Re: [Declude.JunkMail] multistage filtering [OT]
Try IMgate ( postfix like MTA ). Len's page is a good 'starting point' Andres.- -- Ing. Andrs E. Gallo Cotel Ltda. ((02255)-46-1600 2 (02255)-46-0014 + aga...@cotel.com.ar B7165 - Villa Gesell Bs. As. - Argentina http://www.gesell.com.ar -- Bonno Bloksma escribi: Hi, With the amount of spam I have to throw away each day no reaching consistant levels of over 90%... I can of course get an even faster mailserver but I think I would be better of with an extra smtp server in front of my mailserver which filters the most blatant spam mail purly based on session info. What passes that server can go on to my IMail server and have more contect based filtering using Declude, Sniffer, InvURIBL etc. What would be a good first step server? I have experience with (Debian) Linux so a Linux based solution is no problem. Met vriendelijke groet, Bonno Bloksma senior systeembeheerder tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 b.blok...@tio.nl / www.tio.nl --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to imail...@declude.com, andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
Re: [Declude.JunkMail] multistage filtering [OT]
And, besides, Postfix is FREE. I'm running 2.6 version, with Amavisd-new, SpamAssassin, Postgrey, together with BindDNS, and SQUID on a cheap machine -P4, 2 Gb RAM, 80 Gb HDD- under FreeBSD. In fact, 2 of them sharing loads. Just my 2 cents. Andres.- Pete McNeil escribió: Bonno Bloksma wrote: Hi, With the amount of spam I have to throw away each day no reaching consistant levels of over 90%... I can of course get an even faster mailserver but I think I would be better of with an extra smtp server in front of my mailserver which filters the most blatant spam mail purly based on session info. What passes that server can go on to my IMail server and have more contect based filtering using Declude, Sniffer, InvURIBL etc. What would be a good first step server? I have experience with (Debian) Linux so a Linux based solution is no problem. A couple of things pop into my mind: eWall can live on your mail server and kill off most connections while being trained by SNF. (for example, block IP connections for an hour after an SNF hit). Postfix on a linux box makes a good front-end and can also run SNFMilter in real-time during SMTP. _M --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Not to write headers with tests
Hi list I'm running Declude 4.3.46, with some domains being scanned by spam and viruses, and some others not. The $default$.junkmail file, on top of the Declude Folder, is with LOG in all actions. Only the scanned users, into the domains have user.junkmail with SUBJECT Action. Or for the entire domain, the $default$.junkmail with the SUBJECT Action. But the mails to the domains not to be scanned have in the header the Declude tests. There's no folder for such domains, so nothing to apply. Just the $Default$. Is there a way to avoid it? Because such users, by applying Header Rules, can 'abuse' of the Declude AntiSpam without any payment for the service, and beyond that, we are scanning ALL mails, instead of those that pay for the servi --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Not to write headers with tests
My polities to be rudefat fingers hitted SEND before the pay for the service. Thanks in advance Andres -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Ing. Andrés E. Gallo Enviado el: Viernes, 03 de Agosto de 2007 16:27 Para: declude.junkmail@declude.com Asunto: [Declude.JunkMail] Not to write headers with tests Hi list I'm running Declude 4.3.46, with some domains being scanned by spam and viruses, and some others not. The $default$.junkmail file, on top of the Declude Folder, is with LOG in all actions. Only the scanned users, into the domains have user.junkmail with SUBJECT Action. Or for the entire domain, the $default$.junkmail with the SUBJECT Action. But the mails to the domains not to be scanned have in the header the Declude tests. There's no folder for such domains, so nothing to apply. Just the $Default$. Is there a way to avoid it? Because such users, by applying Header Rules, can 'abuse' of the Declude AntiSpam without any payment for the service, and beyond that, we are scanning ALL mails, instead of those that pay for the servi --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] why not adding to X-Declude-Scan?
Hi David, I have: From global.cfg: --- HIDETESTSCATCHALLMAILS NOLEGITCONTENT IPNOTINMX CATCHALLMAILS CATCHALLMAILS X X 0 0 NOLEGITCONTENT NOLEGITCONTENT x x 0 -5 IPNOTINMX IPNOTINMX x x 0 -3 . . This is almost at the end, but shouldn't be hidden: FROMNOMATCH FROMNOMATCH x x 2 -1 And for my test: ASUNTO filter D:\IMail\Declude\Filtros\FiltroAsunto.txt x 3 0 Within the filter: SUBJECT 3 CONTAINSYou've received a And the '6' it's exactly the score missed in the addition: ASUNTO. ( 3 + 3 ). If hidden, like NOLEGITCONTENT, should subtract '5', not '6'. Should I stop/start declude after modifying the filters ? TIA Andres. -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de David Barker Enviado el: Jueves, 19 de Julio de 2007 12:41 Para: declude.junkmail@declude.com Asunto: RE: [Declude.JunkMail] why not adding to X-Declude-Scan? Check your tests in the global for negative weights which bring the value down, the negative weights are defined in the last column of your tests. Most common are IPNOTINMX or NOLEGITCONTENT or FROMNOMATCH which are hidden from the headers. The last column either adds or subtracts weight if the test is NOT triggered eg. NOLEGITCONTENTNOLEGITCONTENT x x 0 -5 David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ing. Andrés E. Gallo Sent: Thursday, July 19, 2007 11:36 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] why not adding to X-Declude-Scan? Hello everyone, I observed that one of my filters, 'Asunto' hit a '6' but, in the total score, it's not added to it, so WEIGHT14 in my case, it's not triggered. What could be wrong? -snip X-Declude-Note: E-mail scaneado con Declude JunkMail por SPAM - Scanned by Declude 4.3.46 http://www.declude.com/x-note.htm; X-Declude-Scan: Puntuacion: [12] a las 12:12:02 el 19 Jul 2007 X-Declude-Tests: ZEN [7], ROUTING [2], SUBCHARS-50 [1], FILTER-COUNTRY [2], ASUNTO [6] X-Country-Chain: [Multicast]-FRANCE-ARGENTINA-destination X-Declude-Code: 210f - Regards Andres.- --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Per user config and performance
Sorry for re-posting but from Thursday to Monday, no messages of the list. If any, please re-answer. Thanks Andres.- /***/ Hi List I wonder if some have experience by configuring the per user and per domain settings. I mean, having 5000 users per domain, each user by domain will choose if Declude Antispam or not. So, should be a file ( for all users same configuration, _not_ customized for each one ) like user.junkmail, user1.junkmail, user6.junkmail and so on under each domain dir. How this will impact performance ? Is there a limit there ? Any experience ? or any easy way to do it ? Regards Andres-. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Per user config and performance
Hi List I wonder if some have experience by configuring the per user and per domain settings. I mean, having 5000 users per domain, each user by domain will choose if Declude Antispam or not. So, should be a file ( for all users same configuration, _not_ customized for each one ) like user.junkmail, user1.junkmail, user6.junkmail and so on under each domain dir. How this will impact performance ? Is there a limit there ? Any experience ? or any easy way to do it ? Regards Andres-. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Script for removing spam from folder....
It's into Imail's folder. Use the 'immsgexp' like this: immsgexp -tD:\imail\domain\users -mspam.mbx -d10 Will delete from 'D:\imail\domain\user' directory, all 'spam' mailboxes with 10 or more days in it. Andres.- -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Chuck Schick Enviado el: Miércoles, 25 de Abril de 2007 11:52 Para: declude.junkmail@declude.com Asunto: [Declude.JunkMail] Script for removing spam from folder I want to start routing mail tagged as spam to the spam folder in the users mail box. I want to have a script that would run dailty that would remove all spam from that folder that is older than 30 days. Has anyone developed anything like this? Any ideas on where to start? Thanks. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Per user config
Hi there, I wonder if someone faced with this situation, and the best way to solve it: My manager wants to set up Junkmail by 'opt in'. I mean, If you want, you pay for it, you got your own 'user.junkmail' config file added to the apropiate domain subfolder under IMAIL\declude\ directory. To make easier the user.junkmail configuration file, we agreed to use just 3 options: Delete Junkmail, SPAM Subfolder, and Subject modification. But with more than 4000 users, will be difficult to manage. Is there any web solution to add into the webmail so each user can choose with kind of protection he/she wants, and then, make a copy of the selected '.junkmail' file ( Delete/Subfolder/Subject ) to it's own user folder? This way should be 'user-administrable', no ISP-administrable. And also, being the .junkmail file, in someway 'dinamic', with new rules, filters, etc. Is there any kind of 'automatic replace' solution of the old ones with the new ones? Maybe some script, batch or something that does the replacement -adding filters, modifying weights, and so on- ? Best regards Andres-. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: DNS attacks
HI List! I am having several issues now with MS-DNS. The cache seems to be compromised by poissoning - although all MS practices were done to prevent it, even the latest post-SP4 hotfix- and within hours the major '.ar' domains are being redirected ALWAYS to freeservers. Any clue ? Regards Andres Dave Doherty escribi: MS-DNS does not allow this afaik -d - Original Message - From: Nick Hayer To: Declude.JunkMail@declude.com Sent: Friday, August 19, 2005 10:20 AM Subject: Re: [Declude.JunkMail] OT: DNS attacks Morning Dave, That would deny his internal users the ability to resolve external domains. Well you *may* have me on this one :) I do not know what dns server is being used. I use SimpleDNS so I can allow recursion by ip address/subnet. Bind as well does this: [ recurseallow ] -Nick --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] DNS cache problems
Title: Message I did !! But there's inconsistence between MMC and registry, The MMC is checked, but the Registry key isn't there. So I added this key. Let's see in some hours. Regards Andres.- Colbeck, Andrew escribi: Andres, have you checked out: http://support.microsoft.com/default.aspx?scid=kb;en-us;241352 to make sure that your Windows 2000 DNS cache is protected from poisoning? Also, I'm not sure if you mentioned whether you are resolving or whether you are using a forwarder. If your DNS server is using a forwarder, it will trust any incoming response. So if you are forwarding DNS queries to your ISP and their DNS is poisoned, your server will trust those poisoned responses. You might also find this writeup from March helpful; in addition to this presentation there were multiple postings by the ISC Handlers about DNS poisoning. http://isc.sans.org/presentations/dnspoisoning.php Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of "Ing. Andrs E. Gallo" Sent: Monday, August 01, 2005 10:38 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Declude Woes Fixed Norton Corp. 10, updated everyday, says it's clean. I'm afraid of M$ BUG. No hotfix to download ( Windows Updated weekly ) The 5504 points to a couple of x.name-servers.net. NO idea, and wrong surfing !! Andres Darin Cox escribi: That's the same config we're running. It's only been one day, but we haven't seen any 5504's. Spyware or root kit? Darin. - Original Message - From: Ing. Andrs E. Gallo To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 11:57 AM Subject: Re: [Declude.JunkMail] Declude Woes Fixed Hi List, I'm not sure if related or not, but since a few days we are getting at MS DNS 2000 Server, many EventIDs 5504 messages saying that malformed packets were received by some roots hints. And besides that, some domains are resolved to.freeservers !!! The cache protection is activated, but not lucky with it. Each one or two days, we must 'clean cache' to keep it working. No forwarders, unchecked 'disable recursion' and 'Fail on load if..', Name checking in Multibyte, unchecked automatic scavenging But each day, 'cleaning the cache' Ideas ?? Darin Cox escribi: Wehaven't, but then we've been using forwarders with no recursion. Others on the list might be able to comment on their experiences. You could potentially use forwarders, but allow recursion... meaning DNS will use the forwarder first, and then try directly if it fails. We opted to remove the forwarders completely since the forwarderfailures were what was causing our processing delays. Darin. - Original Message - From: Will To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 10:31 AM Subject: RE: [Declude.JunkMail] Declude Woes Fixed Thanks Darin, this is very helpful and informative. Have you had an issue with MS DNS where it had a hard time resolving with root servers? I have seen this and when I add a forwarded to our upstream provider is works fine but I would rather depend on root hits. My root servers are up to date with internic. Will -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darin Cox Sent: Monday, August 01, 2005 10:00 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Declude Woes Fixed Hi Will, We finally found our problems over the weekend. They were two-fold. I'll document them here in the hopes someone else with this problem will benefit. 1. IMail and Declude are using local MS DNS. However, we had set up Forwarders in MS DNS, and thoseforwarded DNS serverswere not resolving most of the DNS-based tests (thanks to our upstream providers :( ). So, Decludehad to wait for all of the DNS-based tests to time out, which meant total processing time on a single email was about 90 seconds. 2. We had three DNS-based tests that were timing out: RRBL, SBBL, and SOLID.SOLID is dead and the other two report server failure, which may be temporary. To find out if you are using any dead or failing DNS tests, switch to LOGLEVEL DEBUG for a couple of minutes or so, and trace a message through to see if any tests are not responding. After removing the DNS forwarders and the failed or dead
Re: [Declude.JunkMail] DNS cache problems
OOOPPPSSS !!! So, after deleting it, same as before :(( Andres.- Darin Cox escribi: Message If you read the article, In windows 2000 SP3 and later the registry key is only used to turn OFF the setting. By default it is on and there is no registry key. Darin. - Original Message - From: Ing. Andrs E. Gallo To: Declude.JunkMail@declude.com Sent: Wednesday, August 03, 2005 8:37 AM Subject: Re: [Declude.JunkMail] DNS cache problems I did !! But there's inconsistence between MMC and registry, The MMC is checked, but the Registry key isn't there. So I added this key. Let's see in some hours. Regards Andres.- Colbeck, Andrew escribi: Andres, have you checked out: http://support.microsoft.com/default.aspx?scid=kb;en-us;241352 to make sure that your Windows 2000 DNS cache is protected from poisoning? Also, I'm not sure if you mentioned whether you are resolving or whether you are using a forwarder. If your DNS server is using a forwarder, it will trust any incoming response. So if you are forwarding DNS queries to your ISP and their DNS is poisoned, your server will trust those poisoned responses. You might also find this writeup from March helpful; in addition to this presentation there were multiple postings by the ISC Handlers about DNS poisoning. http://isc.sans.org/presentations/dnspoisoning.php Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of "Ing. Andrs E. Gallo" Sent: Monday, August 01, 2005 10:38 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Declude Woes Fixed Norton Corp. 10, updated everyday, says it's clean. I'm afraid of M$ BUG. No hotfix to download ( Windows Updated weekly ) The 5504 points to a couple of x.name-servers.net. NO idea, and wrong surfing !! Andres Darin Cox escribi: That's the same config we're running. It's only been one day, but we haven't seen any 5504's. Spyware or root kit? Darin. - Original Message - From: Ing. Andrs E. Gallo To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 11:57 AM Subject: Re: [Declude.JunkMail] Declude Woes Fixed Hi List, I'm not sure if related or not, but since a few days we are getting at MS DNS 2000 Server, many EventIDs 5504 messages saying that malformed packets were received by some roots hints. And besides that, some domains are resolved to.freeservers !!! The cache protection is activated, but not lucky with it. Each one or two days, we must 'clean cache' to keep it working. No forwarders, unchecked 'disable recursion' and 'Fail on load if..', Name checking in Multibyte, unchecked automatic scavenging But each day, 'cleaning the cache' Ideas ?? Darin Cox escribi: Wehaven't, but then we've been using forwarders with no recursion. Others on the list might be able to comment on their experiences. You could potentially use forwarders, but allow recursion... meaning DNS will use the forwarder first, and then try directly if it fails. We opted to remove the forwarders completely since the forwarderfailures were what was causing our processing delays. Darin. - Original Message - From: Will To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 10:31 AM Subject: RE: [Declude.JunkMail] Declude Woes Fixed Thanks Darin, this is very helpful and informative. Have you had an issue with MS DNS where it had a hard time resolving with root servers? I have seen this and when I add a forwarded to our upstream provider is works fine but I would rather depend on root hits. My root servers are up to date with internic. Will -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darin Cox Sent: Monday, August 01, 2005 10:00 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Declude Woes Fixed Hi Will, We finally found our problems over the weekend. They were two-fold. I'll document them here in the hopes someone else with this problem will benefit. 1. IMail and Declude are using local MS DNS. However, we had set up Forwarders in MS DNS, and thoseforwarded DNS serverswere not resolving most of the DNS-based
Re: [Declude.JunkMail] DNS cache problems
Title: Message Darin, Andrew. Ok, I know the harmless of the action, but ... anyway, the dns.exe version is 5.0.2195.6715, Jun 19, 2003. Windows 2000 SP4. Maybe 2003 should be the 'solution'. Regards Andres.- Darin Cox escribi: The point was that he did not need to add the key. Adding the key with it turned on has no effect. Darin. - Original Message - From: Colbeck, Andrew To: Declude.JunkMail@declude.com Sent: Wednesday, August 03, 2005 10:48 AM Subject: RE: [Declude.JunkMail] DNS cache problems The presence of the key is harmless, and by itself does not control the cache protection. If the value = 1 then it's on. Ifmy cachewas poisoned anyway and I wasn't using forwarders, I'dset the registry anyway, restart my DNS service, and install and patch DNS somewhere else and check my file .exe file versions to make sure my production machine had been up to date after all. Or I'd just switch my DNS serving to the new server. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darin Cox Sent: Wednesday, August 03, 2005 5:40 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] DNS cache problems If you read the article, In windows 2000 SP3 and later the registry key is only used to turn OFF the setting. By default it is on and there is no registry key. Darin. - Original Message - From: Ing. Andrs E. Gallo To: Declude.JunkMail@declude.com Sent: Wednesday, August 03, 2005 8:37 AM Subject: Re: [Declude.JunkMail] DNS cache problems I did !! But there's inconsistence between MMC and registry, The MMC is checked, but the Registry key isn't there. So I added this key. Let's see in some hours. Regards Andres.- Colbeck, Andrew escribi: Andres, have you checked out: http://support.microsoft.com/default.aspx?scid=kb;en-us;241352 to make sure that your Windows 2000 DNS cache is protected from poisoning? Also, I'm not sure if you mentioned whether you are resolving or whether you are using a forwarder. If your DNS server is using a forwarder, it will trust any incoming response. So if you are forwarding DNS queries to your ISP and their DNS is poisoned, your server will trust those poisoned responses. You might also find this writeup from March helpful; in addition to this presentation there were multiple postings by the ISC Handlers about DNS poisoning. http://isc.sans.org/presentations/dnspoisoning.php Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of "Ing. Andrs E. Gallo" Sent: Monday, August 01, 2005 10:38 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Declude Woes Fixed Norton Corp. 10, updated everyday, says it's clean. I'm afraid of M$ BUG. No hotfix to download ( Windows Updated weekly ) The 5504 points to a couple of x.name-servers.net. NO idea, and wrong surfing !! Andres Darin Cox escribi: That's the same config we're running. It's only been one day, but we haven't seen any 5504's. Spyware or root kit? Darin. - Original Message - From: Ing. Andrs E. Gallo To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 11:57 AM Subject: Re: [Declude.JunkMail] Declude Woes Fixed Hi List, I'm not sure if related or not, but since a few days we are getting at MS DNS 2000 Server, many EventIDs 5504 messages saying that malformed packets were received by some roots hints. And besides that, some domains are resolved to.freeservers !!! The cache protection is activated, but not lucky with it. Each one or two days, we must 'clean cache' to keep it working. No forwarders, unchecked 'disable recursion' and 'Fail on load if..', Name checking in Multibyte, unchecked automatic scavenging But each day, 'cleaning the cache' Ideas ?? Darin Cox escribi: Wehaven't, but then we've been using forwarders with no recursion. Others on the list might be able to comment on their experiences. You could potentially use forwarders, but allow recursion... meaning DNS will use the forwarder first, and then try directly if it fails. We opted to remove the forwarders completely since the forwarderfailures were what was causing our processing delays. Darin. - Original Message - From: Will To: Declude.JunkMail@declude.com
Re: [Declude.JunkMail] Declude Woes Fixed
Title: Message Hi List, I'm not sure if related or not, but since a few days we are getting at MS DNS 2000 Server, many EventIDs 5504 messages saying that malformed packets were received by some roots hints. And besides that, some domains are resolved to.freeservers !!! The cache protection is activated, but not lucky with it. Each one or two days, we must 'clean cache' to keep it working. No forwarders, unchecked 'disable recursion' and 'Fail on load if..', Name checking in Multibyte, unchecked automatic scavenging But each day, 'cleaning the cache' Ideas ?? Darin Cox escribi: Wehaven't, but then we've been using forwarders with no recursion. Others on the list might be able to comment on their experiences. You could potentially use forwarders, but allow recursion... meaning DNS will use the forwarder first, and then try directly if it fails. We opted to remove the forwarders completely since the forwarderfailures were what was causing our processing delays. Darin. - Original Message - From: Will To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 10:31 AM Subject: RE: [Declude.JunkMail] Declude Woes Fixed Thanks Darin, this is very helpful and informative. Have you had an issue with MS DNS where it had a hard time resolving with root servers? I have seen this and when I add a forwarded to our upstream provider is works fine but I would rather depend on root hits. My root servers are up to date with internic. Will -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darin Cox Sent: Monday, August 01, 2005 10:00 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Declude Woes Fixed Hi Will, We finally found our problems over the weekend. They were two-fold. I'll document them here in the hopes someone else with this problem will benefit. 1. IMail and Declude are using local MS DNS. However, we had set up Forwarders in MS DNS, and thoseforwarded DNS serverswere not resolving most of the DNS-based tests (thanks to our upstream providers :( ). So, Decludehad to wait for all of the DNS-based tests to time out, which meant total processing time on a single email was about 90 seconds. 2. We had three DNS-based tests that were timing out: RRBL, SBBL, and SOLID.SOLID is dead and the other two report server failure, which may be temporary. To find out if you are using any dead or failing DNS tests, switch to LOGLEVEL DEBUG for a couple of minutes or so, and trace a message through to see if any tests are not responding. After removing the DNS forwarders and the failed or dead DNS tests, processing time was down to 8 seconds. I doubt we'll see the overload issue again unless we don't pay attention to dead or unavailable DNS tests, or wehave a real load issue. Darin. - Original Message - From: Will To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 9:04 AM Subject: RE: [Declude.JunkMail] Declude Woes Just an update Last week I had disabled Declude and cleaned out my spool directory. For the next day I had not experienced any issues. My spooled messages are staying well under 500 and mail is flowing exactly how I want it to (without Declude). Now, we can get away with not having Declude Junkmail for a bit, but I really needed virus scanning, so I re-enabled Declude Antivirus. After I verified everything was running smoothly I downloaded F-prot and removed Mcafee before the weekend and things have also been running very smooth. Just a note, I had run Declude Antivirus for years without any issues and I only seem to run into these overflow problems when I introduce Declude Junkmail. Since the major issues I had last week I have made three changes I have modified the queue manager to process 100 messages at a time. I have disabled Declude Junkmail. I have now moved from Mcafee to F-Prot. The only one of these changes that has ensured that mail does not go into overflow and backup is the disabling of Declude Junkmail. Im not so sure its a DNS issue because the Imail spam filters run perfectly fine, which I am now using in place of Declude. They do not do as good a job identifying spam, but they are better than nothing. Things to think about: I was interested in the statement that the mail server can be setup to not bounce messages if they are detected as SPAM. This still confuses me, because the BOUNCEONLYIFYOUMUST statement in the $default$.junkmail file appears to actually bounce the messages. As it is, all my filters are set to WARN and I dont understand why changing them to BOUNCEONLYIFYOUMUST will help. I do not believe I have bulk mailers on my system, but I will not discount it. Does anyone have a good suggestion for determining this? After
Re: [Declude.JunkMail] Declude Woes Fixed
Title: Message Norton Corp. 10, updated everyday, says it's clean. I'm afraid of M$ BUG. No hotfix to download ( Windows Updated weekly ) The 5504 points to a couple of x.name-servers.net. NO idea, and wrong surfing !! Andres Darin Cox escribi: That's the same config we're running. It's only been one day, but we haven't seen any 5504's. Spyware or root kit? Darin. - Original Message - From: Ing. Andrs E. Gallo To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 11:57 AM Subject: Re: [Declude.JunkMail] Declude Woes Fixed Hi List, I'm not sure if related or not, but since a few days we are getting at MS DNS 2000 Server, many EventIDs 5504 messages saying that malformed packets were received by some roots hints. And besides that, some domains are resolved to.freeservers !!! The cache protection is activated, but not lucky with it. Each one or two days, we must 'clean cache' to keep it working. No forwarders, unchecked 'disable recursion' and 'Fail on load if..', Name checking in Multibyte, unchecked automatic scavenging But each day, 'cleaning the cache' Ideas ?? Darin Cox escribi: Wehaven't, but then we've been using forwarders with no recursion. Others on the list might be able to comment on their experiences. You could potentially use forwarders, but allow recursion... meaning DNS will use the forwarder first, and then try directly if it fails. We opted to remove the forwarders completely since the forwarderfailures were what was causing our processing delays. Darin. - Original Message - From: Will To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 10:31 AM Subject: RE: [Declude.JunkMail] Declude Woes Fixed Thanks Darin, this is very helpful and informative. Have you had an issue with MS DNS where it had a hard time resolving with root servers? I have seen this and when I add a forwarded to our upstream provider is works fine but I would rather depend on root hits. My root servers are up to date with internic. Will -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darin Cox Sent: Monday, August 01, 2005 10:00 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Declude Woes Fixed Hi Will, We finally found our problems over the weekend. They were two-fold. I'll document them here in the hopes someone else with this problem will benefit. 1. IMail and Declude are using local MS DNS. However, we had set up Forwarders in MS DNS, and thoseforwarded DNS serverswere not resolving most of the DNS-based tests (thanks to our upstream providers :( ). So, Decludehad to wait for all of the DNS-based tests to time out, which meant total processing time on a single email was about 90 seconds. 2. We had three DNS-based tests that were timing out: RRBL, SBBL, and SOLID.SOLID is dead and the other two report server failure, which may be temporary. To find out if you are using any dead or failing DNS tests, switch to LOGLEVEL DEBUG for a couple of minutes or so, and trace a message through to see if any tests are not responding. After removing the DNS forwarders and the failed or dead DNS tests, processing time was down to 8 seconds. I doubt we'll see the overload issue again unless we don't pay attention to dead or unavailable DNS tests, or wehave a real load issue. Darin. - Original Message - From: Will To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 9:04 AM Subject: RE: [Declude.JunkMail] Declude Woes Just an update Last week I had disabled Declude and cleaned out my spool directory. For the next day I had not experienced any issues. My spooled messages are staying well under 500 and mail is flowing exactly how I want it to (without Declude). Now, we can get away with not having Declude Junkmail for a bit, but I really needed virus scanning, so I re-enabled Declude Antivirus. After I verified everything was running smoothly I downloaded F-prot and removed Mcafee before the weekend and things have also been running very smooth. Just a note, I had run Declude Antivirus for years without any issues and I only seem to run into these overflow problems when I introduce Declude Junkmail. Since the major issues I had last week I have made three changes I have modified the queue manager to process 100 messages at a time. I have disabled Declude Junkmail. I have now moved from Mcafee to F-Prot. The only one of these changes that has ensured that mail does not go into overflow and backup is the disabling
Re: [Declude.JunkMail] OT: File archiving tool
Try SyncBack from MJL Software ( www.syncback.com ) Nice and Free Errors reported on HTML (if any ) Andres.- - Mensaje original - De: Markus Gufler Para: Declude.JunkMail@declude.com Enviado: viernes, 18 de febrero de 2005 06:32 Asunto: [Declude.JunkMail] OT: File archiving tool HiI have to zip copy each day logfiles from the Imail-Server to a remoteFTP-Server. Anyone knows a tool who can do this all in one?Markus---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.