Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Well, I can say definitively that the hotfix worked. My DNS process is averaging less than 1% of CPU now during full traffic and 12 hours after the last restart with a very heavy config and well over 100,000 messages a day. I saw an article on MS's site showing that their DNS server could handle 9,500 requests per minute running on a single 733 MHz processor (plus other activity), and I'm not doubting that now. The backups in Declude/IMail were definitely being caused by the sluggishness of the DNS queries against this server, so that problem is now fixed as well. With this cleared up, it also appears that the server as a whole is running faster than the previous box despite the downgrade in disk I/O (all other things being the same exact platform). I can't be certain as yet, but it does appear to be about 30% more efficient so far. Windows 2003 might well be worth the money...after Service Pack 2 finally hits the streets. Matt Matt wrote: Thanks Darrell, that definitely sounds like it's the culprit: http://support.microsoft.com/?kbid=830381 This didn't come up in my searches because it is described so generically and I was searching for things like processor utilization and memory leaks. I like the part where the describe the workaround: "There is no suggested workaround. To minimize the effects of the problem, periodically stop and then restart the DNS Server service." The hotfix has been requested, I'll update the list as to whether or not this works. It certainly sounds promising. Matt Darrell ([EMAIL PROTECTED]) wrote: Matt, I seen a few articles about memory leaks in Win2K3 DNS. One specific one comes to mind about a leak when adding zones via scripting. Another one that we ran into (internally) was KB 830381. (Server Responsiveness Degrades and Queries Time Out When You Run the DNS Server Service). Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: "Matt" [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Monday, January 24, 2005 10:31 PM Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS I found MaxQueProc in the registry and changed that to 60. There is no GUI config for this option. I also looked at the issue with MS DNS 2003. After a restart of DNS, utilization dropped from an average of about 25% to under 1% (I had it in performance monitor)...but then over the next couple of hours, it has crept back up to 10%. I have watched it enough to verify that it's utilization grows consistently over time. Disabling the EDNS thing has no effect. I've found nothing really telling about this in Google, but it looks like a classic memory leak. This installation was fresh and there is hardly anything installed on it. I would be a bit surprised to see a memory leak in DNS go undetected/unfixed at this point. If anyone else has experienced this, or can confirm my findings, please speak up. I was intending on using this server for my Web hosting DNS, but this may keep me from going there. Matt R. Scott Perry wrote: You seemed to indicate that service launched processes count against the threads...meaning that smtp32.exe launches declude.exe, which launches F-Prot and McAfee. So would this count for 4 threads (not according to Declude, but Windows/IMail)? What about Sniffer and each external test that I have configured within Declude, would those count as well? Unfortunately, we are not aware of a way to determine if a process was started by a service or not. Currently, Declude looks for declude.exe, smtp32.exe, scan.exe, F-Prot.exe processes (and any processes listed in the rarely used DAISYCHAIN option). Note that SMTPD32.exe -- the IMail process/service that starts Declude -- is just a single process, so it will only count once. Message Sniffer and other external tests won't count, since Declude doesn't specifically look for it (but it does indeed count as a service-started process, and could cause the memory limit to be reached). However, there would only be a maximum of one of them per E-mail (since Declude runs the external tests in serial, not in parallel). I also re-read the following post by Sandy: http://www.mail-archive.com/imail_forum@list.ipswitch.com/msg94576.html It seems to indicate that there is no "thread limit", but something else instead; a limit of "64 objects per thread". That's not related here. The overflow issue deals with processes, not threads. Processes are what are listed in the "Process" tab in the Task Manager (such as one SMTPD32.exe process, 0 to 30 or so Declude.e
RE: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Service Pack 2? For Windows 2003? Service Pack 1 is in beta right now. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Tuesday, January 25, 2005 10:25 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Well, I can say definitively that the hotfix worked. My DNS process is averaging less than 1% of CPU now during full traffic and 12 hours after the last restart with a very heavy config and well over 100,000 messages a day. I saw an article on MS's site showing that their DNS server could handle 9,500 requests per minute running on a single 733 MHz processor (plus other activity), and I'm not doubting that now. The backups in Declude/IMail were definitely being caused by the sluggishness of the DNS queries against this server, so that problem is now fixed as well. With this cleared up, it also appears that the server as a whole is running faster than the previous box despite the downgrade in disk I/O (all other things being the same exact platform). I can't be certain as yet, but it does appear to be about 30% more efficient so far. Windows 2003 might well be worth the money...after Service Pack 2 finally hits the streets. Matt Matt wrote: Thanks Darrell, that definitely sounds like it's the culprit: http://support.microsoft.com/?kbid=830381 This didn't come up in my searches because it is described so generically and I was searching for things like processor utilization and memory leaks. I like the part where the describe the workaround: There is no suggested workaround. To minimize the effects of the problem, periodically stop and then restart the DNS Server service. The hotfix has been requested, I'll update the list as to whether or not this works. It certainly sounds promising. Matt Darrell ([EMAIL PROTECTED]) wrote: Matt,I seen a few articles about memory leaks in Win2K3 DNS. One specific onecomes to mind about a leak when adding zones via scripting. Another onethat we ran into (internally) was KB 830381. (Server ResponsivenessDegrades and Queries Time Out When You Run the DNS Server Service).Darrell---Check out http://www.invariantsystems.com for utilities for Declude AndImail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTGIntegration, and Log Parsers.- Original Message - From: Matt [EMAIL PROTECTED]To: Declude.JunkMail@declude.comSent: Monday, January 24, 2005 10:31 PMSubject: Re: [Declude.JunkMail] Overflow directory and a note about Windows2003 DNS I found MaxQueProc in the registry and changed that to 60. There is noGUI config for this option.I also looked at the issue with MS DNS 2003. After a restart of DNS,utilization dropped from an average of about 25% to under 1% (I had itin performance monitor)...but then over the next couple of hours, it hascrept back up to 10%. I have watched it enough to verify that it'sutilization grows consistently over time. Disabling the EDNS thing hasno effect. I've found nothing really telling about this in Google, butit looks like a classic memory leak. This installation was fresh andthere is hardly anything installed on it. I would be a bit surprised tosee a memory leak in DNS go undetected/unfixed at this point. If anyoneelse has experienced this, or can confirm my findings, please speak up.I was intending on using this server for my Web hosting DNS, but thismay keep me from going there.MattR. Scott Perry wrote: You seemed to indicate that service launched processes count againstthe threads...meaning that smtp32.exe launches declude.exe, whichlaunches F-Prot and McAfee. So would this count for 4 threads (notaccording to Declude, but Windows/IMail)? What about Sniffer andeach external test that I have configured within Declude, would thosecount as well? Unfortunately, we are not aware of a way to determine if a process wasstarted by a service or not. Currently, Declude looks fordeclude.exe, smtp32.exe, scan.exe, F-Prot.exe processes (and anyprocesses listed in the rarely used DAISYCHAIN option).Note that SMTPD32.exe -- the IMail process/service that starts Declude-- is just a single process, so it will only count once.Message Sniffer and other external tests won't count, since Decludedoesn't specifically look for it (but it does indeed count as aservice-started process, and could cause the memory limit to bereached). However, there would only be a maximum of one of them perE-mail (since Declude runs the external tests in serial, not inparallel). I also re-read the following post by Sandy:http://www.mail-archive.com/imail_forum@list.ipswitch.com/msg94576.htmlIt seems to indicate that there is no thread limit, but somethingelse instead; a limit of 64 objects per thread. That's not related here. The overflow issue deals with processes, notthreads. Processes
Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Yeah, that's what I meant :) I also screwed up the stat for what MS DNS 2003 can apparently handle; it is in fact 9,500 per second and not minute. http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=""> Matt John Tolmachoff (Lists) wrote: Service Pack 2? For Windows 2003? Service Pack 1 is in beta right now. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Tuesday, January 25, 2005 10:25 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Well, I can say definitively that the hotfix worked. My DNS process is averaging less than 1% of CPU now during full traffic and 12 hours after the last restart with a very heavy config and well over 100,000 messages a day. I saw an article on MS's site showing that their DNS server could handle 9,500 requests per minute running on a single 733 MHz processor (plus other activity), and I'm not doubting that now. The backups in Declude/IMail were definitely being caused by the sluggishness of the DNS queries against this server, so that problem is now fixed as well. With this cleared up, it also appears that the server as a whole is running faster than the previous box despite the downgrade in disk I/O (all other things being the same exact platform). I can't be certain as yet, but it does appear to be about 30% more efficient so far. Windows 2003 might well be worth the money...after Service Pack 2 finally hits the streets. Matt Matt wrote: Thanks Darrell, that definitely sounds like it's the culprit: http://support.microsoft.com/?kbid=830381 This didn't come up in my searches because it is described so generically and I was searching for things like processor utilization and memory leaks. I like the part where the describe the workaround: "There is no suggested workaround. To minimize the effects of the problem, periodically stop and then restart the DNS Server service." The hotfix has been requested, I'll update the list as to whether or not this works. It certainly sounds promising. Matt Darrell ([EMAIL PROTECTED]) wrote: Matt, I seen a few articles about memory leaks in Win2K3 DNS. One specific one comes to mind about a leak when adding zones via scripting. Another one that we ran into (internally) was KB 830381. (Server Responsiveness Degrades and Queries Time Out When You Run the DNS Server Service). Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: "Matt" [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Monday, January 24, 2005 10:31 PM Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS I found MaxQueProc in the registry and changed that to 60. There is no GUI config for this option. I also looked at the issue with MS DNS 2003. After a restart of DNS, utilization dropped from an average of about 25% to under 1% (I had it in performance monitor)...but then over the next couple of hours, it has crept back up to 10%. I have watched it enough to verify that it's utilization grows consistently over time. Disabling the EDNS thing has no effect. I've found nothing really telling about this in Google, but it looks like a classic memory leak. This installation was fresh and there is hardly anything installed on it. I would be a bit surprised to see a memory leak in DNS go undetected/unfixed at this point. If anyone else has experienced this, or can confirm my findings, please speak up. I was intending on using this server for my Web hosting DNS, but this may keep me from going there. Matt R. Scott Perry wrote: You seemed to indicate that service launched processes count against the threads...meaning that smtp32.exe launches declude.exe, which launches F-Prot and McAfee. So would this count for 4 threads (not according to Declude, but Windows/IMail)? What about Sniffer and each external test that I have configured within Declude, would those count as well? Unfortunately, we are not aware of a way to determine if a process was started by a service or not. Currently, Declude looks for declude.exe, smtp32.exe, scan.exe, F-Prot.exe processes (and any processes listed in the rarely used DAISYCHAIN option). Note that SMTPD32.exe -- the IMail process/service that starts Declude
Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Matt, We seen the same exact results you seen after we applied the hotfix. I am glad to see it worked for you as well. Darrell ---Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Matt To: Declude.JunkMail@declude.com Sent: Tuesday, January 25, 2005 1:24 PM Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Well, I can say definitively that the hotfix worked. My DNS process is averaging less than 1% of CPU now during full traffic and 12 hours after the last restart with a very heavy config and well over 100,000 messages a day. I saw an article on MS's site showing that their DNS server could handle 9,500 requests per minute running on a single 733 MHz processor (plus other activity), and I'm not doubting that now.The backups in Declude/IMail were definitely being caused by the sluggishness of the DNS queries against this server, so that problem is now fixed as well.With this cleared up, it also appears that the server as a whole is running faster than the previous box despite the downgrade in disk I/O (all other things being the same exact platform). I can't be certain as yet, but it does appear to be about 30% more efficient so far. Windows 2003 might well be worth the money...after Service Pack 2 finally hits the streets.MattMatt wrote: Thanks Darrell, that definitely sounds like it's the culprit: http://support.microsoft.com/?kbid=830381This didn't come up in my searches because it is described so generically and I was searching for things like processor utilization and memory leaks. I like the part where the describe the workaround: "There is no suggested workaround. To minimize the effects of the problem, periodically stop and then restart the DNS Server service."The hotfix has been requested, I'll update the list as to whether or not this works. It certainly sounds promising.MattDarrell ([EMAIL PROTECTED]) wrote: Matt, I seen a few articles about memory leaks in Win2K3 DNS. One specific one comes to mind about a leak when adding zones via scripting. Another one that we ran into (internally) was KB 830381. (Server Responsiveness Degrades and Queries Time Out When You Run the DNS Server Service). Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: "Matt" [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Monday, January 24, 2005 10:31 PM Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS I found MaxQueProc in the registry and changed that to 60. There is no GUI config for this option. I also looked at the issue with MS DNS 2003. After a restart of DNS, utilization dropped from an average of about 25% to under 1% (I had it in performance monitor)...but then over the next couple of hours, it has crept back up to 10%. I have watched it enough to verify that it's utilization grows consistently over time. Disabling the EDNS thing has no effect. I've found nothing really telling about this in Google, but it looks like a classic memory leak. This installation was fresh and there is hardly anything installed on it. I would be a bit surprised to see a memory leak in DNS go undetected/unfixed at this point. If anyone else has experienced this, or can confirm my findings, please speak up. I was intending on using this server for my Web hosting DNS, but this may keep me from going there. Matt R. Scott Perry wrote: You seemed to indicate that service launched processes count against the threads...meaning that smtp32.exe launches declude.exe, which launches F-Prot and McAfee. So would this count for 4 threads (not according to Declude, but Windows/IMail)? What about Sniffer and each external test that I have configured within Declude, would those count as well? Unfortunately, we are not aware of a way to determine if a process was started by a service or not. Currently, Declude looks for declude.exe, smtp32.exe, scan.exe, F-Prot.exe processes (and any processes listed in the rarely used DAISYCHAIN option). Note that SMTPD32.exe -- the IMail process/service that starts Declude -- is just a single process, so it will only count once. Message Sniffer and other external tests won't count, since Declude doesn't specifically look for it (but it does indeed count as a service-started process, and could cause the memory limit to be reached). However, there would only be a maximum of one of them per E-mail
Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Matt- The link http://support.microsoft.com/?kbid=830381leads to a bunch of pay support resources. Did you have to pay MS for this fix? -Dave - Original Message - From: Matt To: Declude.JunkMail@declude.com Sent: Tuesday, January 25, 2005 2:01 PM Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Yeah, that's what I meant :)I also screwed up the stat for what MS DNS 2003 can apparently handle; it is in fact 9,500 per second and not minute.http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url="">MattJohn Tolmachoff (Lists) wrote: Service Pack 2? For Windows 2003? Service Pack 1 is in beta right now. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of MattSent: Tuesday, January 25, 2005 10:25 AMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Well, I can say definitively that the hotfix worked. My DNS process is averaging less than 1% of CPU now during full traffic and 12 hours after the last restart with a very heavy config and well over 100,000 messages a day. I saw an article on MS's site showing that their DNS server could handle 9,500 requests per minute running on a single 733 MHz processor (plus other activity), and I'm not doubting that now.The backups in Declude/IMail were definitely being caused by the sluggishness of the DNS queries against this server, so that problem is now fixed as well.With this cleared up, it also appears that the server as a whole is running faster than the previous box despite the downgrade in disk I/O (all other things being the same exact platform). I can't be certain as yet, but it does appear to be about 30% more efficient so far. Windows 2003 might well be worth the money...after Service Pack 2 finally hits the streets.MattMatt wrote: Thanks Darrell, that definitely sounds like it's the culprit: http://support.microsoft.com/?kbid=830381This didn't come up in my searches because it is described so generically and I was searching for things like processor utilization and memory leaks. I like the part where the describe the workaround: "There is no suggested workaround. To minimize the effects of the problem, periodically stop and then restart the DNS Server service."The hotfix has been requested, I'll update the list as to whether or not this works. It certainly sounds promising.MattDarrell ([EMAIL PROTECTED]) wrote: Matt,I seen a few articles about memory leaks in Win2K3 DNS. One specific onecomes to mind about a leak when adding zones via scripting. Another onethat we ran into (internally) was KB 830381. (Server ResponsivenessDegrades and Queries Time Out When You Run the DNS Server Service).Darrell---Check out http://www.invariantsystems.com for utilities for Declude AndImail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTGIntegration, and Log Parsers.- Original Message - From: "Matt" [EMAIL PROTECTED]To: Declude.JunkMail@declude.comSent: Monday, January 24, 2005 10:31 PMSubject: Re: [Declude.JunkMail] Overflow directory and a note about Windows2003 DNS I found MaxQueProc in the registry and changed that to 60. There is noGUI config for this option.I also looked at the issue with MS DNS 2003. After a restart of DNS,utilization dropped from an average of about 25% to under 1% (I had itin performance monitor)...but then over the next couple of hours, it hascrept back up to 10%. I have watched it enough to verify that it'sutilization grows consistently over time. Disabling the EDNS thing hasno effect. I've found nothing really telling about this in Google, butit looks like a classic memory leak. This installation was fresh andthere is hardly anything installed on it. I would be a bit surprised tosee a memory leak in DNS go undetected/unfixed at this point. If anyoneelse has experienced this, or can confirm my findings, please speak up.I was intending on using this server for my Web hosting DNS, but thismay keep me from going there.MattR. Scott Perry wrote: You seemed to indicate that service launched processes count againstthe threads...meaning that smtp32.exe launches declude.exe, whichlaunches F-Prot and McAfee. So would this count for 4 threads (notaccording to Declude, but Windows/IMail)? What about Sniffer andeach external test that I have configured within Declude, would thosecount as well? Unfortunately, we are not aware of a way to determine if a process wasstarted by a service or not. Currently, Declude
Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Dave,
Just call the number and there will be an option for getting hotfixes
before you get tossed into the pay for support system. Just give the
person the hotfix number and your information and they will E-mail you
a link to download it almost immediately. It's actually very easy,
they just do a very poor job of explaining how it works on their site.
Matt
Dave Doherty wrote:
Matt-
The link http://support.microsoft.com/?kbid=830381leads to a bunch of pay support resources. Did you have to
pay MS for this fix?
-Dave
-
Original Message -
From:
Matt
To:
Declude.JunkMail@declude.com
Sent:
Tuesday, January 25, 2005 2:01 PM
Subject:
Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003
DNS
Yeah, that's what I meant :)
I also screwed up the stat for what MS DNS 2003 can apparently handle;
it is in fact 9,500 per second and not minute.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url="">
Matt
John Tolmachoff (Lists) wrote:
Service
Pack 2? For Windows 2003? Service Pack 1 is in beta right now.
John
Tolmachoff
Engineer/Consultant/Owner
eServices
For You
-Original
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Matt
Sent: Tuesday,
January 25, 2005 10:25
AM
To: Declude.JunkMail@declude.com
Subject: Re:
[Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Well, I can say definitively
that the hotfix worked. My DNS process is averaging less than 1% of
CPU now during full traffic and 12 hours after the last restart with a
very heavy config and well over 100,000 messages a day. I saw an
article on MS's site showing that their DNS server could handle 9,500
requests per minute running on a single 733 MHz processor (plus other
activity), and I'm not doubting that now.
The backups in Declude/IMail were definitely being caused by the
sluggishness of the DNS queries against this server, so that problem is
now fixed as well.
With this cleared up, it also appears that the server as a whole is
running faster than the previous box despite the downgrade in disk I/O
(all other things being the same exact platform). I can't be certain
as yet, but it does appear to be about 30% more efficient so far.
Windows 2003 might well be worth the money...after Service Pack 2
finally hits the streets.
Matt
Matt wrote:
Thanks Darrell, that
definitely sounds like it's the culprit:
http://support.microsoft.com/?kbid=830381
This didn't come up in my searches because it is described so
generically and I was searching for things like processor utilization
and memory leaks. I like the part where the describe the workaround:
"There is no suggested workaround. To minimize the effects of the
problem, periodically stop and then restart the DNS Server service."
The hotfix has been requested, I'll update the list as to whether or
not this works. It certainly sounds promising.
Matt
Darrell ([EMAIL PROTECTED])
wrote:
Matt,
I seen a few articles about memory leaks in Win2K3 DNS. One specific one
comes to mind about a leak when adding zones via scripting. Another one
that we ran into (internally) was KB 830381. (Server Responsiveness
Degrades and Queries Time Out When You Run the DNS Server Service).
Darrell
---
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and Log Parsers.
- Original Message -
From: "Matt" [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Monday, January 24, 2005 10:31 PM
Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows
2003 DNS
I found MaxQueProc in the registry and changed that to 60. There is no
GUI config for this option.
I also looked at the issue with MS DNS 2003. After a restart of DNS,
utilization dropped from an average of about 25% to under 1% (I had it
in performance monitor)...but then over the next couple of hours, it has
crept back up to 10%. I have watched it enough to verify that it's
utilization grows consistently over time. Disabling the EDNS thing has
no effect. I've found nothing really telling about this in Google, but
it looks like a classic memory leak. This installation was fresh and
there is hardly anything installed on it. I would be a bit surprised to
see a
[Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Scott, Could you please let me know what condition causes E-mail to be left in the overflow directory, and exactly how Declude determines how/when to process such messages. On a side note, I was forced to do a rebuild on a backup server running Windows 2003. The DNS.exe process is a big-time dog compared to that on Windows 2000. I'm seeing DNS.exe reach over 50% of CPU utilization at times, and it never really drops below 10%, and I can't recall ever seeing DNS.exe on Windows 2000 ever go past the low single digits. No Active Directory on either machine, the processor power, memory and mail volume also. The only difference is the RAID card and only three 15K RPM drives in RAID 5 instead of six. Unless there is something unique to my environment, I would stay away from Windows 2003 DNS when used as a caching server with Declude/IMail, or for that matter, any possible high volume use of DNS on that platform. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Matt, on the Windows 2003 DNS: You are aware of the time out issues and such aren't you? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, January 24, 2005 11:43 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Scott, Could you please let me know what condition causes E-mail to be left in the overflow directory, and exactly how Declude determines how/when to process such messages. On a side note, I was forced to do a rebuild on a backup server running Windows 2003. The DNS.exe process is a big-time dog compared to that on Windows 2000. I'm seeing DNS.exe reach over 50% of CPU utilization at times, and it never really drops below 10%, and I can't recall ever seeing DNS.exe on Windows 2000 ever go past the low single digits. No Active Directory on either machine, the processor power, memory and mail volume also. The only difference is the RAID card and only three 15K RPM drives in RAID 5 instead of six. Unless there is something unique to my environment, I would stay away from Windows 2003 DNS when used as a caching server with Declude/IMail, or for that matter, any possible high volume use of DNS on that platform. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
I know I'm not aware, care to expand? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Monday, January 24, 2005 11:59 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Matt, on the Windows 2003 DNS: You are aware of the time out issues and such aren't you? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, January 24, 2005 11:43 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Scott, Could you please let me know what condition causes E-mail to be left in the overflow directory, and exactly how Declude determines how/when to process such messages. On a side note, I was forced to do a rebuild on a backup server running Windows 2003. The DNS.exe process is a big-time dog compared to that on Windows 2000. I'm seeing DNS.exe reach over 50% of CPU utilization at times, and it never really drops below 10%, and I can't recall ever seeing DNS.exe on Windows 2000 ever go past the low single digits. No Active Directory on either machine, the processor power, memory and mail volume also. The only difference is the RAID card and only three 15K RPM drives in RAID 5 instead of six. Unless there is something unique to my environment, I would stay away from Windows 2003 DNS when used as a caching server with Declude/IMail, or for that matter, any possible high volume use of DNS on that platform. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Could you please let me know what condition causes E-mail to be left in the overflow directory, and exactly how Declude determines how/when to process such messages. The short version is that the situation is handled better than if the overflow directory isn't used (many people don't get that). The longer version is that Declude will move E-mail (actually, just the Q*.SMD file) to the overflow directory when Declude detects that there are more than X service-started processes (where X is 30, unless you have IMail set to use a different number of maximum processes). Those can be declude.exe, smtp32.exe, or AV processes. Once this situation occurs, Declude will continue to move E-mails to the overflow directory until the number of service-started processes is less than X. At that point, when an E-mail arrives, Declude will start enough Declude processes to hit the limit of X (each of which scans a single E-mail). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
My understanding is that this is an issue with just some firewalls and not universal. Please correct me if I am wrong. Thanks, Matt John Tolmachoff (Lists) wrote: Matt, on the Windows 2003 DNS: You are aware of the time out issues and such aren't you? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 24, 2005 11:43 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Scott, Could you please let me know what condition causes E-mail to be left in the overflow directory, and exactly how Declude determines how/when to process such messages. On a side note, I was forced to do a rebuild on a backup server running Windows 2003. The DNS.exe process is a big-time dog compared to that on Windows 2000. I'm seeing DNS.exe reach over 50% of CPU utilization at times, and it never really drops below 10%, and I can't recall ever seeing DNS.exe on Windows 2000 ever go past the low single digits. No Active Directory on either machine, the processor power, memory and mail volume also. The only difference is the RAID card and only three 15K RPM drives in RAID 5 instead of six. Unless there is something unique to my environment, I would stay away from Windows 2003 DNS when used as a caching server with Declude/IMail, or for that matter, any possible high volume use of DNS on that platform. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Matt- I've been using W2003 on one of my DNS servers for several months now, and I have not experienced what you descibe. Have you checked the DNS event log? It's separate now from the App, Security, and System event logs. Maybe there's a clue there. -Dave Doherty Skywaves, inc. - Original Message - From: Matt To: Declude.JunkMail@declude.com Sent: Monday, January 24, 2005 3:09 PM Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS My understanding is that this is an issue with just some firewalls and not universal. Please correct me if I am wrong.Thanks,MattJohn Tolmachoff (Lists) wrote: Matt, on the Windows 2003 DNS: You are aware of the time out issues and such aren't you? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 24, 2005 11:43 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Scott, Could you please let me know what condition causes E-mail to be left in the overflow directory, and exactly how Declude determines how/when to process such messages. On a side note, I was forced to do a rebuild on a backup server running Windows 2003. The DNS.exe process is a big-time dog compared to that on Windows 2000. I'm seeing DNS.exe reach over 50% of CPU utilization at times, and it never really drops below 10%, and I can't recall ever seeing DNS.exe on Windows 2000 ever go past the low single digits. No Active Directory on either machine, the processor power, memory and mail volume also. The only difference is the RAID card and only three 15K RPM drives in RAID 5 instead of six. Unless there is something unique to my environment, I would stay away from Windows 2003 DNS when used as a caching server with Declude/IMail, or for that matter, any possible high volume use of DNS on that platform. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
This was covered quite extensively on the Imail list oh probably a year ago. From my memory (we all know what that means) there are 2 possible issues: 1. If there is more than 1 IP on the server, Imail was sending DNS tests requests (ala Imail Anti-Spam) on one IP and the response was coming back to a different IP in Windows 2003 DNS service. This was a minor problem, and was never known to affect Declude that I can remember. 2. Windows 2003 DNS service added/changed configuration which the end result was the length of the data was greater than it should be and that was causing problems. Again, this is in the Imail archives. If I did not have so much work right now, I would help did them up as I was one of the persons involved in investigating it. Fixes were registry settings. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Aaron Moreau-Cook Sent: Monday, January 24, 2005 12:02 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS I know I'm not aware, care to expand? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Monday, January 24, 2005 11:59 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Matt, on the Windows 2003 DNS: You are aware of the time out issues and such aren't you? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, January 24, 2005 11:43 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Scott, Could you please let me know what condition causes E-mail to be left in the overflow directory, and exactly how Declude determines how/when to process such messages. On a side note, I was forced to do a rebuild on a backup server running Windows 2003. The DNS.exe process is a big-time dog compared to that on Windows 2000. I'm seeing DNS.exe reach over 50% of CPU utilization at times, and it never really drops below 10%, and I can't recall ever seeing DNS.exe on Windows 2000 ever go past the low single digits. No Active Directory on either machine, the processor power, memory and mail volume also. The only difference is the RAID card and only three 15K RPM drives in RAID 5 instead of six. Unless there is something unique to my environment, I would stay away from Windows 2003 DNS when used as a caching server with Declude/IMail, or for that matter, any possible high volume use of DNS on that platform. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Declude Queue is nice and was invaluable before the Queue Manager service on Imail. The only problem is this: RSP than X. At that point, when an E-mail arrives, Declude will start enough RSP Declude processes to hit the limit of X (each of which scans a single E-mail). DQ requires a continues flow of email in order to clear the /overflow folder. Sending a single message through will not keep the DQ delivery process going. We're still having a number of Imail/PF issues and when a machine gets swamped we switch processing entirely to another box. Then we're stuck with q files in the /overflow folder and no way to get them out. If you copy them into the /spool they don't get scanned by Declude JM or Virus -- Best regards, Davidmailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Scott, Am I to assume a first in, first out type of scenario in the way that it handles the overflow? I have my server set to 60 delivery threads, up from the default 30. Sandy I believe indicated that 64 was the limit due to the fact that IMail is not multi-threaded or something to that tune. My E-mail backup isn't bad at the moment, just occasional stuff at peak times up to about 100, although the other day when the processors were pegged due to my not having disabled the Indexing Service, I backed it up for about 45 minutes worth. I'm probably averaging about 60% utilization (hourly average) right now. Right now we are deleting about 75% of all E-mail (using the DELETE action). I'm pretty sure that if we are reaching 60 threads, we are only doing so with the totality of messages and not just what we might deliver or ROUTETO/COPYTO. Counting the files in my spool, I am coming up measurably short of 60 Q*.SMD files while I see messages in the overflow (which happens every few minutes). It seems that this would represent the number of threads that are open, apart from what Declude has in overflow. Does having Declude DELETE E-mail go against the thread total? Also, how should I confirm how many threads are being used by IMail just so that I can rule out the issue with not seeing 60 such files? Lastly, you indicated multiple things that can go against this number, am I to assume that Declude counts not what IMail is limited by (IMail threads), but instead it just uses this as a guide, so maybe increasing the number in IMail even higher, while it won't have an effect on IMail, it would cause Declude to not overflow, especially when there is processing power to spare? Although I'm definitely moving from IMail, I fear hitting a wall before that actually happens. There is definitely more I/O and processor to spare on this box, but the overflow conditions happen every few minutes. Thanks, Matt R. Scott Perry wrote: Could you please let me know what condition causes E-mail to be left in the overflow directory, and exactly how Declude determines how/when to process such messages. The short version is that the situation is handled better than if the overflow directory isn't used (many people don't get that). The longer version is that Declude will move E-mail (actually, just the Q*.SMD file) to the overflow directory when Declude detects that there are more than X service-started processes (where X is 30, unless you have IMail set to use a different number of maximum processes). Those can be declude.exe, smtp32.exe, or AV processes. Once this situation occurs, Declude will continue to move E-mails to the overflow directory until the number of service-started processes is less than X. At that point, when an E-mail arrives, Declude will start enough Declude processes to hit the limit of X (each of which scans a single E-mail). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
David, We do the same thing. One thing you can do is fake mail coming in. I use a batch file. REM THIS WILL CLEAN OUT THE DECLUDE QUEUE declude x:\imail\spool\Qa6da175e02447716.SMD call x:\imail\cleandq.bat The Q file I referenced does not exist and it does not matter that it does not. Declude will see that there are not 30 processes running and than start to process the mail in the overflow directory. The loop calling the batch file ensures that 30 process stay running. Once the overflow is clean ctrl+c the batch file and move on. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. David Sullivan writes: Declude Queue is nice and was invaluable before the Queue Manager service on Imail. The only problem is this: RSP than X. At that point, when an E-mail arrives, Declude will start enough RSP Declude processes to hit the limit of X (each of which scans a single E-mail). DQ requires a continues flow of email in order to clear the /overflow folder. Sending a single message through will not keep the DQ delivery process going. We're still having a number of Imail/PF issues and when a machine gets swamped we switch processing entirely to another box. Then we're stuck with q files in the /overflow folder and no way to get them out. If you copy them into the /spool they don't get scanned by Declude JM or Virus -- Best regards, Davidmailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Hello Darrell, Monday, January 24, 2005, 5:38:51 PM, you wrote: Dsic We do the same thing. One thing you can do is fake mail coming in. I use a Dsic batch file. Dsic REM THIS WILL CLEAN OUT THE DECLUDE QUEUE Thanks we'll give it a shot. This should be a great help. -- Best regards, Davidmailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Scott, thanks for the explanations. I still have a few follow-ups though if you don't mind. First off, since DNS is acting like such a hog on Windows 2003, I'm going to guess that this is what is slowing down the processing of E-mail and why I am suddenly getting steady overflow. I can resolve that in various ways, but this is a temporary situation since I am going to migrate back to the other box once I rebuild it. DNS will be migrated to a separate server in the coming months...my first foray into Linux. I'm more concerned about the future, and hitting a wall that wasn't necessarily expected, otherwise thinking that I still had plenty of capacity to spare, and hence the additional questions. You seemed to indicate that service launched processes count against the threads...meaning that smtp32.exe launches declude.exe, which launches F-Prot and McAfee. So would this count for 4 threads (not according to Declude, but Windows/IMail)? What about Sniffer and each external test that I have configured within Declude, would those count as well? I also re-read the following post by Sandy: http://www.mail-archive.com/imail_forum@list.ipswitch.com/msg94576.html It seems to indicate that there is no thread limit, but something else instead; a limit of 64 objects per thread. I'm not sure how that might apply here. So if I am seeing overflow with processing power to spare, I should be able to increase the threads in IMail to a higher number than 60 in order to better utilize my server's capacity. With memory utilization below 50%, it doesn't seem like there is much risk in doing this, would that be correct? I haven't applied any of the registry tweaks, and probably won't on this box since it is only a temporary home. Still good stuff to know about should I ever have to do this again. Thanks, Matt R. Scott Perry wrote: Am I to assume a first in, first out type of scenario in the way that it handles the overflow? I believe so, but that is handled by Windows (Declude simply asks Windows for all the files, and whatever Windows returns first gets processed first). I have my server set to 60 delivery threads, up from the default 30. Sandy I believe indicated that 64 was the limit due to the fact that IMail is not multi-threaded or something to that tune. Unfortunately, there is no set limit. Some people have problems with 30, others are fine with 60 or higher. It also depends on any changes made to the registry settings for the mystery heap (which gets even weirder; some people see better results by raising the value there, while others see better results by lowering it!). Does having Declude DELETE E-mail go against the thread total? Not with IMail v8 (since IMail v8 uses one process to handle an unlimited number of E-mail deliveries). So using the DELETE action versus another action will have little effect (with IMail v8) on the overflow situation. Also, how should I confirm how many threads are being used by IMail just so that I can rule out the issue with not seeing 60 such files? You would need to count the total number of Declude.exe, SMTP32.exe, and AV processes. Lastly, you indicated multiple things that can go against this number, am I to assume that Declude counts not what IMail is limited by (IMail threads), but instead it just uses this as a guide, so maybe increasing the number in IMail even higher, while it won't have an effect on IMail, it would cause Declude to not overflow, especially when there is processing power to spare? Declude counts (to the best of its ability) the number of service-started processes. That is what IMail (Windows, to be technical) is limited by. Changing the IMail setting will also change the number that Declude uses. Although I'm definitely moving from IMail, I fear hitting a wall before that actually happens. There is definitely more I/O and processor to spare on this box, but the overflow conditions happen every few minutes. Correct. The I/O and processor time aren't relevant here -- they could both be at 0, and the situation could still occur (for example, if 60 E-mails come in simultaneously, and take 30 seconds each to scan due to waiting for DNS packets to come back). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives
Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
John, I do recall seeing this stuff, but I came away with the impression that it was only applicable if you were behind a particular type of firewall that had issues with the size of the packets or something to that tune. If this was causing many timeouts, I would have seen a slight increase in spam getting through I would think, but nothing out of the ordinary has occurred that I am aware of. It is possible however that the new capability of the Windows 2003 DNS server is what is causing the extra processor utilization, and I don't think that I benefit from having it on, so I'll try turning it off using the registry hack and then see if it makes any difference. I'm also going to look at what ways if any are available to tune the cache in DNS, thinking that a substantial difference here might also be an issue. Thanks, Matt John Tolmachoff (Lists) wrote: This was covered quite extensively on the Imail list oh probably a year ago. From my memory (we all know what that means) there are 2 possible issues: 1. If there is more than 1 IP on the server, Imail was sending DNS tests requests (ala Imail Anti-Spam) on one IP and the response was coming back to a different IP in Windows 2003 DNS service. This was a minor problem, and was never known to affect Declude that I can remember. 2. Windows 2003 DNS service added/changed configuration which the end result was the length of the data was greater than it should be and that was causing problems. Again, this is in the Imail archives. If I did not have so much work right now, I would help did them up as I was one of the persons involved in investigating it. Fixes were registry settings. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED]] On Behalf Of Aaron Moreau-Cook Sent: Monday, January 24, 2005 12:02 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS I know I'm not aware, care to expand? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff (Lists) Sent: Monday, January 24, 2005 11:59 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Matt, on the Windows 2003 DNS: You are aware of the time out issues and such aren't you? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, January 24, 2005 11:43 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Scott, Could you please let me know what condition causes E-mail to be left in the overflow directory, and exactly how Declude determines how/when to process such messages. On a side note, I was forced to do a rebuild on a backup server running Windows 2003. The DNS.exe process is a big-time dog compared to that on Windows 2000. I'm seeing DNS.exe reach over 50% of CPU utilization at times, and it never really drops below 10%, and I can't recall ever seeing DNS.exe on Windows 2000 ever go past the low single digits. No Active Directory on either machine, the processor power, memory and mail volume also. The only difference is the RAID card and only three 15K RPM drives in RAID 5 instead of six. Unless there is something unique to my environment, I would stay away from Windows 2003 DNS when used as a caching server with Declude/IMail, or for that matter, any possible high volume use of DNS on that platform. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe,
Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
You seemed to indicate that service launched processes count against the threads...meaning that smtp32.exe launches declude.exe, which launches F-Prot and McAfee. So would this count for 4 threads (not according to Declude, but Windows/IMail)? What about Sniffer and each external test that I have configured within Declude, would those count as well? Unfortunately, we are not aware of a way to determine if a process was started by a service or not. Currently, Declude looks for declude.exe, smtp32.exe, scan.exe, F-Prot.exe processes (and any processes listed in the rarely used DAISYCHAIN option). Note that SMTPD32.exe -- the IMail process/service that starts Declude -- is just a single process, so it will only count once. Message Sniffer and other external tests won't count, since Declude doesn't specifically look for it (but it does indeed count as a service-started process, and could cause the memory limit to be reached). However, there would only be a maximum of one of them per E-mail (since Declude runs the external tests in serial, not in parallel). I also re-read the following post by Sandy: http://www.mail-archive.com/imail_forum@list.ipswitch.com/msg94576.html It seems to indicate that there is no thread limit, but something else instead; a limit of 64 objects per thread. That's not related here. The overflow issue deals with processes, not threads. Processes are what are listed in the Process tab in the Task Manager (such as one SMTPD32.exe process, 0 to 30 or so Declude.exe processes, etc.). Each process can have from 1 to an (almost) infinite number of threads. I'm not sure how that might apply here. So if I am seeing overflow with processing power to spare, I should be able to increase the threads in IMail to a higher number than 60 in order to better utilize my server's capacity. With memory utilization below 50%, it doesn't seem like there is much risk in doing this, would that be correct? Anything referring to thread or threads in IMail settings is not relevant to this (IMail v8 introduced one or more thread options). Declude JunkMail looks at the MaxQueProc IMail registry setting (which may also be an advanced setting in IMail Administrator, with a name such as maximum number of processes). Any other settings are not used. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
I found MaxQueProc in the registry and changed that to 60. There is no GUI config for this option. I also looked at the issue with MS DNS 2003. After a restart of DNS, utilization dropped from an average of about 25% to under 1% (I had it in performance monitor)...but then over the next couple of hours, it has crept back up to 10%. I have watched it enough to verify that it's utilization grows consistently over time. Disabling the EDNS thing has no effect. I've found nothing really telling about this in Google, but it looks like a classic memory leak. This installation was fresh and there is hardly anything installed on it. I would be a bit surprised to see a memory leak in DNS go undetected/unfixed at this point. If anyone else has experienced this, or can confirm my findings, please speak up. I was intending on using this server for my Web hosting DNS, but this may keep me from going there. Matt R. Scott Perry wrote: You seemed to indicate that service launched processes count against the threads...meaning that smtp32.exe launches declude.exe, which launches F-Prot and McAfee. So would this count for 4 threads (not according to Declude, but Windows/IMail)? What about Sniffer and each external test that I have configured within Declude, would those count as well? Unfortunately, we are not aware of a way to determine if a process was started by a service or not. Currently, Declude looks for declude.exe, smtp32.exe, scan.exe, F-Prot.exe processes (and any processes listed in the rarely used DAISYCHAIN option). Note that SMTPD32.exe -- the IMail process/service that starts Declude -- is just a single process, so it will only count once. Message Sniffer and other external tests won't count, since Declude doesn't specifically look for it (but it does indeed count as a service-started process, and could cause the memory limit to be reached). However, there would only be a maximum of one of them per E-mail (since Declude runs the external tests in serial, not in parallel). I also re-read the following post by Sandy: http://www.mail-archive.com/imail_forum@list.ipswitch.com/msg94576.html It seems to indicate that there is no thread limit, but something else instead; a limit of 64 objects per thread. That's not related here. The overflow issue deals with processes, not threads. Processes are what are listed in the Process tab in the Task Manager (such as one SMTPD32.exe process, 0 to 30 or so Declude.exe processes, etc.). Each process can have from 1 to an (almost) infinite number of threads. I'm not sure how that might apply here. So if I am seeing overflow with processing power to spare, I should be able to increase the threads in IMail to a higher number than 60 in order to better utilize my server's capacity. With memory utilization below 50%, it doesn't seem like there is much risk in doing this, would that be correct? Anything referring to thread or threads in IMail settings is not relevant to this (IMail v8 introduced one or more thread options). Declude JunkMail looks at the MaxQueProc IMail registry setting (which may also be an advanced setting in IMail Administrator, with a name such as maximum number of processes). Any other settings are not used. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Matt, I seen a few articles about memory leaks in Win2K3 DNS. One specific one comes to mind about a leak when adding zones via scripting. Another one that we ran into (internally) was KB 830381. (Server Responsiveness Degrades and Queries Time Out When You Run the DNS Server Service). Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Matt [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Monday, January 24, 2005 10:31 PM Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS I found MaxQueProc in the registry and changed that to 60. There is no GUI config for this option. I also looked at the issue with MS DNS 2003. After a restart of DNS, utilization dropped from an average of about 25% to under 1% (I had it in performance monitor)...but then over the next couple of hours, it has crept back up to 10%. I have watched it enough to verify that it's utilization grows consistently over time. Disabling the EDNS thing has no effect. I've found nothing really telling about this in Google, but it looks like a classic memory leak. This installation was fresh and there is hardly anything installed on it. I would be a bit surprised to see a memory leak in DNS go undetected/unfixed at this point. If anyone else has experienced this, or can confirm my findings, please speak up. I was intending on using this server for my Web hosting DNS, but this may keep me from going there. Matt R. Scott Perry wrote: You seemed to indicate that service launched processes count against the threads...meaning that smtp32.exe launches declude.exe, which launches F-Prot and McAfee. So would this count for 4 threads (not according to Declude, but Windows/IMail)? What about Sniffer and each external test that I have configured within Declude, would those count as well? Unfortunately, we are not aware of a way to determine if a process was started by a service or not. Currently, Declude looks for declude.exe, smtp32.exe, scan.exe, F-Prot.exe processes (and any processes listed in the rarely used DAISYCHAIN option). Note that SMTPD32.exe -- the IMail process/service that starts Declude -- is just a single process, so it will only count once. Message Sniffer and other external tests won't count, since Declude doesn't specifically look for it (but it does indeed count as a service-started process, and could cause the memory limit to be reached). However, there would only be a maximum of one of them per E-mail (since Declude runs the external tests in serial, not in parallel). I also re-read the following post by Sandy: http://www.mail-archive.com/imail_forum@list.ipswitch.com/msg94576.html It seems to indicate that there is no thread limit, but something else instead; a limit of 64 objects per thread. That's not related here. The overflow issue deals with processes, not threads. Processes are what are listed in the Process tab in the Task Manager (such as one SMTPD32.exe process, 0 to 30 or so Declude.exe processes, etc.). Each process can have from 1 to an (almost) infinite number of threads. I'm not sure how that might apply here. So if I am seeing overflow with processing power to spare, I should be able to increase the threads in IMail to a higher number than 60 in order to better utilize my server's capacity. With memory utilization below 50%, it doesn't seem like there is much risk in doing this, would that be correct? Anything referring to thread or threads in IMail settings is not relevant to this (IMail v8 introduced one or more thread options). Declude JunkMail looks at the MaxQueProc IMail registry setting (which may also be an advanced setting in IMail Administrator, with a name such as maximum number of processes). Any other settings are not used. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http
Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Thanks Darrell, that definitely sounds like it's the culprit: http://support.microsoft.com/?kbid=830381 This didn't come up in my searches because it is described so generically and I was searching for things like processor utilization and memory leaks. I like the part where the describe the workaround: "There is no suggested workaround. To minimize the effects of the problem, periodically stop and then restart the DNS Server service." The hotfix has been requested, I'll update the list as to whether or not this works. It certainly sounds promising. Matt Darrell ([EMAIL PROTECTED]) wrote: Matt, I seen a few articles about memory leaks in Win2K3 DNS. One specific one comes to mind about a leak when adding zones via scripting. Another one that we ran into (internally) was KB 830381. (Server Responsiveness Degrades and Queries Time Out When You Run the DNS Server Service). Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: "Matt" [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Monday, January 24, 2005 10:31 PM Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS I found MaxQueProc in the registry and changed that to 60. There is no GUI config for this option. I also looked at the issue with MS DNS 2003. After a restart of DNS, utilization dropped from an average of about 25% to under 1% (I had it in performance monitor)...but then over the next couple of hours, it has crept back up to 10%. I have watched it enough to verify that it's utilization grows consistently over time. Disabling the EDNS thing has no effect. I've found nothing really telling about this in Google, but it looks like a classic memory leak. This installation was fresh and there is hardly anything installed on it. I would be a bit surprised to see a memory leak in DNS go undetected/unfixed at this point. If anyone else has experienced this, or can confirm my findings, please speak up. I was intending on using this server for my Web hosting DNS, but this may keep me from going there. Matt R. Scott Perry wrote: You seemed to indicate that service launched processes count against the threads...meaning that smtp32.exe launches declude.exe, which launches F-Prot and McAfee. So would this count for 4 threads (not according to Declude, but Windows/IMail)? What about Sniffer and each external test that I have configured within Declude, would those count as well? Unfortunately, we are not aware of a way to determine if a process was started by a service or not. Currently, Declude looks for declude.exe, smtp32.exe, scan.exe, F-Prot.exe processes (and any processes listed in the rarely used DAISYCHAIN option). Note that SMTPD32.exe -- the IMail process/service that starts Declude -- is just a single process, so it will only count once. Message Sniffer and other external tests won't count, since Declude doesn't specifically look for it (but it does indeed count as a service-started process, and could cause the memory limit to be reached). However, there would only be a maximum of one of them per E-mail (since Declude runs the external tests in serial, not in parallel). I also re-read the following post by Sandy: http://www.mail-archive.com/imail_forum@list.ipswitch.com/msg94576.html It seems to indicate that there is no "thread limit", but something else instead; a limit of "64 objects per thread". That's not related here. The overflow issue deals with processes, not threads. Processes are what are listed in the "Process" tab in the Task Manager (such as one SMTPD32.exe process, 0 to 30 or so Declude.exe processes, etc.). Each process can have from 1 to an (almost) infinite number of threads. I'm not sure how that might apply here. So if I am seeing overflow with processing power to spare, I should be able to increase the threads in IMail to a higher number than 60 in order to better utilize my server's capacity. With memory utilization below 50%, it doesn't seem like there is much risk in doing this, would that be correct? Anything referring to "thread" or "threads" in IMail settings is not relevant to this (IMail v8 introduced one or more "thread" options). Declude JunkMail looks at the MaxQueProc IMail registry setting (which may also be an advanced setting in IMail Administrator, with a name such as "maximum number of processes"). Any other settings are not used. -Scott --- Declude JunkMail: The advanced anti-spa
RE: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
One way of checking for a work around is to schedule a batch file say hourly to flush the cache. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, January 24, 2005 10:00 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Thanks Darrell, that definitely sounds like it's the culprit: http://support.microsoft.com/?kbid=830381 This didn't come up in my searches because it is described so generically and I was searching for things like processor utilization and memory leaks. I like the part where the describe the workaround: There is no suggested workaround. To minimize the effects of the problem, periodically stop and then restart the DNS Server service. The hotfix has been requested, I'll update the list as to whether or not this works. It certainly sounds promising. Matt Darrell ([EMAIL PROTECTED]) wrote: Matt,I seen a few articles about memory leaks in Win2K3 DNS. One specific onecomes to mind about a leak when adding zones via scripting. Another onethat we ran into (internally) was KB 830381. (Server ResponsivenessDegrades and Queries Time Out When You Run the DNS Server Service).Darrell---Check out http://www.invariantsystems.com for utilities for Declude AndImail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTGIntegration, and Log Parsers.- Original Message - From: Matt [EMAIL PROTECTED]To: Declude.JunkMail@declude.comSent: Monday, January 24, 2005 10:31 PMSubject: Re: [Declude.JunkMail] Overflow directory and a note about Windows2003 DNS I found MaxQueProc in the registry and changed that to 60. There is noGUI config for this option.I also looked at the issue with MS DNS 2003. After a restart of DNS,utilization dropped from an average of about 25% to under 1% (I had itin performance monitor)...but then over the next couple of hours, it hascrept back up to 10%. I have watched it enough to verify that it'sutilization grows consistently over time. Disabling the EDNS thing hasno effect. I've found nothing really telling about this in Google, butit looks like a classic memory leak. This installation was fresh andthere is hardly anything installed on it. I would be a bit surprised tosee a memory leak in DNS go undetected/unfixed at this point. If anyoneelse has experienced this, or can confirm my findings, please speak up.I was intending on using this server for my Web hosting DNS, but thismay keep me from going there.MattR. Scott Perry wrote: You seemed to indicate that service launched processes count againstthe threads...meaning that smtp32.exe launches declude.exe, whichlaunches F-Prot and McAfee. So would this count for 4 threads (notaccording to Declude, but Windows/IMail)? What about Sniffer andeach external test that I have configured within Declude, would thosecount as well? Unfortunately, we are not aware of a way to determine if a process wasstarted by a service or not. Currently, Declude looks fordeclude.exe, smtp32.exe, scan.exe, F-Prot.exe processes (and anyprocesses listed in the rarely used DAISYCHAIN option).Note that SMTPD32.exe -- the IMail process/service that starts Declude-- is just a single process, so it will only count once.Message Sniffer and other external tests won't count, since Decludedoesn't specifically look for it (but it does indeed count as aservice-started process, and could cause the memory limit to bereached). However, there would only be a maximum of one of them perE-mail (since Declude runs the external tests in serial, not inparallel). I also re-read the following post by Sandy:http://www.mail-archive.com/imail_forum@list.ipswitch.com/msg94576.htmlIt seems to indicate that there is no thread limit, but somethingelse instead; a limit of 64 objects per thread. That's not related here. The overflow issue deals with processes, notthreads. Processes are what are listed in the Process tab in theTask Manager (such as one SMTPD32.exe process, 0 to 30 or soDeclude.exe processes, etc.). Each process can have from 1 to an(almost) infinite number of threads. I'm not sure how that might apply here. So if I am seeing overflowwith processing power to spare, I should be able to increase thethreads in IMail to a higher number than 60 in order to betterutilize my server's capacity. With memory utilization below 50%, itdoesn't seem like there is much risk in doing this, would that becorrect? Anything referring to thread or threads in IMail settings is notrelevant to this (IMail v8 introduced one or more thread options).Declude JunkMail looks at the MaxQueProc IMail registry setting (whichmay also be an advanced setting in IMail Administrator, with a namesuch as maximum number of processes). Any other settings are not used. -Scott---Declude JunkMail: The advanced anti
[Declude.JunkMail] Overflow
I think I saw mention of this, but I could not find it. Declude Queue is put all files that start with Q into the overflow in a overflow condition, including webmail temp files, forwarded messages, mail1 messages and so forth. Can this be fixed promptly? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow
I think I saw mention of this, but I could not find it. Declude Queue is put all files that start with Q into the overflow in a overflow condition, including webmail temp files, forwarded messages, mail1 messages and so forth. Can this be fixed promptly? The only way for it to be fixed is to fix the underlying problem that is causing the overflow situation. It may be that an abnormally large volume of E-mail is being processed for some reason, or a problem such as a virus scanner that is not working properly (never ending on its own) or a DNS server that is not responding. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow
I think I saw mention of this, but I could not find it. Declude Queue is put all files that start with Q into the overflow in a overflow condition, including webmail temp files, forwarded messages, mail1 messages and so forth. Can this be fixed promptly? The only way for it to be fixed is to fix the underlying problem that is causing the overflow situation. It may be that an abnormally large volume of E-mail is being processed for some reason, or a problem such as a virus scanner that is not working properly (never ending on its own) or a DNS server that is not responding. The overflow is a temporary problem cause by for some reason the SMTP service stopped processing at 6:00 PM yesterday even thought is was running, and I found out about it at 10:00 this morning, restarted and the flood gates opened up. Until the backflow of inbound and lists are processed, the overflow will continue. So, the reason for the SMTP service not processing will be investigated once the overflow is cleared, but in the mean time why are webmail temp files and list messages and postmaster message also being placed there? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow
So, the reason for the SMTP service not processing will be investigated once the overflow is cleared, but in the mean time why are webmail temp files and list messages and postmaster message also being placed there? That's because those are E-mails that need to be scanned and delivered, just like E-mails that arrive via SMTP. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow
.LST message do not need to be scanned. I thought web mail attachments were not scanned. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, October 25, 2004 11:53 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Overflow So, the reason for the SMTP service not processing will be investigated once the overflow is cleared, but in the mean time why are webmail temp files and list messages and postmaster message also being placed there? That's because those are E-mails that need to be scanned and delivered, just like E-mails that arrive via SMTP. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow
.LST message do not need to be scanned. Declude will not scan mailing list messages the second time (in the .LST files). But, they still need to be delivered by IMail. So having them bypass Declude Queue would just slow down delivery of other E-mails that are in the overflow queue. I thought web mail attachments were not scanned. With IMail v8 and later, they are. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow
OK, thanks. I guess I am a little on edge today now. Is it Friday yet? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, October 25, 2004 12:10 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Overflow .LST message do not need to be scanned. Declude will not scan mailing list messages the second time (in the .LST files). But, they still need to be delivered by IMail. So having them bypass Declude Queue would just slow down delivery of other E-mails that are in the overflow queue. I thought web mail attachments were not scanned. With IMail v8 and later, they are. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow
The overflow is a temporary problem cause by for some reason the SMTP service stopped processing at 6:00 PM yesterday even thought is was running, and I found out about it at 10:00 this morning, restarted and the flood gates opened up. Until the backflow of inbound and lists are processed, the overflow will continue. Not that this solves your problem, but what you described is precisely why we wrote QueueMon. Every once in a while either the SMTP services stop delivering or maybe one of our DNS servers has an issue that backs up the queue. With QueueMon it keeps an eye on the queue/overflow directory and will page or run a script of your choice when your queue/overflow size/growth percentage reaches a certain level. This has saved our butt several times preventing massive queue backups... Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow
At the time of the problem, the spool was empty as was the overflow because Imail SMTP was not processing/receiving/sending anything. The overflow occurred once the service was restarted and all the backup incoming started to poor in. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Monday, October 25, 2004 9:07 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Overflow The overflow is a temporary problem cause by for some reason the SMTP service stopped processing at 6:00 PM yesterday even thought is was running, and I found out about it at 10:00 this morning, restarted and the flood gates opened up. Until the backflow of inbound and lists are processed, the overflow will continue. Not that this solves your problem, but what you described is precisely why we wrote QueueMon. Every once in a while either the SMTP services stop delivering or maybe one of our DNS servers has an issue that backs up the queue. With QueueMon it keeps an eye on the queue/overflow directory and will page or run a script of your choice when your queue/overflow size/growth percentage reaches a certain level. This has saved our butt several times preventing massive queue backups... Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow
I seriously don't think they would bother with the code needed to detect the difference between accepting everything in the dictionary and bouncing some or all addresses. A spammer using dictionary attacks may not be harvesting addresses, they may just be spamming a dictionary of addresses. The best way to handle them is to have some sort of detection routine to temporarily block them with temp errors so that legit mailers will retry. Imail is not capable of doing this, so either process a buch of postmaster bounces or trashcan them. Big drawback to using nobody to trashcan, if someone typoed an important email, they would never know. Thank you, Chuck Frolick ArgoLink.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble Sent: Monday, December 22, 2003 9:47 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Overflow Nick, I think I might have been asking the question the other way around, though I'm not positive it was taken the wrong way. The theory here is that domains which accept every E-mail address in the HELO won't be dictionary attacked past a few attempts because the attacker's software will quickly determine that the attack isn't exposing any addresses due to a catch all situation. So maybe adding the nobody alias back in, and redirecting that E-mail to an account that deletes each E-mail automatically will resolve the issue of dictionary attacks? I see this stuff in my logs on occasion, but it never happens for a prolonged period of time. I'm thinking this is because 90% of my domains had nobody aliases. Unless someone only wants to DOS my server, dictionary attacking a domain with a nobody alias is a waste of their processing power just like it is a waste of mine. Matt Nick Hayer wrote: Hi Matt, Is anyone getting dictionary attacked for long periods of time on a domain with a nobody alias or something that is gatewayed? Thanks, Yes. I get hammered everyday..; I got rid of the nobody alias, filter the log files for the ip's that connected - and add them to my Imail Access control list. Currently that list contains nearly 10,000 ip's... -Nick Hayer Matt Fritz Squib wrote: Hey guys, this sounds like same problem that I have been experiencing, however it has been a bunch of spam with c.c. 's to non-existant mail addresses on my server (dictionary attack style) ..My DNS is working fine. I spent the weekend returning mail from the old spool to a new spool that I had to create. I had around 67,000 of these buggers to deal with...no fun. All of the mail seems to be originating from dsl and cable modems with forged return addresses. My server is swamped again today - started again about 2-3 hours ago. Fritz Frederick P. Squib, Jr. Network Operations/Mail Administrator Citizens Telephone Company of Kecksburg http://www.wpa.net () ascii ribbon campaign - against html mail /\- against microsoft attachments --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow
These attacks can go on for hours and hours and hours. If you've seen this stuff in your logs, you would see strings like [EMAIL PROTECTED] 26^8 for instance equals ~210,000,000,000 addresses. If they've got a database of names, that could probably be brought down to around 100,000 attempts. The dictionary attacks don't send E-mail of any value, they are just used for harvesting addresses. So if the spammer only gets positive responses to every address, their harvesting time has been completely wasted. The only time when they dictionary attack a server that accepts everything would be when their software is not performing properly, or they are actually trying to DOS a server. So until IMail delivers functionality that can detect a dictionary attack, it seems crucial that we leave the nobody aliases on for every local domain. Personally, I find the drawbacks of having a nobody alias pointed at me to be more harm than good, which is why I would like to auto-delete these messages. You raise an important point though about not having the messages bounced back. I'll have to look into possibly having an auto response set up in addition to the delete action, which would probably require two accounts with a single alias directed at it, or maybe forwarding would work with an autoresponder??? Matt Charles Frolick wrote: I seriously don't think they would bother with the code needed to detect the difference between accepting everything in the dictionary and bouncing some or all addresses. A spammer using dictionary attacks may not be harvesting addresses, they may just be spamming a dictionary of addresses. The best way to handle them is to have some sort of detection routine to temporarily block them with temp errors so that legit mailers will retry. Imail is not capable of doing this, so either process a buch of postmaster bounces or trashcan them. Big drawback to using nobody to trashcan, if someone typoed an important email, they would never know. Thank you, Chuck Frolick ArgoLink.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble Sent: Monday, December 22, 2003 9:47 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Overflow Nick, I think I might have been asking the question the other way around, though I'm not positive it was taken the wrong way. The theory here is that domains which accept every E-mail address in the HELO won't be dictionary attacked past a few attempts because the attacker's software will quickly determine that the attack isn't exposing any addresses due to a catch all situation. So maybe adding the nobody alias back in, and redirecting that E-mail to an account that deletes each E-mail automatically will resolve the issue of dictionary attacks? I see this stuff in my logs on occasion, but it never happens for a prolonged period of time. I'm thinking this is because 90% of my domains had nobody aliases. Unless someone only wants to DOS my server, dictionary attacking a domain with a nobody alias is a waste of their processing power just like it is a waste of mine. Matt Nick Hayer wrote: Hi Matt, Is anyone getting dictionary attacked for long periods of time on a domain with a nobody alias or something that is gatewayed? Thanks, Yes. I get hammered everyday..; I got rid of the nobody alias, filter the log files for the ip's that connected - and add them to my Imail Access control list. Currently that list contains nearly 10,000 ip's... -Nick Hayer Matt Fritz Squib wrote: Hey guys, this sounds like same problem that I have been experiencing, however it has been a bunch of spam with c.c. 's to non-existant mail addresses on my server (dictionary attack style) ..My DNS is working fine. I spent the weekend returning mail from the old spool to a new spool that I had to create. I had around 67,000 of these buggers to deal with...no fun. All of the mail seems to be originating from dsl and cable modems with forged return addresses. My server is swamped again today - started again about 2-3 hours ago. Fritz Frederick P. Squib, Jr. Network Operations/Mail Administrator Citizens Telephone Company of Kecksburg http://www.wpa.net () ascii ribbon campaign - against html mail /\- against microsoft attachments --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow
- Original Message - From: Matthew Bramble [EMAIL PROTECTED] These attacks can go on for hours and hours and hours. If you've seen this stuff in your logs, you would see strings like [EMAIL PROTECTED] 26^8 for instance equals ~210,000,000,000 addresses. If they've got a database of names, that could probably be brought down to around 100,000 attempts. Why not write a script that parses the end of the IMail log looking for these attacks and adding the offending IP address to the IMail kill file. The only drawback to this is that I believe the IMail SMTP server needs to be restarted anytime IP addresses are added to the kill file (however, I could be wrong about this). In any case, this would allow you to immediated kill a connection to the IMail server from a dictionary attack leaving these resources available for legitimate mail. The dictionary attacks don't send E-mail of any value, they are just used for harvesting addresses. So if the spammer only gets positive responses to every address, their harvesting time has been completely wasted. The only time when they dictionary attack a server that accepts everything would be when their software is not performing properly, or they are actually trying to DOS a server. There time is also wasted if they cannot add any address because every attempt to connect to your server is blocked. Allowing them to build a database means that you may be setting yourself up for future spam runs to these bogus addresses. So until IMail delivers functionality that can detect a dictionary attack, it seems crucial that we leave the nobody aliases on for every local domain. Personally, I find the drawbacks of having a nobody alias pointed at me to be more harm than good, which is why I would like to auto-delete these messages. You raise an important point though about not having the messages bounced back. I'll have to look into possibly having an auto response set up in addition to the delete action, which would probably require two accounts with a single alias directed at it, or maybe forwarding would work with an autoresponder??? Ouch, that's as bad as sending bounces back to spammers, it does nothing but clog up you delivery queue or spam innocent people whose e-mail addresses were used by joe-jobbers. Killing the connection immediately saves on bandwidth and processing time on your server. You might possibly consider setting up a dedicated mail gateway that can very effectively handle these types of attacks, thus leaving IMail to do what it does best, deliver mail to valid recipients. A Linux/Postfix solution works very well in this regard. Anyway, just my 2 cents... Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow
If any one is experiencing the overflow folder filling up and it is not attributable to server load, please contact me. The first thing to do is determine whether the issue is with Declude JunkMail, Declude Virus, or both. If you are running both programs, you should temporarily disable one. If it fixes the problem, that is the one at fault. If not, try disabling the other to see if that fixes the problem. If so, that one is at fault. For Declude Virus, the main problem would be if the AV program never ends (in which case Declude Virus will automatically stop it after about a minute). In this case, reinstalling the virus scanner and using the default settings from the manual should fix the problem. For Declude JunkMail, the main problem would be a DNS server failure, which can cause the Declude processes to stay in memory a long time waiting for timeouts. Another possibility would be an external test that does not end, which could cause the same problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow
At 10:34 AM 12/22/2003, John Tolmachoff \(Lists\) wrote: If any one is experiencing the overflow folder filling up and it is not attributable to server load, please contact me. I am having this problem and am narrowing it down. John, Do you run Sniffer? If so, are you running the wide beta release? If so, make sure you're using the latest version. We saw this with all versions except the latest which I believe is 2-2b6. Which has been running as smooth as silk!! -Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow
I get that same problem at different times of the day. Like now. I have lots of power and my dns server is working perfectly. I monitor the system using Remote Task Manager. The Declude process looks like it take 10 - 60 seconds per email. It is almost like it is in a wait state looking for something. I loaded DNS on the mail server to eliminate it as the problem. Fred - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 22, 2003 10:34 AM Subject: [Declude.JunkMail] Overflow If any one is experiencing the overflow folder filling up and it is not attributable to server load, please contact me. I am having this problem and am narrowing it down. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow
To clarify, this is not a Declude problem. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Monday, December 22, 2003 7:34 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Overflow If any one is experiencing the overflow folder filling up and it is not attributable to server load, please contact me. I am having this problem and am narrowing it down. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow
Sniffer is not involved. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Russ Uhte (Lists) Sent: Monday, December 22, 2003 7:52 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Overflow At 10:34 AM 12/22/2003, John Tolmachoff \(Lists\) wrote: If any one is experiencing the overflow folder filling up and it is not attributable to server load, please contact me. I am having this problem and am narrowing it down. John, Do you run Sniffer? If so, are you running the wide beta release? If so, make sure you're using the latest version. We saw this with all versions except the latest which I believe is 2-2b6. Which has been running as smooth as silk!! -Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow
I loaded DNS on the mail server to eliminate it as the problem. But is it still reoccurring? If so, have you tried clearing the cache and it starts working again? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow
The Declude process looks like it take 10 - 60 seconds per email. It is almost like it is in a wait state looking for something. There is about a 99% chance this *is* a DNS issue. If you are positive that your DNS server is working well (answering cached queries very quickly, with no noticeable delay), the next thing to do is make sure that you are not running dead DNS-based spam tests (such as MONKEYS*, OS*, EASYNET*). Depending on how well those tests died, they may timeout, causing the behavior you are experiencing. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow
I am 100% sure it is not DNS. I have Sniffer and Spamchk as external test but I have commented them out and still a problem. The problem goes way after a while then comes back. These are my external DNS test. BLITZEDALL ip4r opm.blitzed.org * 3 0 CBL ip4r cbl.abuseat.org 127.0.0.2 10 0 EASYNET-DNSBL ip4r sbl.spamhaus.org 127.0.0.2 16 0 IPWHOIS ip4r ipwhois.rfc-ignorant.org * 5 0 SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 10 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 10 0 SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 7 0 SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 7 0 SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 7 0 FIVETEN-SPAMSUP ip4r blackholes.five-ten-sg.com 127.0.0.7 5 0 FIVETEN-MISC ip4r blackholes.five-ten-sg.com 127.0.0.9 10 0 FIVETEN-FREE ip4r blackholes.five-ten-sg.com 127.0.0.12 10 0 SECURITYSAGE rhsbl blackhole.securitysage.com * 2 0 MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2100 MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2100 ORDB ip4r relays.ordb.org * 5 0 SPAMCOP ip4r bl.spamcop.net 127.0.0.2 17 0 SBBL ip4r sbbl.they.com * 3 0 NJABL ip4r dnsbl.njabl.org 127.0.0.2 8 0 DSBL ip4r list.dsbl.org * 6 0 DSN rhsbl dsn.rfc-ignorant.org 127.0.0.2 3 0 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 22, 2003 11:00 AM Subject: Re: [Declude.JunkMail] Overflow The Declude process looks like it take 10 - 60 seconds per email. It is almost like it is in a wait state looking for something. There is about a 99% chance this *is* a DNS issue. If you are positive that your DNS server is working well (answering cached queries very quickly, with no noticeable delay), the next thing to do is make sure that you are not running dead DNS-based spam tests (such as MONKEYS*, OS*, EASYNET*). Depending on how well those tests died, they may timeout, causing the behavior you are experiencing. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow
Fredrick, please answer my question. You said you are using the MS DNS service on the server to help with the problem. Does it still reoccur, and if so, have you tried clearing the MS DNS service cache and does that allow mail to flow until it reoccurs? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Frederick Samarelli Sent: Monday, December 22, 2003 8:36 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Overflow I am 100% sure it is not DNS. I have Sniffer and Spamchk as external test but I have commented them out and still a problem. The problem goes way after a while then comes back. These are my external DNS test. BLITZEDALL ip4r opm.blitzed.org * 3 0 CBL ip4r cbl.abuseat.org 127.0.0.2 10 0 EASYNET-DNSBL ip4r sbl.spamhaus.org 127.0.0.2 16 0 IPWHOIS ip4r ipwhois.rfc-ignorant.org * 5 0 SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 10 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 10 0 SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 7 0 SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 7 0 SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 7 0 FIVETEN-SPAMSUP ip4r blackholes.five-ten-sg.com 127.0.0.7 5 0 FIVETEN-MISC ip4r blackholes.five-ten-sg.com 127.0.0.9 10 0 FIVETEN-FREE ip4r blackholes.five-ten-sg.com 127.0.0.12 10 0 SECURITYSAGE rhsbl blackhole.securitysage.com * 2 0 MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2100 MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2100 ORDB ip4r relays.ordb.org * 5 0 SPAMCOP ip4r bl.spamcop.net 127.0.0.2 17 0 SBBL ip4r sbbl.they.com * 3 0 NJABL ip4r dnsbl.njabl.org 127.0.0.2 8 0 DSBL ip4r list.dsbl.org * 6 0 DSN rhsbl dsn.rfc-ignorant.org 127.0.0.2 3 0 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 22, 2003 11:00 AM Subject: Re: [Declude.JunkMail] Overflow The Declude process looks like it take 10 - 60 seconds per email. It is almost like it is in a wait state looking for something. There is about a 99% chance this *is* a DNS issue. If you are positive that your DNS server is working well (answering cached queries very quickly, with no noticeable delay), the next thing to do is make sure that you are not running dead DNS-based spam tests (such as MONKEYS*, OS*, EASYNET*). Depending on how well those tests died, they may timeout, causing the behavior you are experiencing. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow
John, I have not tried to clear the MS DNS Cache. But the problem goes away after a while. It is fine at the moment but it will come back soon. Fred - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 22, 2003 11:43 AM Subject: RE: [Declude.JunkMail] Overflow Fredrick, please answer my question. You said you are using the MS DNS service on the server to help with the problem. Does it still reoccur, and if so, have you tried clearing the MS DNS service cache and does that allow mail to flow until it reoccurs? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Frederick Samarelli Sent: Monday, December 22, 2003 8:36 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Overflow I am 100% sure it is not DNS. I have Sniffer and Spamchk as external test but I have commented them out and still a problem. The problem goes way after a while then comes back. These are my external DNS test. BLITZEDALL ip4r opm.blitzed.org * 3 0 CBL ip4r cbl.abuseat.org 127.0.0.2 10 0 EASYNET-DNSBL ip4r sbl.spamhaus.org 127.0.0.2 16 0 IPWHOIS ip4r ipwhois.rfc-ignorant.org * 5 0 SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 10 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 10 0 SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 7 0 SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 7 0 SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 7 0 FIVETEN-SPAMSUP ip4r blackholes.five-ten-sg.com 127.0.0.7 5 0 FIVETEN-MISC ip4r blackholes.five-ten-sg.com 127.0.0.9 10 0 FIVETEN-FREE ip4r blackholes.five-ten-sg.com 127.0.0.12 10 0 SECURITYSAGE rhsbl blackhole.securitysage.com * 2 0 MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2100 MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2100 ORDB ip4r relays.ordb.org * 5 0 SPAMCOP ip4r bl.spamcop.net 127.0.0.2 17 0 SBBL ip4r sbbl.they.com * 3 0 NJABL ip4r dnsbl.njabl.org 127.0.0.2 8 0 DSBL ip4r list.dsbl.org * 6 0 DSN rhsbl dsn.rfc-ignorant.org 127.0.0.2 3 0 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 22, 2003 11:00 AM Subject: Re: [Declude.JunkMail] Overflow The Declude process looks like it take 10 - 60 seconds per email. It is almost like it is in a wait state looking for something. There is about a 99% chance this *is* a DNS issue. If you are positive that your DNS server is working well (answering cached queries very quickly, with no noticeable delay), the next thing to do is make sure that you are not running dead DNS-based spam tests (such as MONKEYS*, OS*, EASYNET*). Depending on how well those tests died, they may timeout, causing the behavior you are experiencing. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow
When it starts to happen again, immediately clear the MS DNS Cache and watch the overflow directory to see if it starts to clear. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Frederick Samarelli Sent: Monday, December 22, 2003 9:03 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Overflow John, I have not tried to clear the MS DNS Cache. But the problem goes away after a while. It is fine at the moment but it will come back soon. Fred - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 22, 2003 11:43 AM Subject: RE: [Declude.JunkMail] Overflow Fredrick, please answer my question. You said you are using the MS DNS service on the server to help with the problem. Does it still reoccur, and if so, have you tried clearing the MS DNS service cache and does that allow mail to flow until it reoccurs? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Frederick Samarelli Sent: Monday, December 22, 2003 8:36 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Overflow I am 100% sure it is not DNS. I have Sniffer and Spamchk as external test but I have commented them out and still a problem. The problem goes way after a while then comes back. These are my external DNS test. BLITZEDALL ip4r opm.blitzed.org * 3 0 CBL ip4r cbl.abuseat.org 127.0.0.2 10 0 EASYNET-DNSBL ip4r sbl.spamhaus.org 127.0.0.2 16 0 IPWHOIS ip4r ipwhois.rfc-ignorant.org * 5 0 SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 10 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 10 0 SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 7 0 SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 7 0 SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 7 0 FIVETEN-SPAMSUP ip4r blackholes.five-ten-sg.com 127.0.0.7 5 0 FIVETEN-MISC ip4r blackholes.five-ten-sg.com 127.0.0.9 10 0 FIVETEN-FREE ip4r blackholes.five-ten-sg.com 127.0.0.12 10 0 SECURITYSAGE rhsbl blackhole.securitysage.com * 2 0 MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.210 0 MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2100 ORDB ip4r relays.ordb.org * 5 0 SPAMCOP ip4r bl.spamcop.net 127.0.0.2 17 0 SBBL ip4r sbbl.they.com * 3 0 NJABL ip4r dnsbl.njabl.org 127.0.0.2 8 0 DSBL ip4r list.dsbl.org * 6 0 DSN rhsbl dsn.rfc-ignorant.org 127.0.0.2 3 0 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 22, 2003 11:00 AM Subject: Re: [Declude.JunkMail] Overflow The Declude process looks like it take 10 - 60 seconds per email. It is almost like it is in a wait state looking for something. There is about a 99% chance this *is* a DNS issue. If you are positive that your DNS server is working well (answering cached queries very quickly, with no noticeable delay), the next thing to do is make sure that you are not running dead DNS-based spam tests (such as MONKEYS*, OS*, EASYNET*). Depending on how well those tests died, they may timeout, causing the behavior you are experiencing. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
Re: [Declude.JunkMail] Overflow
I have not tried to clear the MS DNS Cache. But the problem goes away after a while. It is fine at the moment but it will come back soon. When it comes back, I would recommend checking the DNS server. First, check to see the IP of the DNS server Declude JunkMail will be using (the first one listed in the IMail SMTP settings). Then, go to a command prompt, and type: nslookup server 192.0.2.53 [replacing that IP with the IP of the DNS server that Declude JunkMail will be using] 2.0.0.127.bl.spamcop.net 2.0.0.127.bl.spamcop.net 2.0.0.127.bl.spamcop.net 2.0.0.127.bl.spamcop.net What you are looking for is to see how quickly [1] you get the initial response (which could be delayed due to a problem with the DNS servers at spamcop.net), and [2] once you get the first response, how quickly cached responses come back. Once you get the first response back, subsequent (cached) responses should come back very quickly (you should not be able to detect any delay). If you can detect a delay, there is a problem with the DNS server or your connection to it. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow
Fred, it means you are experiencing the exact same problem I am. I am investigating. For now, I have a script to stop and start the MS DNS service every half hour to clear the cache. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Frederick Samarelli Sent: Monday, December 22, 2003 10:38 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Overflow OK. It just happened again. I cleared the Cache and the backup cleared. What does the mean. Fred - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 22, 2003 12:23 PM Subject: Re: [Declude.JunkMail] Overflow I have not tried to clear the MS DNS Cache. But the problem goes away after a while. It is fine at the moment but it will come back soon. When it comes back, I would recommend checking the DNS server. First, check to see the IP of the DNS server Declude JunkMail will be using (the first one listed in the IMail SMTP settings). Then, go to a command prompt, and type: nslookup server 192.0.2.53 [replacing that IP with the IP of the DNS server that Declude JunkMail will be using] 2.0.0.127.bl.spamcop.net 2.0.0.127.bl.spamcop.net 2.0.0.127.bl.spamcop.net 2.0.0.127.bl.spamcop.net What you are looking for is to see how quickly [1] you get the initial response (which could be delayed due to a problem with the DNS servers at spamcop.net), and [2] once you get the first response, how quickly cached responses come back. Once you get the first response back, subsequent (cached) responses should come back very quickly (you should not be able to detect any delay). If you can detect a delay, there is a problem with the DNS server or your connection to it. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow
It just happened again. I cleared the Cache and the backup cleared. What does the mean. That means that your DNS server is dying. It sounds like this may be a common problem with Microsoft DNS, where it starts choking if it has too much in its cache. Switching to the latest version of BIND may be the best option. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow
It just happened again. I cleared the Cache and the backup cleared. What does the mean. That means that your DNS server is dying. It sounds like this may be a common problem with Microsoft DNS, where it starts choking if it has too much in its cache. Switching to the latest version of BIND may be the best option. Scott, I am not sure on that, as when I first was experiencing this problem, the DNS servers used were BIND and not MS DNS. However, that is going to be test against those servers as well. I am looking into reports of malicious DNS loops during the past week or so on another list. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow
Not sure what you are suggesting. Latest version of Bind? Is there a newer version of MS DNS or are you suggesting a different product. Fred - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 22, 2003 2:02 PM Subject: Re: [Declude.JunkMail] Overflow It just happened again. I cleared the Cache and the backup cleared. What does the mean. That means that your DNS server is dying. It sounds like this may be a common problem with Microsoft DNS, where it starts choking if it has too much in its cache. Switching to the latest version of BIND may be the best option. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow
Is this all being found on Windows 2003? I'm a couple of months away from adding a new server and this would definitely resolve any questions that I might have about Windows 2003 being an option. I know why John needs to play with the latest and greatest, but I have no such inclination or need. Matt R. Scott Perry wrote: It just happened again. I cleared the Cache and the backup cleared. What does the mean. That means that your DNS server is dying. It sounds like this may be a common problem with Microsoft DNS, where it starts choking if it has too much in its cache. Switching to the latest version of BIND may be the best option. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow
No, this is on W2K. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Matthew Bramble Sent: Monday, December 22, 2003 11:20 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Overflow Is this all being found on Windows 2003? I'm a couple of months away from adding a new server and this would definitely resolve any questions that I might have about Windows 2003 being an option. I know why John needs to play with the latest and greatest, but I have no such inclination or need. Matt R. Scott Perry wrote: It just happened again. I cleared the Cache and the backup cleared. What does the mean. That means that your DNS server is dying. It sounds like this may be a common problem with Microsoft DNS, where it starts choking if it has too much in its cache. Switching to the latest version of BIND may be the best option. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow
That means that your DNS server is dying. It sounds like this may be a common problem with Microsoft DNS, where it starts choking if it has too much in its cache. Switching to the latest version of BIND may be the best option. Not sure what you are suggesting. Latest version of Bind? Correct. Is there a newer version of MS DNS or are you suggesting a different product. I don't know -- I've never actually used MS DNS. But it sounds like there is a serious problem with MS DNS that a number of our customers have been seeing lately, where it slows down tremendously, that requires either a clearing of the cache or reboot to fix. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow
Hey guys, this sounds like same problem that I have been experiencing, however it has been a bunch of spam with c.c. 's to non-existant mail addresses on my server (dictionary attack style) ..My DNS is working fine. I spent the weekend returning mail from the old spool to a new spool that I had to create. I had around 67,000 of these buggers to deal with...no fun. All of the mail seems to be originating from dsl and cable modems with forged return addresses. My server is swamped again today - started again about 2-3 hours ago. Fritz Frederick P. Squib, Jr. Network Operations/Mail Administrator Citizens Telephone Company of Kecksburg http://www.wpa.net () ascii ribbon campaign - against html mail /\- against microsoft attachments --- [This E-mail scanned by Citizens Internet Services with Declude Virus.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow
I just loaded a copy of Metaip DNS software. http://www.metainfo.com/ Removed the MS DNS. Will keep you informed. - Original Message - From: Charles Frolick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 22, 2003 3:19 PM Subject: RE: [Declude.JunkMail] Overflow You might try another DNS server software. I use SimpleDNS Plus (http://www.jhsoft.com/), and run all my customer domains (350), 250K+ messages per day with Declude and Imail using it, and 2000 dial customers, with no issues. I have never heard MS DNS to be stable under high load conditions. It used to do strange things with more than 20 domains under very low load back in NT4, and I heard it had a memory leak under 2k with an earlier service pack. Thanks, Chuck Frolick ArgoLink.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, December 22, 2003 1:30 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Overflow That means that your DNS server is dying. It sounds like this may be a common problem with Microsoft DNS, where it starts choking if it has too much in its cache. Switching to the latest version of BIND may be the best option. Not sure what you are suggesting. Latest version of Bind? Correct. Is there a newer version of MS DNS or are you suggesting a different product. I don't know -- I've never actually used MS DNS. But it sounds like there is a serious problem with MS DNS that a number of our customers have been seeing lately, where it slows down tremendously, that requires either a clearing of the cache or reboot to fix. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow
I've been rethinking my strategy for dealing with dictionary attacks on my server. While the nobody alias has proved to be problematic, so does not having a nobody alias due to the possibility of being dictionary attacked. I'm thinking of setting up all the nobody aliases to redirect E-mail to an account which deletes the message with an IMail rule. This way, a dictionary attack will find that all the E-mail gets accepted and hopefully stops attacking, while at the same time I'm not sending this E-mail to someone's real account. Is anyone getting dictionary attacked for long periods of time on a domain with a nobody alias or something that is gatewayed? Thanks, Matt Fritz Squib wrote: Hey guys, this sounds like same problem that I have been experiencing, however it has been a bunch of spam with c.c. 's to non-existant mail addresses on my server (dictionary attack style) ..My DNS is working fine. I spent the weekend returning mail from the old spool to a new spool that I had to create. I had around 67,000 of these buggers to deal with...no fun. All of the mail seems to be originating from dsl and cable modems with forged return addresses. My server is swamped again today - started again about 2-3 hours ago. Fritz Frederick P. Squib, Jr. Network Operations/Mail Administrator Citizens Telephone Company of Kecksburg http://www.wpa.net () ascii ribbon campaign - against html mail /\- against microsoft attachments --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow
Hi Matt, Is anyone getting dictionary attacked for long periods of time on a domain with a nobody alias or something that is gatewayed? Thanks, Yes. I get hammered everyday..; I got rid of the nobody alias, filter the log files for the ip's that connected - and add them to my Imail Access control list. Currently that list contains nearly 10,000 ip's... -Nick Hayer Matt Fritz Squib wrote: Hey guys, this sounds like same problem that I have been experiencing, however it has been a bunch of spam with c.c. 's to non-existant mail addresses on my server (dictionary attack style) ..My DNS is working fine. I spent the weekend returning mail from the old spool to a new spool that I had to create. I had around 67,000 of these buggers to deal with...no fun. All of the mail seems to be originating from dsl and cable modems with forged return addresses. My server is swamped again today - started again about 2-3 hours ago. Fritz Frederick P. Squib, Jr. Network Operations/Mail Administrator Citizens Telephone Company of Kecksburg http://www.wpa.net () ascii ribbon campaign - against html mail /\- against microsoft attachments --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow
Responding to a couple of posts. Hey guys, this sounds like same problem that I have been experiencing, however it has been a bunch of spam with c.c. 's to non-existant mail addresses on my server (dictionary attack style) ..My DNS is working fine. The specific problem I am reviewing and working on has to do with DNS based tests that Declude does on messages for JunkMail. The above would not be included in this, as Declude is not concerned with mail box lookup or delivery. You might try another DNS server software. I use SimpleDNS Plus (http://www.jhsoft.com/), and run all my customer domains (350), 250K+ messages per day with Declude and Imail using it, and 2000 dial customers, with no issues. This is a cache only setup, no domains. Cost is a concern at this time, unless I can prove that would be the answer. However, as I said earlier, the problem was first experienced using BIND DNS servers. I need to follow up on this. I have never heard MS DNS to be stable under high load conditions. It used to do strange things with more than 20 domains under very low load back in NT4, and I heard it had a memory leak under 2k with an earlier service pack. Again, this is cache only. I did hear about some issues, but those were in relation to AD and were fixed in SP3. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow
Nick, I think I might have been asking the question the other way around, though I'm not positive it was taken the wrong way. The theory here is that domains which accept every E-mail address in the HELO won't be dictionary attacked past a few attempts because the attacker's software will quickly determine that the attack isn't exposing any addresses due to a catch all situation. So maybe adding the nobody alias back in, and redirecting that E-mail to an account that deletes each E-mail automatically will resolve the issue of dictionary attacks? I see this stuff in my logs on occasion, but it never happens for a prolonged period of time. I'm thinking this is because 90% of my domains had nobody aliases. Unless someone only wants to DOS my server, dictionary attacking a domain with a nobody alias is a waste of their processing power just like it is a waste of mine. Matt Nick Hayer wrote: Hi Matt, Is anyone getting dictionary attacked for long periods of time on a domain with a nobody alias or something that is gatewayed? Thanks, Yes. I get hammered everyday..; I got rid of the nobody alias, filter the log files for the ip's that connected - and add them to my Imail Access control list. Currently that list contains nearly 10,000 ip's... -Nick Hayer Matt Fritz Squib wrote: Hey guys, this sounds like same problem that I have been experiencing, however it has been a bunch of spam with c.c. 's to non-existant mail addresses on my server (dictionary attack style) ..My DNS is working fine. I spent the weekend returning mail from the old spool to a new spool that I had to create. I had around 67,000 of these buggers to deal with...no fun. All of the mail seems to be originating from dsl and cable modems with forged return addresses. My server is swamped again today - started again about 2-3 hours ago. Fritz Frederick P. Squib, Jr. Network Operations/Mail Administrator Citizens Telephone Company of Kecksburg http://www.wpa.net () ascii ribbon campaign - against html mail /\- against microsoft attachments --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow
John Tolmachoff (Lists) wrote: This is a cache only setup, no domains. Cost is a concern at this time, unless I can prove that would be the answer. However, as I said earlier, the problem was first experienced using BIND DNS servers. I need to follow up on this. Keith had a problem after a Microsoft hotfix a few months back. There are tweaks in the registry which can be done to expand the number of possible connections that a server can make (internal or external). Someone posted a link from another mail server with instructions on tweaking the settings for high volumes. Maybe Keith also came up with something as a result of his issues. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow Directory
I had a similar problem last week. In that case, it turned out to be a
problem with the Sniffer add-on program for declude Junkmail. It was
related to their new wide-release-beta (v2-2b). They have had flurry of
beta releases addressing the problem. The latest is v2-2b6. I have
been running it for several days with no problems.
Here is a message from the Sniffer e-mail list when this problem was
happening:
Sniffer Pete,
Sniffer
Sniffer It happened again today about 15-20 minutes ago, where the
spool folder and
Sniffer overflow folder were growing very quickly. I moved the old
version back
Sniffer into production, and mail started flowing properly again. Is
there
Sniffer anything else I can do to further troubleshoot this issue?
-Russ Uhte
Sniffer
Sniffer ---
Sniffer [This E-mail scanned for viruses by Declude Virus]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Fritz Squib
Sent: Wednesday, December 17, 2003 7:35 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Overflow Directory
Scott,
I've got a little problem here, all of a sudden (as of this morning)
the declude overflow directory is flooded with mail waiting to be
delivered.
1:47 AM - 2:04 AM not moving at all so I copied them from overflow
spool to another directory.
Big gap until 3:11 PM - mail is coming in faster than can be delivered.
No evidence of a dictionary attack that I've seen so far.
Currently 30,927 in the overflow directory and growing.
I'll take the standard user cop out and say I didn't change anything
('cause I didn't).
All of my DNS servers are responding correctly, I've switched between
all three that I have available with no noticeable improvement.
Imail 7.15 w/all hotfixes
Win2K Advanced Server
Declude Virus / F-Prot
Declude JM Pro 1.77 beta
Processor(s) running normal.
Any ideas ?
Any responses off list to fsquib at kecksburg dot net please (different
mail server), as it may take a while with the backlog of mail in the
spool/queue.
Fritz
Frederick P. Squib, Jr.
Network Operations/Mail Administrator
Citizens Telephone Company of Kecksburg
http://www.wpa.net
() ascii ribbon campaign - against html mail
/\- against microsoft attachments
---
[This E-mail scanned by Citizens Internet Services with Declude Virus.]
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail. The archives can be found at
http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
[Declude.JunkMail] Overflow Directory
Scott,
I've got a little problem here, all of a sudden (as of this morning) the
declude overflow directory is flooded with mail waiting to be delivered.
1:47 AM - 2:04 AM not moving at all so I copied them from overflow spool
to another directory.
Big gap until 3:11 PM - mail is coming in faster than can be delivered.
No evidence of a dictionary attack that I've seen so far.
Currently 30,927 in the overflow directory and growing.
I'll take the standard user cop out and say I didn't change anything
('cause I didn't).
All of my DNS servers are responding correctly, I've switched between all
three that I have available with no noticeable improvement.
Imail 7.15 w/all hotfixes
Win2K Advanced Server
Declude Virus / F-Prot
Declude JM Pro 1.77 beta
Processor(s) running normal.
Any ideas ?
Any responses off list to fsquib at kecksburg dot net please (different mail
server), as it may take a while with the backlog of mail in the spool/queue.
Fritz
Frederick P. Squib, Jr.
Network Operations/Mail Administrator
Citizens Telephone Company of Kecksburg
http://www.wpa.net
() ascii ribbon campaign - against html mail
/\- against microsoft attachments
---
[This E-mail scanned by Citizens Internet Services with Declude Virus.]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow Directory
BTW, this is not on a mail server some where around Florida, is it?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Fritz Squib
Sent: Wednesday, December 17, 2003 5:35 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Overflow Directory
Scott,
I've got a little problem here, all of a sudden (as of this morning) the
declude overflow directory is flooded with mail waiting to be delivered.
1:47 AM - 2:04 AM not moving at all so I copied them from overflow spool
to another directory.
Big gap until 3:11 PM - mail is coming in faster than can be delivered.
No evidence of a dictionary attack that I've seen so far.
Currently 30,927 in the overflow directory and growing.
I'll take the standard user cop out and say I didn't change anything
('cause I didn't).
All of my DNS servers are responding correctly, I've switched between all
three that I have available with no noticeable improvement.
Imail 7.15 w/all hotfixes
Win2K Advanced Server
Declude Virus / F-Prot
Declude JM Pro 1.77 beta
Processor(s) running normal.
Any ideas ?
Any responses off list to fsquib at kecksburg dot net please (different
mail
server), as it may take a while with the backlog of mail in the
spool/queue.
Fritz
Frederick P. Squib, Jr.
Network Operations/Mail Administrator
Citizens Telephone Company of Kecksburg
http://www.wpa.net
() ascii ribbon campaign - against html mail
/\- against microsoft attachments
---
[This E-mail scanned by Citizens Internet Services with Declude Virus.]
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow Directory
Oh geez Fritz, Scott is going to pull his hair out on this one, as he and I
just spent the day figuring out the same type of problem on a server I am
working on.
Quadripple check the DNS servers. Change to a known good other one. That
what it turned out to be in my case. Some times they returned queries fine,
other times they timed out.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Fritz Squib
Sent: Wednesday, December 17, 2003 5:35 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Overflow Directory
Scott,
I've got a little problem here, all of a sudden (as of this morning) the
declude overflow directory is flooded with mail waiting to be delivered.
1:47 AM - 2:04 AM not moving at all so I copied them from overflow spool
to another directory.
Big gap until 3:11 PM - mail is coming in faster than can be delivered.
No evidence of a dictionary attack that I've seen so far.
Currently 30,927 in the overflow directory and growing.
I'll take the standard user cop out and say I didn't change anything
('cause I didn't).
All of my DNS servers are responding correctly, I've switched between all
three that I have available with no noticeable improvement.
Imail 7.15 w/all hotfixes
Win2K Advanced Server
Declude Virus / F-Prot
Declude JM Pro 1.77 beta
Processor(s) running normal.
Any ideas ?
Any responses off list to fsquib at kecksburg dot net please (different
mail
server), as it may take a while with the backlog of mail in the
spool/queue.
Fritz
Frederick P. Squib, Jr.
Network Operations/Mail Administrator
Citizens Telephone Company of Kecksburg
http://www.wpa.net
() ascii ribbon campaign - against html mail
/\- against microsoft attachments
---
[This E-mail scanned by Citizens Internet Services with Declude Virus.]
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow Directory
I've got a little problem here, all of a sudden (as of this morning) the declude overflow directory is flooded with mail waiting to be delivered. This will happen if E-mail isn't being scanned/delivered as fast as it is coming in. In most cases, it is a DNS issue. Currently 30,927 in the overflow directory and growing. Is that your normal mail volume? If not, you should check the content of the files to see what is happening (such as a mail loop or a user sending out spam). All of my DNS servers are responding correctly, I've switched between all three that I have available with no noticeable improvement. Have you double-checked the first DNS server listed in the IMail SMTP settings? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow Directory
Hi John,
Ok, you got me...why ask about Florida?
Darin.
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, December 17, 2003 9:08 PM
Subject: RE: [Declude.JunkMail] Overflow Directory
BTW, this is not on a mail server some where around Florida, is it?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Fritz Squib
Sent: Wednesday, December 17, 2003 5:35 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Overflow Directory
Scott,
I've got a little problem here, all of a sudden (as of this morning) the
declude overflow directory is flooded with mail waiting to be delivered.
1:47 AM - 2:04 AM not moving at all so I copied them from overflow spool
to another directory.
Big gap until 3:11 PM - mail is coming in faster than can be delivered.
No evidence of a dictionary attack that I've seen so far.
Currently 30,927 in the overflow directory and growing.
I'll take the standard user cop out and say I didn't change anything
('cause I didn't).
All of my DNS servers are responding correctly, I've switched between all
three that I have available with no noticeable improvement.
Imail 7.15 w/all hotfixes
Win2K Advanced Server
Declude Virus / F-Prot
Declude JM Pro 1.77 beta
Processor(s) running normal.
Any ideas ?
Any responses off list to fsquib at kecksburg dot net please (different
mail
server), as it may take a while with the backlog of mail in the
spool/queue.
Fritz
Frederick P. Squib, Jr.
Network Operations/Mail Administrator
Citizens Telephone Company of Kecksburg
http://www.wpa.net
() ascii ribbon campaign - against html mail
/\- against microsoft attachments
---
[This E-mail scanned by Citizens Internet Services with Declude Virus.]
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
_
[This E-mail virus scanned by 4C Web]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow Directory
John, Nope, I'm in snowy western Pennsylvania. Sprint ATT backbone(s). My DNS servers seem to be resolving everything OK, no warnings in the DJM log file, same DNS server for Imail DNS and my ip4r tests. The network guys and a consultant have been working on getting BGP up between the two links and it's been acting kind of funky...I'll blame it on them since I'm not responsible for that anymore. Fritz Frederick P. Squib, Jr. Network Operations/Mail Administrator Citizens Telephone Company of Kecksburg http://www.wpa.net () ascii ribbon campaign - against html mail /\- against microsoft attachments -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, December 17, 2003 9:08 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Overflow Directory BTW, this is not on a mail server some where around Florida, is it? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail scanned by Citizens Internet Services with Declude Virus.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow Directory
Hi, I had a similar problem a while back. There is a known and internally documented bug that goes back several versions in IMail. Under some circumstances, IMail loses the ability to resolve ANY dns entries if you follow their suggestion and enter more than one IP address in the DNS box separated by spaces. They say it is rare and they have been unable to duplicate it in the lab so they haven't fixed it. I told them I thought they should fix it anyway, especially since the tech admitted to knowing just what I was talking about after making the usual suggestions to change the NIC card. (ergo: maybe not so rare) Anyway, the solution that worked for me was to set up a DNS server just for IMail, and have it provide the reference to several outside name servers. Someone here argued for doing that on the mail server itself, which is probably a good idea, but I set up a dedicated server just for that purpose. Sounds extravagant, I know, but I haven't had a problem since with DNS or the queue. -Dave Doherty Skywaves, Inc. - Original Message - From: Fritz Squib [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 17, 2003 10:59 PM Subject: RE: [Declude.JunkMail] Overflow Directory John, Nope, I'm in snowy western Pennsylvania. Sprint ATT backbone(s). My DNS servers seem to be resolving everything OK, no warnings in the DJM log file, same DNS server for Imail DNS and my ip4r tests. The network guys and a consultant have been working on getting BGP up between the two links and it's been acting kind of funky...I'll blame it on them since I'm not responsible for that anymore. Fritz Frederick P. Squib, Jr. Network Operations/Mail Administrator Citizens Telephone Company of Kecksburg http://www.wpa.net () ascii ribbon campaign - against html mail /\- against microsoft attachments -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, December 17, 2003 9:08 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Overflow Directory BTW, this is not on a mail server some where around Florida, is it? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail scanned by Citizens Internet Services with Declude Virus.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow Directory
Dave, that is exactly how I over came the problem I had, set up MS DNS on the same server as Imail in cache only mode and only for Imail and Declude. BTW, that is also a suggestion to avoid DNS server problems, as Declude will only use the first server listed in Imail anyways. This way, by having the DNS service on the Imail server with multiple forwarders, you will never have a DNS problem. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Wednesday, December 17, 2003 10:12 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Overflow Directory Hi, I had a similar problem a while back. There is a known and internally documented bug that goes back several versions in IMail. Under some circumstances, IMail loses the ability to resolve ANY dns entries if you follow their suggestion and enter more than one IP address in the DNS box separated by spaces. They say it is rare and they have been unable to duplicate it in the lab so they haven't fixed it. I told them I thought they should fix it anyway, especially since the tech admitted to knowing just what I was talking about after making the usual suggestions to change the NIC card. (ergo: maybe not so rare) Anyway, the solution that worked for me was to set up a DNS server just for IMail, and have it provide the reference to several outside name servers. Someone here argued for doing that on the mail server itself, which is probably a good idea, but I set up a dedicated server just for that purpose. Sounds extravagant, I know, but I haven't had a problem since with DNS or the queue. -Dave Doherty Skywaves, Inc. - Original Message - From: Fritz Squib [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 17, 2003 10:59 PM Subject: RE: [Declude.JunkMail] Overflow Directory John, Nope, I'm in snowy western Pennsylvania. Sprint ATT backbone(s). My DNS servers seem to be resolving everything OK, no warnings in the DJM log file, same DNS server for Imail DNS and my ip4r tests. The network guys and a consultant have been working on getting BGP up between the two links and it's been acting kind of funky...I'll blame it on them since I'm not responsible for that anymore. Fritz Frederick P. Squib, Jr. Network Operations/Mail Administrator Citizens Telephone Company of Kecksburg http://www.wpa.net () ascii ribbon campaign - against html mail /\- against microsoft attachments -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, December 17, 2003 9:08 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Overflow Directory BTW, this is not on a mail server some where around Florida, is it? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail scanned by Citizens Internet Services with Declude Virus.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Overflow directory
Hi Scott, Can I manually move spooled D and Q-files in the overflow folder? When they will be respooled? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow directory
Can I manually move spooled D and Q-files in the overflow folder? When they will be respooled? You can, but it is not recommended. If there are any files in the overflow directory (there should only be Q*.* files in there), it means that your mailserver is overloaded (not that it *was* overloaded, but that it currently *is* overloaded and is sending mail at its maximum capacity). If there are files in there, Declude Queue is taking care of feeding them to IMail at a rate that it can handle (so that it will send them as soon as it can, overriding the default IMail behavior of sending it 1/2 hour or more later). Although you can move the files back to the spool directory (no harm will be done by doing that), it prevents Declude Queue from speeding up the message delivery, and will revert back to the IMail method (which can take often take hours to deliver E-mails that could otherwise go out in a few minutes). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow directory
No there is no file in the overflow directory. The problem is not that there are to much msgs for the server. The problem is that there are 600 clients returning from holidays and everone begins to donwload his email. In addition they begin to send relative large mails (here the picture where I'm ... made with his new 5 megapixel camera) Not enough there is a hoax mail arround and thousands of Attention New virus!!! msgs where send. (I've set a keyword in our SpamChk to block this now.) The problem is now that also other mailservers in our zone here seem to have the same problem and the delivery to this servers is very slow. So we have a very large spool folder with many timed out delivery attempts and I will try to move some large msgs in a temporary folder until tonight. Another problem is, that spooled files that are in delivery (_[id].smd) can't be deleted or moved manualy. Where can I read more about the overflow functionality? Can it be useful to not only move to much msgs in the overflow folder but also if there is to much data in the spool folder? Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Tuesday, January 07, 2003 4:08 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Overflow directory Can I manually move spooled D and Q-files in the overflow folder? When they will be respooled? You can, but it is not recommended. If there are any files in the overflow directory (there should only be Q*.* files in there), it means that your mailserver is overloaded (not that it *was* overloaded, but that it currently *is* overloaded and is sending mail at its maximum capacity). If there are files in there, Declude Queue is taking care of feeding them to IMail at a rate that it can handle (so that it will send them as soon as it can, overriding the default IMail behavior of sending it 1/2 hour or more later). Although you can move the files back to the spool directory (no harm will be done by doing that), it prevents Declude Queue from speeding up the message delivery, and will revert back to the IMail method (which can take often take hours to deliver E-mails that could otherwise go out in a few minutes). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow directory
So we have a very large spool folder with many timed out delivery attempts and I will try to move some large msgs in a temporary folder until tonight. Ah, I see. The overflow directory won't help here -- if you move the \IMail\spool\Q*.SMD files to the \IMail\spool\overflow directory, Declude Queue would try sending them immediately. If the E-mails can't be sent because of problems reaching the remote mailservers, Declude Queue won't be able to speed up the process. Another problem is, that spooled files that are in delivery (_[id].smd) can't be deleted or moved manualy. That's intentional. If you could delete one of those files, it would prevent the E-mail from being delivered. If you could move it, then IMail wouldn't be able to properly process the file. What would be nice, though, is if IMail had a way of listing all the SMTP processes in memory and what they were working on, and allowed you to stop them. Where can I read more about the overflow functionality? Can it be useful to not only move to much msgs in the overflow folder but also if there is to much data in the spool folder? The overflow directory is designed to work automatically, so you shouldn't need to move files there. You can find out more information about it at http://www.declude.com/dq.htm . In this case, you could move some of the Q*.SMD files to a temporary directory, and perhaps wait 8 hours or so and then move them back to the spool directory. Or, you could try changing the SMTP settings in IMail to retry E-mail every few hours, rather than the default of every 30 minutes. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Overflow directory
So there are a lot of msgs where the remote mailserver after some mb's of transfered data terminates the trasmission. Any mail server that terminates the session instead of sending a 5xx is broken, as it's just inviting more waste on both sides. If the server terminates the session and blacklists you temporarily or permanently for future attempts, that's politically draconian, but at least it's technically wiser about bandwidth. I had a lengthy argument about this with Len Conrad on the IMail list; you may wish to look it up. As you mention, setting an outgoing size limit may help. But it will not help if you set a (generous, but not crazy) 10 MB limit and users send to domains with even lower limits. And these domains are the ones most likely to muck with your retries. It is, essentially, a no-win situation unless you counsel users to be sure that the destination domain willaccepttheirattachments--fareasierin corporate-to-corporate situations than in person-to-person. -Sandy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow directory
Any mail server that terminates the session instead of sending a 5xx is broken, as it's just inviting more waste on both sides. Why they don't answer with an 5xx code? There was one single 531 - Mailbox has exceeded disk quota today but a lot of 01:07 10:00 SMTP-(07BC) . 01:07 10:00 SMTP-(07BC) rl-recv: connection reset 01:07 10:00 SMTP-(07BC) 01:07 10:00 SMTP-(07BC) SMTP_DELIV_FAILED 01:07 10:00 SMTP-(07BC) QUIT If the server terminates the session and blacklists you temporarily or permanently for future attempts, that's politically draconian, but at least it's technically wiser about bandwidth. According to our MRTG-Stats and SMTP-Logfiles they neither has done this. I had a lengthy argument about this with Len Conrad on the IMail list; you may wish to look it up. Do you remember some keyword or the subject line? In this list Imail-keywords are commonly used ;-) In any case a tool as mentoined from Scott to watch and control single smtp transmissions should be very usefull in such a situation. It is, essentially, a no-win situation unless you counsel users to be sure that the destination domain willaccepttheirattachments It's not so easy: Most of the users aren't able to differentiate between kB and MB... Thanks Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Overflow directory
Why they don't answer with an 5xx code? There was one single 531 - Mailbox has exceeded disk quota today... Because they're stupid. They don't want to wait, so they just keep it comin' 1/2 hour later. If the server terminates the session and blacklists you temporarily or permanently for future attempts... According to our MRTG-Stats and SMTP-Logfiles they neither has done this. Even more enraging--they don't even know how to be smart about being strict. Do you remember some keyword or the subject line? In this list Imail-keywords are commonly used ;-) The thread is called Hotmail rejection from Dec 2002. It's not so easy: Most of the users aren't able to differentiate between kB and MB... Word to that. -Sandy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow directory
What would be nice, though, is if IMail had a way of listing all the SMTP processes in memory and what they were working on, and allowed you to stop them. Can we place another wish list, even if christmas just passed? ;-) In this case, you could move some of the Q*.SMD files to a temporary directory, and perhaps wait 8 hours or so and then move them back to the spool directory. Ok, done. The situation now ist turned back normal. Our users heven't set (until now) any outgoing msgs size limit. So there are a lot of msgs where the remote mailserver after some mb's of transfered data terminates the trasmission. The retransmission of this msgs uses a lot of bandwith so also other large mails for recipients able to recieve them cannot be delivered because the remote mailserver terminates the transmission after 1-2 hours of very slow transmission. I've now 2 questions. I think it's better to place them in the imail list... Thanks Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
