FWIW, I had a similar problem a while back with iMail. A user put a forward on their mailbox so all mail was sent to an external mailbox. The idiot then put a forward on the foreign mailbox and forwarded it back to the user's iMail box. It caused a nasty email loop and spawned a zillion SMTPD32 processes and ran CPU high on both processors.
Mark > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Anderson > Sent: Monday, May 06, 2002 6:35 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] High CPU Usage > > > Scott, > > Most of that 60% is smtp traffic. The only other process I > see that takes any cpu other than declude and smtp is pop, > but that is usually 10% with smtp being 50% (total of 60%). > Again, these are just rough magnitudes. What I generally see > is that declude and SMTP typically are close to each other. > > Does changing the junkmail file to ignore reduce any of the > overhead? Here is my config file. Thanks. > > LOGFILE spool\dec####.log > LOGLEVEL ERROR > HOP 0 > #HOPHIGH 1 > > # > # Below are some advanced options > # > > CONSOLE OFF > XINHEADER X-Note: This E-mail was scanned by Declude JunkMail > (www.declude.com) for spam. > XINHEADER X-Spam-Tests-Failed: %TESTSFAILED% > XOUTHEADER X-Note: This E-mail was scanned by Declude JunkMail > (www.declude.com) for spam. > IPBYPASS 199.108.228.58 > IPBYPASS 199.108.228.52 > #IPBYPASS 127.0.0.1 > #XSENDER OFF > #XSPOOLNAME OFF > #XINHEADER X-Note: This E-mail was sent from %REVDNS% > ([%REMOTEIP%]). > #XOUTHEADER Organization: Your Name Here > LOG_OK NONE > > > # > # Definitions of the tests to use (do not edit unless you > know what you are doing). # These must come before the > actions. # # First is the name of the check, then the type of > check (ip4r is a DNS lookup using # the reverse of the IP > address). # # For type ip4r, 'matchstring' is the string to > look for, or "*" for anything. # > > ORDB ip4r relays.ordb.org * > 5 0 > OSDUL ip4r relays.osirusoft.com > 127.0.0.3 5 0 > OSFORM ip4r relays.osirusoft.com > 127.0.0.8 5 0 > OSLIST ip4r relays.osirusoft.com > 127.0.0.7 5 0 > OSRELAY ip4r relays.osirusoft.com > 127.0.0.2 5 0 > OSSMART ip4r relays.osirusoft.com > 127.0.0.5 5 0 > OSSOFT ip4r relays.osirusoft.com > 127.0.0.6 5 0 > OSSRC ip4r relays.osirusoft.com > 127.0.0.4 5 0 > SPAMCOP ip4r bl.spamcop.net > 127.0.0.2 9 0 > > DSN rhsbl dsn.rfc-ignorant.org > 127.0.0.2 4 0 > NOABUSE rhsbl abuse.rfc-ignorant.org > 127.0.0.4 4 0 > NOPOSTMASTER rhsbl postmaster.rfc-ignorant.org > 127.0.0.3 4 0 > > BADHEADERS badheaders x x 8 0 > MAILFROM envfrom x x 12 0 > PERCENT percent x x 10 0 > REVDNS revdnsexists x x 5 0 > ROUTING spamrouting x x 4 0 > SPAMHEADERS spamheaders x x 3 0 > > #SNIFFER external nonzero > "C:\IMail\Declude\Sniffer\sniffer.exe > authentication" > > WEIGHT10 weight x x 10 0 > WEIGHT20 weight x x 20 0 > > > # > # The following tests are commented out by default because > they require a subscription, # or are not commonly used. # > > > #BADWHOIS rhsbl whois.rfc-ignorant.org > 127.0.0.5 3 0 > #BLARS ip4r block.blars.org > * 5 0 > #CATCHALLMAILS catchallmails x x 0 0 > #COMPU ip4r blackhole.compu.net > 127.0.0.4 5 0 > #DEVNULL ip4r dev.null.dk > 127.0.0.2 5 0 > #DORKS ip4r orbs.dorkslayers.com > 127.0.0.2 5 0 > #DORKZTL ip4r ztl.dorkslayers.com > 127.0.0.2 5 0 > #DSBL ip4r list.dsbl.org * > 6 0 > #DSBLALL ip4r unconfirmed.dsbl.org * > 4 0 > #DUL ip4r dialups.mail-abuse.org > 127.0.0.3 5 0 > #FIVETENDUL ip4r blackholes.five-ten-sg.com > 127.0.0.3 5 0 > #FIVETENOPTIN ip4r blackholes.five-ten-sg.com > 127.0.0.4 5 0 > #FIVETENOTHER ip4r blackholes.five-ten-sg.com > 127.0.0.5 5 0 > #FIVETENSRC ip4r blackholes.five-ten-sg.com > 127.0.0.2 5 0 > #FLOWGO ip4r flowgoaway.com > 127.0.0.2 5 0 > #GUARDBLOCK ip4r spamguard.leadmon.net > 127.0.0.7 3 0 > #GUARDBULK ip4r spamguard.leadmon.net > 127.0.0.4 3 0 > #GUARDDUL ip4r spamguard.leadmon.net > 127.0.0.2 3 0 > #GUARDMULTI ip4r spamguard.leadmon.net > 127.0.0.6 3 0 > #GUARDSINGLE ip4r spamguard.leadmon.net > 127.0.0.5 3 0 > #GUARDSRC ip4r spamguard.leadmon.net > 127.0.0.3 3 0 > #HEUR heuristics x x 0 0 > #INTERSIL ip4r blackholes.intersil.net > 127.0.0.2 5 0 > #IPWHOIS ip4r ipwhois.rfc-ignorant.org > 127.0.0.6 3 0 > #NJABL ip4r dnsbl.njabl.org > 127.0.0.2 5 0 > #NJABLDUL ip4r dnsbl.njabl.org > 127.0.0.3 5 0 > #POSTFIXGATE ip4r bl.redhatgate.com > 127.0.0.1 0 0 > #RBL ip4r blackholes.mail-abuse.org > 127.0.0.2 5 0 > #RSS ip4r relays.mail-abuse.org > 127.0.0.2 5 0 > #SELWERD ip4r xbl.selwerd.cx > 127.0.0.2 5 0 > #SPAMBAG ip4r blacklist.spambag.org > 127.0.0.2 5 0 > #SPAMTR ip4r rbl.spam.org.tr > 127.0.0.2 5 0 > #SUMMIT ip4r blackholes.2mbit.com > 127.0.0.2 5 0 > #V6NET ip4r spammers.v6net.org > 127.0.0.2 5 0 > #VISI ip4r relays.visi.com > 127.0.0.2 5 0 > #WIREHUB-DNSBL ip4r blackholes.wirehub.net > 127.0.0.2 5 0 > #WIREHUB-DYNA ip4r dynablock.wirehub.net > 127.0.0.2 5 0 > #ZTA ip4r zta.birdsong.org * > 5 0 > > #RBL ip4r rbl-plus.mail-abuse.org 127.1.0.1 > #DUL ip4r rbl-plus.mail-abuse.org 127.1.0.2 > #RBLANDDUL ip4r rbl-plus.mail-abuse.org 127.1.0.3 > #RSS ip4r rbl-plus.mail-abuse.org 127.1.0.4 > #RBLANDRSS ip4r rbl-plus.mail-abuse.org 127.1.0.5 > #DULANDRSS ip4r rbl-plus.mail-abuse.org 127.1.0.6 > #MAPSALL ip4r rbl-plus.mail-abuse.org 127.1.0.7 > > > # > # The actions listed below only apply to outgoing E-mail, and > only if you # have the "Pro" version. Note that the DUL and > OSDUL tests should NOT # be used to block outgoing mail! # > > ORDB WARN > OSDUL WARN > OSFORM WARN > OSLIST WARN > OSRELAY WARN > OSSMART WARN > OSSOFT WARN > OSSRC WARN > SPAMCOP WARN > > DSN WARN > NOABUSE WARN > NOPOSTMASTER WARN > > BADHEADERS WARN > MAILFROM WARN > PERCENT HOLD > REVDNS WARN > ROUTING WARN > SPAMHEADERS WARN > > #SNIFFER WARN > > WEIGHT10 WARN > WEIGHT20 WARN > > > #BADWHOIS WARN > #BLARS WARN > #CATCHALLMAILS WARN > #COMPU WARN > #DEVNULL WARN > #DORKS WARN > #DORKZTL WARN > #DSBL WARN > #DSBLALL WARN > #DUL WARN > #FIVETENDUL WARN > #FIVETENOPTIN WARN > #FIVETENOTHER WARN > #FIVETENSRC WARN > #FLOWGO WARN > #GUARDBLOCK WARN > #GUARDBULK WARN > #GUARDDUL WARN > #GUARDMULTI WARN > #GUARDSINGLE WARN > #GUARDSRC WARN > #HEUR WARN > #INTERSIL WARN > #IPWHOIS WARN > #NJABL WARN > #NJABLDUL WARN > #POSTFIXGATE WARN > #RBL WARN > #RSS WARN > #SELWERD WARN > #SPAMBAG WARN > #SPAMTR WARN > #SUMMIT WARN > #V6NET WARN > #VISI WARN > #WIREHUB-DNSBL WARN > #WIREHUB-DYNA WARN > #ZTA WARN > > #RBL WARN > #DUL WARN > #RBL+DUL WARN > #RSS WARN > #RBL+RSS WARN > #DUL+RSS WARN > #MAPSALL WARN > > > ======================= > Bill Anderson > Sterling Communications > (503)885-8908 x225 > [EMAIL PROTECTED] > > ==================== > Sterling Support > (503)885-8908 x223 > [EMAIL PROTECTED] > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry > Sent: Monday, May 06, 2002 10:19 AM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] High CPU Usage > > > > >I have checked, and I do not have DEBUG turned on. It is > probably that > high > >for about 3-5 seconds goes away for a second then comes > right back for > >another 3-5 seconds. I will also see a couple of declude processes > >running at +30% each. I have a lot of mail traffic, but > before declude > >I was running about 60% utilization. Now I am peaking at 80-100%. > > If you were already running at 60% CPU utilization, you were > already pushing the server pretty close to its limits. If > that 60% utilization was primarily IMail SMTP traffic, adding > Declude could push the CPU usage that much higher. > > Aside from Declude, what other processes show high CPU usage > in the Task Manager? > -Scott > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > > This E-mail came from the > Declude.JunkMail mailing list. To unsubscribe, just send an > E-mail to [EMAIL PROTECTED], and type "unsubscribe > Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for > assistance. You can visit our web site at http://www.declude.com . > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > > This E-mail came from the > Declude.JunkMail mailing list. To unsubscribe, just send an > E-mail to [EMAIL PROTECTED], and type "unsubscribe > Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for > assistance. You can visit our web site at http://www.declude.com . > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
