For dictionary attacks you'll see a lot of 1k T* and D* matching files in your spool directory. If you view the T* files they'll have a lot of made up email addresses in one of your domains. The D* files will most likely have nothing more than the first line or two of the header.
Bottom line...look at the files in your spool and it will be obvious. Darin. ----- Original Message ----- From: "Richard Farris" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 08, 2004 9:22 PM Subject: Re: [Declude.JunkMail] 100% CPU I see from previous messages it is a good idea to use SKIPIFWEIGHT Where do I put this and what is a good number to put in there.. I hold at 9 and delete at 18... How can you tell if you are under a dictionary attack...thru the routers? Richard Farris Ethixs Online 1.270.247.5555 Office 1.800.548.3877 Tech Support "Crossroads to a Cleaner Internet" ----- Original Message ----- From: "Darin Cox" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 08, 2004 8:03 PM Subject: Re: [Declude.JunkMail] 100% CPU > What processes are using the most CPU? > What's are the message counts in your IMail spool? > Are you perhaps experiencing dictionary attacks? > > Darin. > > > ----- Original Message ----- > From: "Richard Farris" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, September 08, 2004 8:44 PM > Subject: [Declude.JunkMail] 100% CPU > > > Over the last 24 hrs it seems my server has been working overtime processing > messages...I was at constant 100%...I tried downloading the latest interim > 1.79i16 and that didn't help...I turned off and reloaded Sortomonster files > and that didnt help....I took out all my IMAIL rules (rules.ima) which had a > lot of Body rules (about 40) and that helped tremendously....so I guess I > will leave them out..however it does seem to still be pegging 100% quite a > bit.. > > I guess my question is why all of a sudden without changing anything did my > NT server peg out...I had not updated my rules.ima in a while...and how can > I see what is taking so much resources...The task manager moves so fast I > cant see what is what...I do see a lot of Declude running but I think that > is normal? > > Any hints to where I could look to get back more resources would be > appreciated.. > > Richard Farris > Ethixs Online > 1.270.247.5555 Office > 1.800.548.3877 Tech Support > "Crossroads to a Cleaner Internet" > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
