD 3.6 with MySql for dynamic update ability. (I am still working on grabbing additions, updates and deletions from SmarterMail admins so we can throw all our domains in Postfix and update in realtime) After a few weeks we added a second box in the event the first box went down. The second box was a breeze since it was basically a duplication. Both mx records now point at the two boxes. The hardware was old 500Mhz and 1ghz cpu with 512mbs of ram each. The 1ghz is primary and takes 75% of the load without much effort with plenty of free memory. The whole setup allows the main server running SmarterMail/Declude Pro/Sniffer/F-Prot to respond quickly to POP, web mail and smtp traffic requests.   The Linus approach only should cost you some time and old equipment as the software is free. Our experience over the last two years showed it was worth climbing the short Linux learning cliff. And it is true ... they run forever   One important note not related to using a gateway: We never bounce spam e-mail back to the "sender". The backscatter traffic can kill you and skew your reports.   Michael Jaworski Puget Sound Network, Inc. (206) 217-0400 (800) 599-9485 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Will Sent: Friday, July 29, 2005 9:38 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Declude Woes Well, I’m back at it today.   Yesterday I disabled Declude early in the day and started working mail back into the spool directory from the overflow directory.  This was a long process, but by the end of the day I had gone from a backlog of 150,000 files in the spool and 134,000 in the overflow directory to about 1500 (that includes logs).  During this time I needed to stop and restart the queue manger a number of time.  I did this to allow me to delete all the .gse files, which I figured would save me time discarding them.  However, by the time I got down to 1500 files and started to watch the spool it started to increase in size again; climbing to 4000 within a matter of minutes.  I stopped and restarted the queuemanager and these files were then processed.  I verified they were actually getting processed by sending test messages to myself.  At this point I was pretty upset and confused.  I looked through the sys logs and found nothing out of the ordinary, queuemanger would simply stop.  I set all the queuemanager setting back to default and tried again without luck.  I had to stop and restart it every few minutes to get it to process a few thousand messages.  Finally, I purchased an Imail service agreement and upgraded to 8.21.  Magically, it worked.  The queumanger started to deliver messages as soon as they arrived.  My thought immediately went into conspiracy mode.  It seems like this has happened before where we had a perfectly workable solution and something completely confusing happened and an upgrade magically fixes it!   Anyway… I re-enabled declude and let it run overnight.  Now I have a backlog again.  There are mostly D*.SMD files in the spool right now with all their delivery Q* files in the overflow directory (*shakes fist at overflow directory*).  Time to start the process again today.  I’m disabling declude to get those messages out and one thing to note, after I have stopped the smtp server and added smtpd.exe backing into the delivery application, I still have about 20+ declude.exe processes.  I have stopped and started it again as well as the queuemanager and they are still there.  In fact they are creating more declude.exe processes as I watch.  I’m trying to kill them, but they just keep coming back… having to restart so I can start processing mail.   We are an ISP and here are some random examples of some of our Imail daily reports to give you an idea of what kind of traffic we see: