We've done this in the past also -- it made quite a difference, especially on underpowered hardware.
_M On Thursday, July 10, 2008, 5:18:30 PM, Fox,Thomas wrote: FT> We do, it works really well. Quite Speedy!! >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of >> Ferrell Ard >> Sent: Thursday, July 10, 2008 4:38 PM >> To: [email protected] >> Subject: [Declude.JunkMail] RE: Thoughts on running DNS on the IMail >> (declude) server ??? >> >> Hey David >> >> What would your thoughts be on running a >> "Caching ONLY" DNS on the IMail (declude) server ??? >> >> Thanks very much >> Ferrell >> >> ----- Original Message ----- >> From: "Todd Richards" <[EMAIL PROTECTED]> >> To: <[email protected]> >> Sent: Thursday, July 10, 2008 4:26 PM >> Subject: X-IMail-SPAM RE: [Declude.JunkMail] Overnight Spam Increase? >> >> >> > OK, that was it. I went onto my mail server and tried to ping my DNS >> > server. No go. I rebooted my DNS server, flushed the cache from my >> mail >> > server, then all was well. It looks like things are working again. >> > >> > Quick question - can I add a second DNS server (which I have) so that >> it >> > looks there if the primary is unavailable? I never thought of that >> but I >> > guess anytime I have to reboot the primary server, then I am >> effectively >> > leaving the mail server "unprotected". >> > >> > Thanks, David! >> > >> > Todd >> > >> > >> > -----Original Message----- >> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of >> David >> > Barker >> > Sent: Thursday, July 10, 2008 2:01 PM >> > To: [email protected] >> > Subject: RE: [Declude.JunkMail] Overnight Spam Increase? >> > >> > ISSUE: >> > >> > Spam is slipping past Declude that hasn't normally passed any >> filtering. >> > Spam is not being weighted high enough for actionable thresholds to >> take >> > effect. >> > Place your LOGLEVEL in DEBUG, let it run for several minutes and then >> open >> > the log. What we are trying to do is identify a possible DNS issue. >> > Packets not making it to the DNS server or not making it back from >> the DNS >> > server can be an issue if you are running Declude Security Suite. >> The >> > reason is we rely heavily on these queries to be successfully >> resolved in >> > order to trigger certain test and assign spam a high enough weight. >> If >> > you >> > see the following in the log, find out where these queries are going >> > because >> > they aren't getting back to the application. >> > >> > 02/07/2007 13:48:34.640 35958831 Test #2 [ADNSBL] didn't get a >> response >> > 02/07/2007 13:48:34.640 35958831 Test #3 [BLITZEDALL] didn't get a >> > response >> > 02/07/2007 13:48:34.640 35958831 Test #4 [CBL] didn't get a response >> > 02/07/2007 13:48:34.640 35958831 Test #5 [CSMA-SBL] didn't get a >> response >> > 02/07/2007 13:48:34.640 35958831 Test #6 [DSBL-CONFIRMED] didn't get >> a >> > response >> > 02/07/2007 13:48:34.640 35958831 Test #7 [FIVETEN-SRC] didn't get a >> > response >> > 02/07/2007 13:48:34.640 35958831 Test #7 [FIVETEN-SRC]didn't get a >> > response >> > 02/07/2007 13:48:34.640 35958831 Test #8 [JAMMDNSBL] didn't get a >> response >> > 02/07/2007 13:48:34.640 35958831 Test #9 [INTERSIL] didn't get a >> response >> > 02/07/2007 13:48:34.640 35958831 Test #10 [IPWHOIS] didn't get a >> response >> > 02/07/2007 13:48:34.640 35958831 Test #11 [IMP-SPAM] didn't get a >> response >> > 02/07/2007 13:48:34.640 35958831 Test #12 [MXRATE-BLOCK] didn't get a >> > response >> > 02/07/2007 13:48:34.640 35958831 Test #12 [MXRATE-BLOCK] didn't get a >> > response >> > 02/07/2007 13:48:34.640 35958831 Test #12 [MXRATE-BLOCK] didn't get a >> > response >> > 02/07/2007 13:48:34.640 35958831 Test #14 [NJABL] is same as Test #14 >> > [NJABL=127.0.0.2]. Answer=? >> > 02/07/2007 13:48:34.640 35958831 Test #15 [SBL] didn't get a response >> > 02/07/2007 13:48:34.640 35958831 Test #16 [SORBS-HTTP] didn't get a >> > response >> > 02/07/2007 13:48:34.640 35958831 Test #16 [SORBS-HTTP] didn't get a >> > response >> > 02/07/2007 13:48:34.640 35958831 Test #16 [SORBS-HTTP] didn't get a >> > response >> > >> > RESOLUTION: >> > >> > Check your diags.txt, if you see an IP address next to the DNS field >> and >> > you >> > see the above in your DEBUG log, that DNS server has either stopped >> > responding or connectivity has been lost between the email server and >> the >> > DNS machine. If no IP address has been identified in this field then >> > Declude is having an issue reading it from your mail server itself. >> Open >> > up >> > your Global.cfg and specify an alternate address to another DNS >> server >> > next >> > to the DNS directive near the top of the file. Make sure to save >> your >> > file, >> > rename or delete the old DEBUG log and start a new one. You should >> see >> > that >> > these "didn't get a response" goes away. >> > >> > If you do not have an alternate DNS server try use the following. >> > >> > DNS 208.67.222.222 >> > >> > Also check your firewall to make sure it is not blocking DNS queries. >> > >> > David B >> > >> > -----Original Message----- >> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of >> Todd >> > Richards >> > Sent: Thursday, July 10, 2008 11:05 AM >> > To: [email protected] >> > Subject: RE: [Declude.JunkMail] Overnight Spam Increase? >> > >> > Hmm, this is new to me. An internal DNS issue or external (which we >> host >> > with DNSMadeEasy)? This just started so I'm not sure where to look >> for >> > resolution. >> > >> > Thanks, >> > >> > Todd >> > >> > >> > >> > -----Original Message----- >> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of >> David >> > Barker >> > Sent: Thursday, July 10, 2008 9:11 AM >> > To: [email protected] >> > Subject: RE: [Declude.JunkMail] Overnight Spam Increase? >> > >> > Looks like you are having a DNS problem, this email never scored any >> RBL's >> > yet when checking the IP it failed several. >> > >> > Failed: SPAMCOP HOSTKARMA SENDERSCORE UBL UCEPROTECTL2 UCEPROTECTL3 >> > CASA-CBL+ CASA-CBL- SORBS-WEB SPAMHAUS PBL2 >> > >> > David B >> > >> > -----Original Message----- >> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of >> Todd >> > Richards >> > Sent: Thursday, July 10, 2008 9:16 AM >> > To: [email protected] >> > Subject: RE: [Declude.JunkMail] Overnight Spam Increase? >> > >> > Thanks David. What I'm seeing is legitimate spam that while it is >> going >> > through Declude - most is marked as spam - it's not scoring quite >> high >> > enough to get held. >> > >> > Normally my Junk E-mail folder in Outlook (used to catch what little >> does >> > make it through) has about 10 from the evening before. This morning, >> I >> > had >> > 140 in there. The strange part is that it looks like "old school" >> spam - >> > credit card stuff, meds, etc. But when I look at the headers I can >> see it >> > is going through the filters. >> > >> > Below is an example of one such emails, with the header information >> before >> > the body. (note my hold weight is at 19) >> > >> > Todd >> > >> > >> > ******** HEADER ********** >> > >> > >> > Received: from [79.186.114.208] [79.186.114.208] by mail.nnepa.com >> with >> > ESMTP >> > (SMTPD-8.22) id A25D01E4; Wed, 09 Jul 2008 23:38:53 -0500 >> > Message-ID: <[EMAIL PROTECTED]> >> > From: "giraud bryan" <[EMAIL PROTECTED]> >> > To: <[EMAIL PROTECTED]> >> > Subject: **SPAM**credit history >> > Date: Thu, 10 Jul 2008 02:51:27 +0000 >> > MIME-Version: 1.0 >> > Content-Type: text/plain; >> > charset="iso-8859-1" >> > Content-Transfer-Encoding: 7bit >> > X-Priority: 3 >> > X-MSMail-Priority: Normal >> > X-Mailer: Microsoft Outlook Express 6.00.2900.3138 >> > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 >> > X-invURIBL-Scan: Scanned by invURIBL 3.1.1 on 7/9/2008 11:40:06 PM >> > X-invURIBL-Weight: 0 >> > X-invURIBL-Range: CLEAN >> > X-RBL-Warning: SNIFFER: Message failed SNIFFER: 58. >> > X-RBL-Warning: FILTER-COUNTRY: Message failed FILTER-COUNTRY test >> (line >> > 174, >> > weight 0) >> > X-RBL-Warning: WEIGHT10: Weight of 18 reaches or exceeds the limit of >> 10. >> > X-Declude-Sender: [EMAIL PROTECTED] [79.186.114.208] >> > X-Declude-Spoolname: D925c01be0000747b.smd >> > X-Declude-RefID: str=0001.0A010202.4875276F.00B8,ss=4,sh,fgs=0 >> > X-Declude-Note: Scanned by Declude 4.3.64 for spam. >> > "http://www.declude.com/x-note.htm"; >> > X-Declude-Scan: Incoming Score [18] at 23:40:14 on 09 Jul 2008 >> > X-Declude-Tests: SNIFFER [18], FILTER-COUNTRY [0], WEIGHT10 [10], >> WEIGHT15 >> > [15], ZEROHOUR [0] >> > X-Country-Chain: POLAND->destination >> > X-Declude-Code: f >> > X-Helo: [79.186.114.208] >> > X-RCPT-TO: <[EMAIL PROTECTED]> >> > Status: U >> > X-UIDL: 515451365 >> > X-IMail-ThreadID: 925c01be0000747b >> > >> > >> > >> > ******** BODY ********** >> > >> > >> > Do Not consolidate your debt Eliminate it! >> > >> > Legally ELIMINATE your credit card and other unsecured debt >> > >> > * WITHOUT ever making another payment to your creditors >> > * WITHOUT it affecting your credit long-term >> > * WITHOUT confrontation >> > >> > Visit www.joinedtodayi.com >> > >> > This IS NOT: >> > >> > * Bankruptcy >> > * Consolidation >> > * Or refinancing of any kind >> > >> > Visit here www.joinedtodayi.com to learn how >> > >> > >> > * Must have a minimum of $10K in combined household unsecured debt to >> > apply. >> > >> > * Must be a US resident. >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > -----Original Message----- >> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of >> David >> > Barker >> > Sent: Wednesday, July 09, 2008 2:24 PM >> > To: [email protected] >> > Subject: RE: [Declude.JunkMail] Overnight Spam Increase? >> > >> > We got slammed at about 9 am EST time today, causing delays, most of >> the >> > increase looks like backscatter. >> > >> > David B >> > >> > -----Original Message----- >> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of >> Todd >> > Richards >> > Sent: Wednesday, July 09, 2008 11:47 AM >> > To: [email protected] >> > Subject: [Declude.JunkMail] Overnight Spam Increase? >> > >> > Hi Everyone - >> > >> > There was an unusually high increase in the amount of spam for me to >> > review >> > when I got to the office this morning, and more making it through to >> my >> > email than usual (still scanned and marked appropriately). >> > >> > Is anyone else seeing this? >> > >> > Todd >> > >> > >> > >> > --- >> > This E-mail came from the Declude.JunkMail mailing list. To >> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >> > type "unsubscribe Declude.JunkMail". The archives can be found >> > at http://www.mail-archive.com. >> > >> > >> > >> > --- >> > This E-mail came from the Declude.JunkMail mailing list. To >> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >> > type "unsubscribe Declude.JunkMail". The archives can be found >> > at http://www.mail-archive.com. >> > >> > >> > >> > >> > --- >> > This E-mail came from the Declude.JunkMail mailing list. To >> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >> > type "unsubscribe Declude.JunkMail". The archives can be found >> > at http://www.mail-archive.com. >> > >> > >> > >> > --- >> > This E-mail came from the Declude.JunkMail mailing list. To >> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >> > type "unsubscribe Declude.JunkMail". The archives can be found >> > at http://www.mail-archive.com. >> > >> > >> > >> > >> > --- >> > This E-mail came from the Declude.JunkMail mailing list. To >> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >> > type "unsubscribe Declude.JunkMail". The archives can be found >> > at http://www.mail-archive.com. >> > >> > >> > >> > --- >> > This E-mail came from the Declude.JunkMail mailing list. To >> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >> > type "unsubscribe Declude.JunkMail". The archives can be found >> > at http://www.mail-archive.com. >> > >> > >> > >> > >> > --- >> > This E-mail came from the Declude.JunkMail mailing list. To >> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >> > type "unsubscribe Declude.JunkMail". The archives can be found >> > at http://www.mail-archive.com. >> > >> > >> >> >> >> --- >> This E-mail came from the Declude.JunkMail mailing list. To >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >> type "unsubscribe Declude.JunkMail". The archives can be found >> at http://www.mail-archive.com. FT> --- FT> This E-mail came from the Declude.JunkMail mailing list. To FT> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and FT> type "unsubscribe Declude.JunkMail". The archives can be found FT> at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
