In diagnosing why some messages are slipping through, I manually analyzed the headers using spamcop and noticed that spamcop reported a blacklist that wasn't getting scored by declude.
I'm assuming the problem is a DNS timeout when declude is trying to perform the lookup test.
Either that, or a dropped packet. It's also possible that the IP was added after Declude JunkMail performed the lookup, but before you looked it up manually.
I'm changing the DNS servers used by declude but wondering:
1. Is there a way to confirm which DNS server declude is using? I know it either inherits the imail server or used the "DNS..." config line, but is there a status that shows what it actually is using?
With the latest beta, typing "\IMail\Declude -diag" from a command prompt will display the DNS server that is being used.
2. What is the algorithm? does declude use primary DNS and then secondary DNS also? When a DNS lookup fails, does it retry the same server, switch to the secondary DNS server, or simply move on to the next test?
Given the IMail architecture, Declude JunkMail always uses the first DNS server listed in the IMail SMTP settings (unless you override this with a DNS line in the \IMail\Declude\global.cfg file). Note that it is recommended (with or without Declude) that you only use 1 DNS server in the IMail SMTP settings.
3. How does DNS caching affect declude? Should we install a "caching-only DNS server and configure it as declude's primary lookup server? Will caching actually cause problems with stale data or help performance?
The DNS caching is automatic -- you don't need to worry about it, the DNS server will automatically cache the DNS entries, no matter how you have it set up (unless you either have a very odd DNS server, or tweak it in a way that it shouldn't be tweaked).
The reason that you don't need to worry about it is that the spam databases decide how long the entries should be cached.
4. Any general advice on monitoring DNS lookups? Obviously, if DNS is failing it will make declude work poorly.
DNS is nice, as it rarely ever fails. As a comparison, we have a custom programmed web server (not using IIS) that hangs at about every 100,000 hits. We have a custom programmed DNS server that has handled many millions of hits without hanging even once.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
