Re: [Declude.JunkMail] IMail jamming up

Fri, 24 Mar 2006 08:09:07 -0800

OK, if I do this, that is clear out the spool directory, I need a bit of expert advice on finding and returning the good messages for processing once I identify those that are not pure spam.
What are the GSE files? I see a bunch of these recycling. Also I see something with the extension of GMP which, other than the extension, looks just like the SMP. I have never had to go through this exercise before, so I am unsure which files need to be moved back for a given message other than the Qxxx and Dxxx go together I think 


Also, is there any easy way to view the queued message content other 
than opening a message with notepad or the like?  Has anyone put out 
a tool to view these pending messages easily?


At 04:05 AM 3/24/2006, Matt wrote:

Orin,


One phishing spammer has been sending out "killer messages" that 
cause queue manager to seize, though in 7.07 it might be the SMTP 
service that handles this.  I found this last week using 8.15 HF2 
and was told by Ipswitch that this was apparently fixed in 8.21, 
though the release notes don't specifically say that the issue was 
with killer messages.



I won't go into detail here what the killer message looks like, or 
what causes the crash since it is a potential DoS exploit, but you 
should move all of the files out of your spool and restart the 
server.  Then go through the messages stuck in your spool and delete 
all of the files that are associated with spam, especially the ones 
that are phishing related since this is likely the cause.



The only long-term fix is to upgrade to 8.21 or higher.  I placed 
filters in my system to detect the problematic pattern and delete 
the messages with Declude before they hit the Queue Manager, but 
these filters are custom and not workable with out of the box 
Declude functionality.



The reason why you have the "~" files lining up (and likely some "R" 
files) is because they are renamed by IMail when they are about to 
be delivered, and that's when the service crashes.  Each time it 
crashes, it will leave a bunch of these behind, and depending on how 
your version operates, it may find the "~" files and rename them to 
"R" files.  You must remove the offending killer messages from your 
spool for stable operation otherwise it will continue to crash.



Take note that I am only guessing that you are experiencing the same 
problem.  I also believe that a lot of the reported Queue Manager 
crashes on the lists in the last few months are the result of this 
issue.  I'm a little upset that the fix was released without 
sufficient detail because I wouldn't have left myself open to this 
if I had known about the potential of issues.  This is exactly why 
it is so incredibly important for a software company to be 
completely transparent and extraordinary detailed when it comes to 
bugs and fixes.


Matt



Orin Wells wrote:


I am hoping one of you more experienced folks has a clue about this 
problem and can give me some advice.  I don't even know exactly 
what is going on let alone where it is happening.



Both last night and again tonight our iMail simply stopped 
delivering mail.  It appears the messages come into the server OK 
but they never leave the queue.



The Spool directory is jammed up with an ever increasing number of 
files. I see a lot of files with a leading underscore and file typt 
~MP, a lot of GSE files and the log file is way out of kilter.  It 
normally runs 9 to 10 MB per day but the last two days it is 17 and 
25 MB.  When I look into the log file I see the following sort of activity



20060323 213530 127.0.0.1       SMTP (3028) requeuing 
C:\IMail\spool\QB3561CE200C47A73.GMP R0 T16
20060323 213530 127.0.0.1       SMTP (3028) finished 
C:\IMail\spool\QB3561CE200C47A73.GMP status=3
20060323 213530 127.0.0.1       SMTP (3028) 
C:\IMail\spool\QB35B1CE200C48DBC.SMP
20060323 213530 127.0.0.1       SMTP (3028) processing 
C:\IMail\spool\QB35B1CE200C48DBC.SMP
20060323 213534 127.0.0.1       SMTP (2812) requeuing 
C:\IMail\spool\Qc2b317b001067d9b.SMP R0 T18
20060323 213534 127.0.0.1       SMTP (2812) finished 
C:\IMail\spool\Qc2b317b001067d9b.SMP status=3
20060323 213534 127.0.0.1       SMTP (2812) 
C:\IMail\spool\QC2B717B001068D6A.SMP
20060323 213534 127.0.0.1       SMTP (2812) processing 
C:\IMail\spool\QC2B717B001068D6A.SMP
20060323 213538 127.0.0.1       SMTP (2220) requeuing 
C:\IMail\spool\QB3EC1CE200C4C3B7.SMP R0 T14
20060323 213538 127.0.0.1       SMTP (2220) finished 
C:\IMail\spool\QB3EC1CE200C4C3B7.SMP status=3
20060323 213538 127.0.0.1       SMTP (2220) 
C:\IMail\spool\QB3F01CE200C4D51C.SMP
20060323 213538 127.0.0.1       SMTP (2220) processing 
C:\IMail\spool\QB3F01CE200C4D51C.SMP
20060323 213543 127.0.0.1       SMTP (2548) requeuing 
C:\IMail\spool\QB3601CE200C49F8F.SMP R0 T19
20060323 213543 127.0.0.1       SMTP (2548) finished 
C:\IMail\spool\QB3601CE200C49F8F.SMP status=3
20060323 213543 127.0.0.1       SMTP (2548) 
C:\IMail\spool\QB3641CE200C4B2B9.GMP
20060323 213543 127.0.0.1       SMTP (2548) processing 
C:\IMail\spool\QB3641CE200C4B2B9.GMP
20060323 213543 127.0.0.1       SMTP (2548) 
C:\IMail\spool\QB3641CE200C4B2B9.SMP
20060323 213543 127.0.0.1       SMTP (2548) processing 
C:\IMail\spool\QB3641CE200C4B2B9.SMP
20060323 213543 127.0.0.1       SMTP (2548) 
C:\IMail\spool\QB3691CE200C4C42E.SMP
20060323 213544 127.0.0.1       SMTP (2548) processing 
C:\IMail\spool\QB3691CE200C4C42E.SMP
20060323 213544 127.0.0.1       SMTP (2548) 
C:\IMail\spool\QB36E1CE200C4D70A.GMP
20060323 213544 127.0.0.1       SMTP (2548) processing 
C:\IMail\spool\QB36E1CE200C4D70A.GMP
20060323 213548 127.0.0.1       SMTP (2572) requeuing 
C:\IMail\spool\QC4EB17B0010628B9.SMP R0 T15
20060323 213548 127.0.0.1       SMTP (2572) finished 
C:\IMail\spool\QC4EB17B0010628B9.SMP status=3
20060323 213548 127.0.0.1       SMTP (2572) 
C:\IMail\spool\QC4EF17B0010639A1.SMP
20060323 213548 127.0.0.1       SMTP (2572) processing 
C:\IMail\spool\QC4EF17B0010639A1.SMP
20060323 213548 127.0.0.1       SMTP (2572) 
C:\IMail\spool\Qc4f317b001064634.SMP
20060323 213548 127.0.0.1       SMTP (2572) processing 
C:\IMail\spool\Qc4f317b001064634.SMP
20060323 213548 127.0.0.1       SMTP (2572) 
C:\IMail\spool\Qc4f517b001064f0e.SMP
20060323 213548 127.0.0.1       SMTP (2572) processing 
C:\IMail\spool\Qc4f517b001064f0e.SMP
20060323 213548 127.0.0.1       SMTP (2572) 
C:\IMail\spool\Qc4f917b0010660b1.SMP
20060323 213548 127.0.0.1       SMTP (2572) processing 
C:\IMail\spool\Qc4f917b0010660b1.SMP
20060323 213548 127.0.0.1       SMTP (2572) 
C:\IMail\spool\Qc4fc17b001066ae3.SMP
20060323 213548 127.0.0.1       SMTP (2572) processing 
C:\IMail\spool\Qc4fc17b001066ae3.SMP
20060323 213549 127.0.0.1       SMTP (2572) 
C:\IMail\spool\Qc51317b00106c4ab.SMP
20060323 213549 127.0.0.1       SMTP (2572) processing 
C:\IMail\spool\Qc51317b00106c4ab.SMP
20060323 213551 127.0.0.1       SMTP (2280) requeuing 
C:\IMail\spool\QB3641CE200C4B2B9.GMP R0 T16
20060323 213551 127.0.0.1       SMTP (2280) finished 
C:\IMail\spool\QB3641CE200C4B2B9.GMP status=3
20060323 213551 127.0.0.1       SMTP (2280) 
C:\IMail\spool\QB3641CE200C4B2B9.SMP
20060323 213551 127.0.0.1       SMTP (2280) processing 
C:\IMail\spool\QB3641CE200C4B2B9.SMP
20060323 213559 127.0.0.1       SMTP (2640) requeuing 
C:\IMail\spool\QB3BB1CE200C4043F.SMP R0 T16
20060323 213559 127.0.0.1       SMTP (2640) finished 
C:\IMail\spool\QB3BB1CE200C4043F.SMP status=3
20060323 213559 127.0.0.1       SMTP (2640) 
C:\IMail\spool\QB3C41CE200C4296B.SMP
20060323 213559 127.0.0.1       SMTP (2640) processing 
C:\IMail\spool\QB3C41CE200C4296B.SMP
20060323 213602 127.0.0.1       SMTP (2028) requeuing 
C:\IMail\spool\QB4A41CE200C4915E.SMP R0 T13
20060323 213602 127.0.0.1       SMTP (2028) finished 
C:\IMail\spool\QB4A41CE200C4915E.SMP status=3
20060323 213602 127.0.0.1       SMTP (2028) 
C:\IMail\spool\QB4AD1CE200C4B60C.SMP
20060323 213602 127.0.0.1       SMTP (2028) processing 
C:\IMail\spool\QB4AD1CE200C4B60C.SMP



I tried to clear this up by stopping and then restarting all the 
iMail services.  I also tried to stop and start them 
individually.  Neither approach worked.  The only way I have been 
able to clear it is to reboot the server.  Obviously this is not 
something I want to have to do every day.


We are running iMail 7.07 with declude 2.0.6


Any thoughts guys?  Is there something going on in iMail world this 
week that I missed?


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.






















					Reply via email to