[IMGate] Re: Fwd: Yellow Alert - WORM_ZAFI.D (Yellow Alert)
header_checks = (non-mime headers) mime_header_checks = $header_checks I don't understand the above, is this another type of check using regexp like the existing header/body checks regexp? yes, mime_header_checks was added when postfix upgraded its mime processing. So your original regexp would go into a new file? as the above shows, if there is no mime_header_checks =, it defaults to whatever is being used for header_checks = postconf | egrep _checks Len
[IMGate] Re: who is responsible for slow mail
you see this alos in pflogsumm report I don't see any ? look in the smtp and qmgr sections for timeouts for postfix as smtp client. hmm, there isn't a pflogsumm section for smtpd timeouts, which can be a major activity: mx1# egrep -ic smtpd.*timeout /var/log/maillog 18956 I'll see if I can get pflogsumm modified to report smtpd timeouts. during the DATA command, postfix smtpd waited 30 seconds in silence from eartlink, and timed out. your smtp timeouts of 5 minutes are too long. I am confused my timeout is 30 seconds. your smtpd is 30 Len
[IMGate] Re: Fwd: Yellow Alert - WORM_ZAFI.D (Yellow Alert)
- Original Message - From: Len Conrad [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 17, 2004 10:51 Subject: [IMGate] Re: Fwd: Yellow Alert - WORM_ZAFI.D (Yellow Alert) header_checks = (non-mime headers) mime_header_checks = $header_checks I don't understand the above, is this another type of check using regexp like the existing header/body checks regexp? yes, mime_header_checks was added when postfix upgraded its mime processing. So your original regexp would go into a new file? as the above shows, if there is no mime_header_checks =, it defaults to whatever is being used for header_checks = Ok, for my thick skull: just put your original regexp in the header_checks.regexp file and reload. postconf | egrep _checks Len Mike
[IMGate] Re: strange postfix startup message
ok, that got rid of the errors on the postfix start. however, I still have no /var/log/maillog I did move it from /var/log/maillog to /usr/bob/maillog this morning while = i was digging out of our problem... did that break something. Insidently, the problem this morning was that we had an infected computer = in our network that found our imgate box and was spewing like crazy. We = run declude on the imail box but nothing on our imgate box and config our = clients to use imail. The infected computer must have finally hit the IP = of our imgate to start the flood. if anyone runs similar to this, make sure your internal clients cannot use = port 25 on your imgate box or you could end up like we did tough lesson= . On Friday, December 17, 2004 10:22 AM, Len Conrad [EMAIL PROTECTED] = wrote: postfix check -- redisplays the same errors for postdrop and postqueue postfix upgrade -- is not a valid command, upgrade does not list my mistake, in the src directly, after compiling, make upgrade Len
[IMGate] Re: strange postfix startup message
however, I still have no /var/log/maillog in fbsd, syslogd will not create files, only write to files. man touch Insidently, the problem this morning was that we had an infected computer = in our network that found our imgate box and was spewing like crazy. We = run declude on the imail box but nothing on our imgate box and config our = clients to use imail. The infected computer must have finally hit the IP = of our imgate to start the flood. You should have had (trusted) mynetworks = restricted to only Imail IP and other PCs you have complete control over. policies that trust IPs, esp subscriber/PC IPs, is dangerous and should be tightly restricted. Len
[IMGate] Fw: Re: Fw: Re: who is responsible for slow mail
hard to say. need to look at top for memory usage/swapping, CPU load, and at the size of the incoming queue. last pid: 75780; load averages: 1.54, 2.30, 1.73 up 54+02:46:47 14:05:16 425 processes: 1 running, 424 sleeping CPU states: 21.7% user, 0.0% nice, 20.5% system, 1.2% interrupt, 56.6% idle Mem: 235M Active, 111M Inact, 99M Wired, 15M Cache, 60M Buf, 38M Free Swap: 256M Total, 40K Used, 256M Free The box is working hard, but the queue always seems to be small, around 10 to 20. 58 k delivered isn't very much. what about the avg smptd connection time, the avg dly to your mailbox server domains How do I check that. are your running visi? it's down and will slow all msg to 80 seconds No. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.296 / Virus Database: 265.5.4 - Release Date: 12/15/2004
[IMGate] Dns based lists
What dns based lists are people using to block email at the IMGate server? We currently use IMGate primarily for SAV, blocking dictionary attacks and buffering our Declude / Imail machines. We need to start blocking more aggressively with our IMGate machines, but we don't want to get into the false positive thing. [EMAIL PROTECTED]
[IMGate] Re: MX verses DNS
Currently maintenance. We _are_ changing some of our operations and this should stop being an issue when completed. In fact , as I think on this some more , I realize my current script does it this way ( despite what I wrote initially -- too many interruptions ) but some errors while updating the MX records got me thinking of the alternatives. use $INCLUDE aggressively in all you zone files. Initial work to convert to $INCLUDE will be re-paid 100x. Len