We haven't, but then we've been using
forwarders with no recursion. Others on the list might be able to comment
on their experiences.
You could potentially use forwarders, but allow
recursion... meaning DNS will use the forwarder first, and then try directly if
it fails. We opted to remove the forwarders completely since the
forwarder failures were what was causing our processing
delays.
Darin. ----- Original Message -----
From: Will
Sent: Monday, August 01, 2005 10:31 AM
Subject: RE: [Declude.JunkMail] Declude Woes Fixed Thanks Darin, this is very helpful and informative.
Have you had an issue with MS DNS where it had a hard time resolving with root servers? I have seen this and when I add a forwarded to our upstream provider is works fine but I would rather depend on root hits. My root servers are up to date with internic.
Will
-----Original
Message-----
Hi Will,
We finally found our problems over the weekend. They were two-fold. I'll document them here in the hopes someone else with this problem will benefit.
1. IMail and Declude are using local MS DNS. However, we had set up Forwarders in MS DNS, and those forwarded DNS servers were not resolving most of the DNS-based tests (thanks to our upstream providers :( ). So, Declude had to wait for all of the DNS-based tests to time out, which meant total processing time on a single email was about 90 seconds.
2. We had three DNS-based tests that were timing out: RRBL, SBBL, and SOLID. SOLID is dead and the other two report server failure, which may be temporary. To find out if you are using any dead or failing DNS tests, switch to LOGLEVEL DEBUG for a couple of minutes or so, and trace a message through to see if any tests are not responding.
After removing the DNS forwarders and the failed or dead DNS tests, processing time was down to 8 seconds. I doubt we'll see the overload issue again unless we don't pay attention to dead or unavailable DNS tests, or we have a real load issue.
----- Original Message ----- From: Will Sent: Monday, August 01, 2005 9:04 AM Subject: RE: [Declude.JunkMail] Declude Woes
Just an update
Last week I had disabled Declude and cleaned out my spool directory. For the next day I had not experienced any issues. My spooled messages are staying well under 500 and mail is flowing exactly how I want it to (without Declude). Now, we can get away with not having Declude Junkmail for a bit, but I really needed virus scanning, so I re-enabled Declude Antivirus. After I verified everything was running smoothly I downloaded F-prot and removed Mcafee before the weekend and things have also been running very smooth. Just a note, I had run Declude Antivirus for years without any issues and I only seem to run into these overflow problems when I introduce Declude Junkmail.
Since the major issues I had last week I have made three changes I have modified the queue manager to process 100 messages at a time. I have disabled Declude Junkmail. I have now moved from Mcafee to F-Prot. The only one of these changes that has ensured that mail does not go into overflow and backup is the disabling of Declude Junkmail. Im not so sure its a DNS issue because the Imail spam filters run perfectly fine, which I am now using in place of Declude. They do not do as good a job identifying spam, but they are better than nothing.
Things to think about:
I was interested in the statement that the mail server can be setup to not bounce messages if they are detected as SPAM. This still confuses me, because the BOUNCEONLYIFYOUMUST statement in the $default$.junkmail file appears to actually bounce the messages. As it is, all my filters are set to WARN and I dont understand why changing them to BOUNCEONLYIFYOUMUST will help.
I do not believe I have bulk mailers on my system, but I will not discount it. Does anyone have a good suggestion for determining this? After looking through my logs and running Imail log analyzer none of my own IPs stand out for message counts and the invalid user entries I find are from outside sources outside of my network. These connections are always denied and mail does not get processed onto our server. I will think about Declude HiJack.
I still want to use Declude Junkmail, so I will test some of the suggestions put into place such as whitelisting my IP range and disabling outbout virus scanning, but other than these two suggestions, I dont see any major changes here that will affect me.
Will
Friday: SpamContent 13400 SpamPhrase 19107 SpamFeatures 1283 SpamUrlDomain 35018 LocalDeliver 92331 RemoteDeliver 10526
Saturday: SpamContent 10089 SpamPhrase 20739 SpamFeatures 1090 SpamUrlDomain 27194 LocalDeliver 83297 RemoteDeliver 9008
Sunday: SpamContent 10425 SpamPhrase 18741 SpamFeatures 793 SpamUrlDomain 25756 LocalDeliver 81033 RemoteDeliver 10142
-----Original
Message-----
Will, Well thank you to everyone who responded to my need for perspective and assistance.
I believe I will be in need of a mail gateway if I am to continue to use Declude.
Also, does anyone know how to configure an Imail/Declude setup to not bounce spam messages?
Will
-----Original
Message-----
I can second the need for a gateway defense when under attack. We run a Windows shop and were being crushed under multiple dictionary attacks for two domains on a daily basis. I took the daunting task to build our first Linux box running Postfix. The first box was a tough start though I had a employee who had Linux experience. We are running Postfix on OpenBSD 3.6 with MySql for dynamic update ability. (I am still working on grabbing additions, updates and deletions from SmarterMail admins so we can throw all our domains in Postfix and update in realtime) After a few weeks we added a second box in the event the first box went down. The second box was a breeze since it was basically a duplication. Both mx records now point at the two boxes. The hardware was old 500Mhz and 1ghz cpu with 512mbs of ram each. The 1ghz is primary and takes 75% of the load without much effort with plenty of free memory. The whole setup allows the main server running SmarterMail/Declude Pro/Sniffer/F-Prot to respond quickly to POP, web mail and smtp traffic requests.
The Linus approach only should cost you some time and old equipment as the software is free. Our experience over the last two years showed it was worth climbing the short Linux learning cliff. And it is true ... they run forever
One important note not related to using a gateway: We never bounce spam e-mail back to the "sender". The backscatter traffic can kill you and skew your reports.
Michael
Jaworski
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== |
Title: Message
- Re: [Declude.JunkMail] Declude Woes Fixed Darin Cox
- Re: [Declude.JunkMail] Declude Woes Fixed Ing. Andrés E. Gallo
- Re: [Declude.JunkMail] Declude Woes Fixed Ing. Andrés E. Gallo