I turned it back on and the number of files in the spool started growing at a very fast pace.
I'm running declude v1.53 if that helps. We do get lots of dictionary attacks, but they don't actually get in as files do they? don't the emails to bogus users get rejected before they are written to a file? The part about dead tests sounds interesting. Below is a list of the tests that I am running... Thanks, Jim #ORBZIN ip4r inputs.orbz.org 127.0.0.2 5 0 #ORBZOUT ip4r outputs.orbz.org 127.0.0.2 5 0 ORDB ip4r relays.ordb.org * 14 0 OSDUL ip4r relays.osirusoft.com 127.0.0.3 15 0 OSFORM ip4r relays.osirusoft.com 127.0.0.8 15 0 OSLIST ip4r relays.osirusoft.com 127.0.0.7 15 0 OSRELAY ip4r relays.osirusoft.com 127.0.0.2 14 0 OSSMART ip4r relays.osirusoft.com 127.0.0.5 15 0 OSSOFT ip4r relays.osirusoft.com 127.0.0.6 15 0 OSSRC ip4r relays.osirusoft.com 127.0.0.4 15 0 SPAMCOP ip4r bl.spamcop.net 127.0.0.2 25 0 DSN rhsbl dsn.rfc-ignorant.org 127.0.0.2 15 0 NOABUSE rhsbl abuse.rfc-ignorant.org 127.0.0.4 15 0 NOPOSTMASTER rhsbl postmaster.rfc-ignorant.org 127.0.0.3 15 0 ADULT adult x x 30 0 BADHEADERS badheaders x x 10 0 MAILFROM envfrom x x 15 0 PERCENT percent x x 15 0 REVDNS revdnsexists x x 15 0 ROUTING spamrouting x x 15 0 SPAMHEADERS spamheaders x x 15 0 SNIFFER external nonzero "e:\imail\declude\Sniffer\sniffer.exe 00000000" 29 0 WEIGHT weight x x 30 0 ----- Original Message ----- From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 18, 2002 12:59 PM Subject: Re: [Declude.JunkMail] declude queue / imail spool problems? > > >Here's what I did to fix it: > > > >1) I turned off declude junkmail (by renaming the global.cfg file) > >2) Moved all the files from the overflow directory to the spool directory > > > >They all cleared out and things are back to normal. > > > >Now (an hour after i turned junkmail off) I am going to turn junkmail back > >on and see what happens. > > Note that you also did something else here -- by turning off Declude > JunkMail, you sped up delivery of *new* E-mails, especially if you are > using an old spam test that times out (causing the E-mail to be in memory > for 10+ extra seconds). That may be a factor. > > > >From what I could tell, most of the extra email was spam. > > It sounds like you may be dealing with a massive distributed spam attack, > where a spammer compromises thousands of computers, and sends spam via a > dictionary-like attack (sending to thousands and thousands of made-up > addresses, hoping a few will receive the E-mail). If you have a "nobody" > alias, this can shut down your server. > > >Our mail server is a Dell 2450 with 2 866processors and 512mb ram. it has a > >caching raid controller and some very fast drives. How high do you think I > >could get away with setting that max processes value? > > It's impossible to say -- only trial and error will tell for sure. The > problem is that Microsoft doesn't document the pertinent information about > the problem. The problem is that if you go too high, Microsoft will run > out of a special type of memory and choke, causing all new processes to > fail upon loading. With the best information we can get from Microsoft, it > shouldn't be possible for this to happen with recent versions of Declude > (although it definitely will happen without Declude). > > A value of 30 is the default, so if it is lower, you should be able to > raise it to 30 with no problem. > > >In the imail admin for 7.11 there is an advanced tab under the smtp service. > >One of the values that can be set there is max processes. Is this the same > >thing? > > Ah, yes -- I forgot about that (a nice new feature). That is the same thing. > -Scott > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". You can E-mail > [EMAIL PROTECTED] for assistance. You can visit our web > site at http://www.declude.com . > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
