My SCSI RAID10 rack has a dedicated channel (if you are referring to
the physical cable connecting the drive to the adapter card) for each
drive in the rack. They don't share cables in high-end systems, either,
especially with SCSI/640. Long before you run into bottlenecks at the
drive cables,
ATA and SATA are best suited for the lower end of the spectrum, while
SCSI and FC are high-end. SATA still doesn't allow drives to
communicate without going through the controller. SATA still doesn't
allow disconnecting a drive mid-spin and replacing it without
interruption of the system.
By the way, RAID 10 is not a mirrored set of Raid 5. Just for the sake
of a memory jog on my part, here are all of the RAID levels:
RAID 0: non-redundant striping of drives
RAID 1: drive mirroring (always an even number of drives)
RAID 2: byte striping with moving parity (obsolete)
RAID 3: byte
Nah, RAID 10's performance will always be twice as fast as RAID 50.
Look at the writes required:
WRITE to RAID 10:
Write data to primary stripe
Copy to backup stripe
WRITE to RAID 50:
Write data to primary stripe
Update the parity on primary stripe
Copy data to secondary stripe
from failed hardware.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Keith Anderson
Sent: Thursday, March 25, 2004 2:37 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Raid Controller
By the way, RAID 10 is not a mirrored set of Raid
The harse ain dead yet.
Well, first thing is all RAID levels create one single volume that
combines the total available drive space. No matter what RAID level you
use, all 10 drives become one big volume, just like the 24-drive RAID 10
that I've got here. You can partition it through Windows
Another good example is when you setup a domain controller in the
Windows 2000 family, caching is disabled on the physical drives that
contain the active directory. Since you can't get around that (without
applying a few hacks to system files), it's best to put the active
directory on a pair of
There are a lot of SATA RAID (0/1/5) options. Example:
http://www.3ware.com/products/serial_ata.asp
SATA is good for high performance, low-end servers, but you would never
want to attempt a big RAID-10 rack with SATA. Actual throughput speeds
of SCSI/160 drives (10K or 12K RPM) are still
The following registrars are known to support spammers, either by giving
large discounts for mass domain registrations, or they have common financial
backing with major spam organizations, or were founded by spam organizations
in order to get access to unlimited, free domain registrations.
We receive around 5 million spam emails per day here, and have been
harvesting a database of spammer URL's embedded in the message body, and we
do statistical mining to ISP and registrar. This connection between
registrars and spammers has been investigated a number of times, and is
nothing new.
We're getting a LOT of spam with HABEAS headers, presumably because the
spammers are using hijacked systems. We have had to turn off that feature.
As long as systems can be hijacked, Habeas and SPF won't be worth very much.
Do most people use WHITELIST HABEAS? I'm thinking of turning
this
This has never happened while running Imail 7.07, which is the version that
has proven to be stable here. I see little motivation to upgrade to
anything beyond 7.07
-Original Message-
From: Kami Razvan [mailto:[EMAIL PROTECTED]
Hi;
I think the problem still exists..
The following is
Are you running Hijack in addition to Junkmail?
We're extremely high volume and have been watching for this problem since it
was first mentioned... perhaps we're just missing it, but I'm not aware of
it happening here.
-Original Message-
From: Linette Casey [mailto:[EMAIL PROTECTED]
That would be true if all of the servers using those IP addresses were 100%
trustworthy, but that's impossible. Servers are compromised all the time.
The people running them can make mistakes, creating open proxies or open
relays, or they can be bribed to allow a spammer access. Very few spam
The problem with criminal fines is nobody ever pays them. We have over 100
criminal fraud judgements against former and current spammers, and they all
carry fines. How are the fines collected? The judge reviews their personal
financial condition and establishes a monthly payment that they can
It's the five years that makes it a deterrent. Nobody cares about the
amount of the arbitrary fines for committing murder, either.
-Original Message-
From: Todd Holt [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 11, 2003 4:56 PM
To: [EMAIL PROTECTED]
Subject: RE:
We're still running 7.07 here. We're not seeing any of the problems you're
referring to in this version, so I think the bugs very likely started in the
next major release 7.10, which had problems on our server.
This is getting scary. It looks like there is a serious bug
in IMail v7
and v8
sarcasm
I love challenge-response systems. They create revenue opportunities for
knowledgable IT professionals, and they make sure there isn't any unused
bandwidth, especially when two challenge-response systems somehow lose track
of each other and send millions of emails back and forth between
I have a client that insists on trying these silly challenge-response tricks
and gets caught into that trap all the time. I don't know why, but he'll
wake up one morning and decide to install one of those utilities on all of
his company's workstations. He forgets that his mail server is setup
It's not worth paying the subscription fee, in my opinion. I have a client
that's paying for it, and it doesn't catch very much that isn't already
caught somewhere else.
I am considering Maps too. But it's $1500/yr. Anyone using them?
---
[This E-mail was scanned for viruses by Declude
We have a rare situation where we've been asked to bounce emails with a
specific criteria for one customer. We are using the BOUNCE action as
stated in the comments of the sample file, but we get the logged error
Warning: misconfiguration in following line in configuration file (BOUNCE
is not an
Of Keith Anderson
Sent: Saturday, November 22, 2003 6:49 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Bounce
We have a rare situation where we've been asked to bounce
emails with a
specific criteria for one customer. We are using the
BOUNCE action as
stated in the comments
Can someone point me to a URL that contains a list of changes made in these
releases? Thanks
-Original Message-
From: DLAnalyzer Support [mailto:[EMAIL PROTECTED]
Sent: Saturday, November 22, 2003 9:16 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Bounce
Keith,
If
Why not just do as they ask, and let them experience the consequences? I've
found it's generally not a good idea to fight a battle against the entire
management team of a company, because even if you win the round, you will
lose the game.
I can understand their point of view. For some of my
FYI I just upgraded to the latest and it's giving us the correct IP address
in X-Declude Sender. not 0.0.0.0
I just noticed that all we're getting for IP addresses with these two
versions is 0.0.0.0.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
Could someone post an example of an external filter used as a replacement
for the GLOBAL.CFG whitelist entries?
Most specifically, the REVDNS entries... I can't seem to get the right
thing working. I'm still new at this.
Thanks
---
[This E-mail was scanned for viruses by Declude Virus
Check out DLAnalyzer a comprehensive reporting tool for
Declude Junkmail Logs - http://www.dlanalyzer.com
Keith Anderson writes:
Could someone post an example of an external filter used as
a replacement
for the GLOBAL.CFG whitelist
That's the WHITELISTFILE option -- but, it won't work with
reverse DNS entries yet. For that, you can
use a filter, with negative weights.
I've got it working now as a filter with these types of entries:
revdns -900 endswith .domain.com
revdns -900 endswith @domain.com
mailfrom -900
You should never find an @ in a REVDNS response, so the
above entry would
be useless.
Good point. Thanks
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail
Okay, sorry about that, somehow I missed that one.
in the global config file:
NOLEGITCONTENT nolegitcontent x x 0 -4
If you're asking me what it does I can only paraphrase Scott.
It looks for
things that are uncommon in spam but common in legitimate
e-mails so
What is your NOLEGITCONTENT test?
X-Spam-Tests-Failed: NOABUSE, NOPOSTMASTER, IPNOTINMX, NOLEGITCONTENT,
FILTER, WEIGHT10 [10]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe,
We have just released a free program to send all of the Declude log entries
in real time to a SysLog server. You can obtain the program from the
following location:
http://files.backfence.net/download/Declude/decsyslog.zip
No warranties. It's free and largely untested, although it seems to
You shouldn't waste your time when third party programmers can do this
stuff.
We'll have a syslog version of the log renamer by tomorrow morning.
Not at this time, mainly because of the amount of work that
would need to
go into creating the option and testing it. At this point,
new
Exactly what field(s) does WHITELIST FROM work on?
The header (at the bottom) is an example of an email that I want to
whitelist.
These are the whitelist commands I've got in my GLOBAL.CFG:
WHITELIST FROM @bbc.reply.tm0.com
WHITELIST FROM @bbs.co.uk
WHITELIST FROM @bbcdailyemail.reply.tm0.com
Do you have over 200 whitelist entries in the global.cfg
file? There is a
limit of 200, after which some of the earlier ones will be
overwritten.
aah, yeah. Many more than 200. Possibly 1500. What is the length limit on
a filter.txt file? Perhaps I can do the dirty work there instead of
There's the root of the problem: spamming works. If they didn't make money
from spam, they wouldn't do it. Apparently the 1% that are still ignorant
about spam make it worth while to anger the 99%. (I wonder what the real
ratio is?)
I tend to forget that to me it's an annoyance and
that to
One of our upstream providers is Qwest, and we have the same problem.
However, everyone seems to be aware of the SPAM-SUPPORT flaw because it has
never prevented us from getting mail to anyone.
My server is blocked by five-ten because the author doesn't
like Broadwing? I am immediately going
Especially if the mail server is behind any decent firewall.
The problem here is that E-mail will almost never come from those
IPs. Spoofing a TCP/IP is extremely difficult to do, and
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came
Yeah, we're aware of that one also. And other than one glitch in receiving
mail, we haven't experienced any problems receiving mail (with one exception
below). Of course, you never know when you don't receive something unless
it was sent by someone important.
The only company that we're aware
I've always had problems with Spamcop and excessive false positives. It
works best when weighted high, but not high enough to trigger as spam by
itself. Combined with other test, it works great.
Is it me, or did SpamCop suddenly become awful when it comes to false
positives with almost
I'm behind Active Directory here and it doesn't happen the same way as you
describe. Other than mistyped .COM and .NET domains, it gives me an error.
That's really odd.
I think this has something to do with Active Directory. I
have no clue as to where the lookup is coming from because it
Just a note that this appears to happen only with v7.1 of Imail and came up
in our testing before we went live with Declude. We're running 7.07 here
without problems, at least, any problems that we're aware of. We are
waiting before upgrading to 8.x until they fix the suddenly the SMTP
service
Matthew,
A few of us on the Declude list have been discussing offline a way to
exchange anti-spam tricks and blacklists without risk of spammers listening
in. A few also have some spam detection ideas that they would like to
discuss.
So far those interested are the following:
Colbeck,
out just because you haven't been invited already.
-Original Message-
From: Keith Anderson
Sent: Thursday, September 18, 2003 9:53 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] private list
Matthew,
A few of us on the Declude list have been discussing offline a way
I don't know anyone that doesn't think Verisign's move is an extremely bad
one for everyone except them.
I'm not sure whether to complain or to buy Verisign stock.
Tell me the lawyers won't have a field day with that.
Todd Holt
Xidix Technologies, Inc
Las Vegas, NV USA
www.xidix.com
This looks a lot like the millions that were sent through one of my clients'
WAP. If this is the case, it's nonroutable because they are sitting behind
a corporate firewall.
-Original Message-
From: Colbeck, Andrew [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 17, 2003 11:25 AM
The result would always be the same: 64.94.110.11 so you would tag every
message as spam. Right?
-Original Message-
From: Joshua Levitsky [mailto:[EMAIL PROTECTED]
Sent: Monday, September 15, 2003 10:47 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Fwd: Verisign's New Change and
That could end up being one of the better tests. Thanks.
-Original Message-
From: Bill Landry [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 16, 2003 1:09 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Fwd: Verisign's New Change and Outdate
RBL's
Yep, that's
Not to feed the spammers again by asking this, but is there a repository of
blacklists out there somewhere? Anyone willing to share?
-Original Message-
From: Kami Razvan [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 16, 2003 6:57 AM
To: [EMAIL PROTECTED]
Subject: RE:
That was me, and thank you for posting that!
Since someone asked about our whitelist- here it is (these
are the general
items - we have in this list some of our clients with screwed
up server
setups but are taken out in this list). This goes in the
Global.cfg file.
---
[This E-mail
Have you customized any registry settings for TCP/IP?
No. Haven't needed to.
with your DNS lookups. First, you should be downloading TXT records
from the RBL's instead of doing remote lookups. That should
save you a ton of resources.
We have a caching DNS server in front of Declude
Sorry, my fault for asking.
Kami, I hope there are no spammers monitoring this list since
now they know
how to easily spam your e-mail domains. It is never a good
idea to share
your whitelists in a public forum.
---
[This E-mail was scanned for viruses by Declude Virus
I don't see WHITELIST REVDNS ... in the instructions anywhere. What is
this doing exactly, and what are the other WHITELIST options?
Thanks
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
If you're a small company with 5 to 15 people, then it's not as bad as a
company with hundreds of employees, or in the case of my client, thousands.
Against our advice, they placed their entire directory online for
convenience of their customers and it turned into a harvest festival for
spammers.
As far as the Microsoft update status, I've been granted a Microsoft
engineer who is paying us a visit this week to witness all of this for
himself.
Regarding that one problem customer posting their entire
directory on the Web; you might want to suggest that they
It's not on their web page
The non-digest version fails BADHEADERS also. We whitelisted it here.
-Original Message-
From: Alan Walters [mailto:[EMAIL PROTECTED]
Sent: Monday, September 15, 2003 4:02 PM
To: Declude. JunkMail
Subject: [Declude.JunkMail] Declude List in Digest Mode fails
BADHEADERS
I
Keith, you have good stories.
I'm a novice in a group like this.
Anyway, I'm not sure if you were acknowledging my suggestion
about DNS or exploring it further. For the sake of this
Exploring further. I think network resources are used whether they exit the
machine or are passed
You must be doing something right to get MS to send an
Engineer out to you.
I doubt it has anything to do with us. It's more the fact that our one
client (who is only our client because of extremely good luck) has thousands
of Windows clients and a long-term Microsoft support contract that
Seems like the easiest solution is to block all email from domains that
resolve to 64.94.110.x The question is, how do we do this? (I'm still
learning... sorry if this is a stupid question.)
NS is going to make a lot of enemies doing this.
Just so people are aware, Network Solutions just
That should have been bleed and now I'm going to stop this off-topic
thread. Thank you.
won't do that for
any of our other clients.
What we do right is work hard, blees, beg and butt kiss. :)
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This
Great work, Matt.
Is anyone aware of a repository web page out there with a collection of
Declude related things like this? If not, someone ought to start one. I'm
willing to do so if it doesn't already exist.
Regards,
Keith
-Original Message-
From: Matthew Bramble [mailto:[EMAIL
Just a follow-up to this problem, uninstalling the latest Microsoft patch
fixed the problem. We're guessing that it has something to do with the
total number of network connections, since that is the only thing that's
different between Declue running and not running-- Declude opens a bunch per
It's an extreme circumstance, so I won't blame Declude. After working on it
for a few hours, the only thing that makes sense is that the patch is
somehow limiting the number of network processes (more so than normal), and
Declude pushes it over the edge. I wish there were a version of Imail and
Hi Matt,
Thanks for your suggestions. I don't claim to be an expert-- I just stumble
along and ask for a lot of help when things go bad.
I think we're going to buy another Declude license (pending budgetary
issues) and offload outbound traffic to another machine. We already cache
the DNS
I have no idea how it has any effect, but I've enabled and disabled Declude
a dozen times with the same result. We're using 1.75.
Tomorrow morning I'm going to spend a couple of hours with the server
offline looking deeper into the problem. It's difficult to really get down
to the problem when
That's a standard I don't know what I'm doing but I'm going to sound like
an expert response.
Why doesn't your Reverse DNS work?
for security reasons
Why does your server respond as yourdomain.here?
for security reasons
Why was your server offline for six hours yesterday?
However, how frequently would a transaction of this type be the *very
first* contact between the two systems? If it were not the very first
contact then by definition there would be no delay imposed.
Does that make a difference?
In some cases the very first email two bankers exchange are
FWIW, I agree. Some of my clients are bankers that exchange their documents
over encrypted email and expect instant delivery. Of course, with user and
domain specific configurations, these could easily be exempted from delayed
processing.
Not on systems we manage. If 2 hours were the average
Would you post your configuration that works for you? and anyone else
that's willing to do so? I'd like to see some examples of successful
configurations to learn from.
Thanks
Either way with declude there is not reason to directly block anything
just use a weighted system where each test
69 matches
Mail list logo
