Nick,
I can restart the service without touching anything else on the server
and it seems to run fine. That is what I did today and what I did the
first time that this happened, though I rebooted fully after the second
time. It's pretty clear that a reboot isn't required. I do have
Windows set up to detect the service failure and it does not detect the
service failure, nor does the service show that it is off in either
Windows or IMail Admin.
I might try the NET START SMTPSVC trick, however I did come across
someone else's server that would crash when SMTPSVC was in a bad state
and a restart attempt was made. In this case, a NET STOP would seem to
be required before a NET START since it only partially crashes. If it
is a mystery heap issue, I hopefully solved that already.
FYI, I am running behind ORF which is knocking out most of the bad
addresses, but with this virus some domains that weren't under
dictionary attack and weren't being validated are now under heavy attack
from it's mail engine which uses a predefined list of addresses on each
domain it attacks. So I am therefore seeing much more traffic of this
variety, and it comes through really, really quick. I believe that I
have also noted that it doesn't quit connections when a message is
rejected for having a bad recipient, or at least my bandwidth has shown
strange spurts that are highly indicative of a single box that is maxed
out on bandwidth that is pounding on bad addresses and shouldn't
otherwise be consuming bandwidth. Between the bad addresses, rapid
delivery and the bandwidth consumption, there is no doubt that the new
Sober's are built to cause problems for mail servers through effectively
DDoS attacks.
I wouldn't gain anything by doing virus scanning with my ORF gateways
since that would only add load to my system as a whole. I am in fact
working towards doing virus scanning after all JunkMail processes so
that I can save on processing power.
Matt
nick hayer wrote:
Matt wrote:
Hi Matt -
I have not had any issues at all - what other clues do you have to
offer? In your logs is there any simularity among the last message
processed before the crash(s). Do you record the 'peak memory usage'
- to see if there is some kind of of memory issue? Run the smtp log
in dubug mode? Will a NET START SMTPSVC restart the service? If the
latter is true I would suggest running that command at least every hr
until the mystery is solved. [ if it is running it will not hurt
anything and if its down it will help!]
-Nick
I was just wondering if anyone else has been seeing IMail SMTP crash
with a noticeable frequency in the last few weeks. I have had mine
go down 3 times now in the last 5 days or so, and this is something
that I can't recall the last time that it happened before that.
Essentially the SMTP service stops responding, but it doesn't crash
in a way that Windows sees it as being down.
I have a sneaking suspicion that the massively increased traffic from
the Sober worms which are trying many pre-defined addresses that
don't exist could be the problem. I am going to drop my PROCESSES
value in my Declude.cfg just in case this is a mystery heap issue.
Any other clues???
Thanks,
Matt
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
