thanks David also for global.cfg, please consider include directives that will facilitate testing/optimization for example, to put the dns tests, or the sorbs or the ahbl tests in seperate files, and just an include instruction in the main global.cfg will make it more readable and easier to modify/optimize
what you think ? ----- Original Message ----- From: David Barker To: [email protected] Sent: Tuesday, April 28, 2009 8:31 PM Subject: RE: [Declude.JunkMail] Global.cfg cleanup I will look at revisiting this issue of additional functionality for hijack. From: [email protected] [mailto:[email protected]] On Behalf Of Serge Sent: Tuesday, April 28, 2009 4:14 PM To: [email protected] Subject: Re: [Declude.JunkMail] Global.cfg cleanup we have hijack installed however, for years we have been asking that hijack be improved to differently handle authenticated users we also need to be able to override the limits by IP something like Default limit by ip x,y IP1 x1,y1 IP2 (or subnet) x2,y2 authenticated users default: a,b user1 a1,b1 user2 a2, b2 ..... ..... ..... We have large clents with dozens of users behiind a single ip we cannot use the same limits as for a home user David, Please provide feedback on the above ----- Original Message ----- From: David Barker To: [email protected] Sent: Tuesday, April 28, 2009 7:19 PM Subject: RE: [Declude.JunkMail] Global.cfg cleanup This is exactly why delude Hijack is designed to prevent and resolve. If you have a file hijack.cfg.off in your \declude directory just rename it to hijack.cfg to turn it on. Further information about hijack can be found here. http://www.declude.com/searchresults.asp?Cat=125 David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax [email protected] From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Tuesday, April 28, 2009 3:18 PM To: [email protected] Subject: Re: [Declude.JunkMail] Global.cfg cleanup Serge, We had a similar situation happen about a week ago. For us, it turned out that one of our clients was infected with a virus/spyware/malware and was sending hundreds of thousands of spam messages. We had WHITELIST AUTH in the global.cfg. Once he authenticated, he was whitelisted. The system just could not keep up with the load. Once we figured out what was happening it took us a while to identify which account it was. I found that with LOGLEVEL MID, there is a line in the DECmmdd.LOG file that has the text "[Authenticated:<email address>]". By searching the file and finding an unusually large volume of them from one user showed me which account to disable. Hope this helps, Don ----- Original Message ----- From: nick To: [email protected] Sent: Tuesday, April 28, 2009 12:31 PM Subject: Re: [Declude.JunkMail] Global.cfg cleanup Serge, Are you getting a lot of invalids? In other words maybe too much traffic for some reason. Also are you scanning for virii after junkmail runs? -Nick -------------------------------------------------------------------------- From: "Serge" <[email protected]> Sent: Tuesday, April 28, 2009 1:04 PM To: [email protected] Subject: Re: [Declude.JunkMail] Global.cfg cleanup first thing i did tested the DNS and looked at declude logs no problem there my cpus were not able to handle the traffic, as simple as that ----- Original Message ----- From: David Barker To: [email protected] Sent: Tuesday, April 28, 2009 4:00 PM Subject: RE: [Declude.JunkMail] Global.cfg cleanup Serge, have you checked to make sure you not having DNS issues. DNS causes 80% of the issues with delays. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax [email protected] From: [email protected] [mailto:[email protected]] On Behalf Of Serge Sent: Tuesday, April 28, 2009 11:51 AM To: [email protected] Subject: [Declude.JunkMail] Global.cfg cleanup Importance: High For about a week my server (2xP3xeon 2.8GHz) was beiing saturated by an increase of traffic 100% CPU for hours and ten of thousands of messages in \proc the servers was working fine for several years something had to be done, decided to clean global.cfg, and need help optimizing AVafterJM was on Cleaned global.cfg left only Sniffer, Zerohour, some builtin tests, and a couple of filters the server is now stable, but i need some answers to decide what to do next 1- loglevel and logOK have any effects on CPU ? 2- Any DNS tests that are realy important ? (for now, I removed all) 3- Any of the following external tests / Filters are important, or are they outdated ? TIA #HELOISIP external nonzero "E:\imail\filters\heloisip\heloisip.exe" 3 0 #HELOISIPX external nonzero "E:\imail\filters\heloisip\heloisipx.exe" 3 0 #SIZE-S external 11 "CScript E:\IMail\Filters\Size.vbs //B //NoLogo //T:2 50,75,100 %WEIGHT% 1000" 0 0 #SIZE-M external 12 "CScript E:\IMail\Filters\Size.vbs //B //NoLogo //T:2 50,75,100 %WEIGHT% 1000" -10 0 #SIZE-L external 13 "CScript E:\IMail\Filters\Size.vbs //B //NoLogo //T:2 50,75,100 %WEIGHT% 1000" -20 0 #SIZE-XL external 14 "CScript E:\IMail\Filters\Size.vbs //B //NoLogo //T:2 50,75,100 %WEIGHT% 1000" -30 0 #SPAMCHK external weight "E:\spamchk\spamchk.exe" #INV-URIBL external weight "E:\INVURIBL\INVURIBL.exe %WEIGHT% %REMOTEIP%" 0 0 ############################################################################################################## #GIBBERISH filter E:\IMail\Filters\Gibberish.txt x 0 0 #GIBBERISHSUB filter E:\IMail\Filters\GibberishSub.txt x 0 0 #DYNAMIC filter E:\IMail\Filters\Dynamic.txt x -1 0 #SURBL filter E:\IMail\Filters\Surbl\surbl.txt x 1 0 #OFFENSIVE filter E:\IMail\Filters\offensive.txt x 0 0 ############################################################################################## # Good attribute Checks, KM00 #FALSE-AOL filter E:\Imail\KM00\False_AOL.txt x 0 0 #FALSE-YAHOO filter E:\Imail\KM00\False_Yahoo.txt x 0 0 #FALSE-HOTMAIL filter E:\Imail\KM00\False_Hotmail.txt x 0 0 #FALSE-TELEFONICA filter E:\Imail\KM00\False_telefonica.txt x 0 0 #GOOD-TELEFONICA filter E:\Imail\KM00\good_telefonica.txt x 0 0 #GOOD_HOTMAIL filter E:\Imail\KM00\Good_Hotmail.txt x 0 0 #GOOD_AOL filter E:\Imail\KM00\Good_Aol.txt x 0 0 #GOOD_Yahoo filter E:\Imail\KM00\Good_Yahoo.txt x 0 0 ############################################################################################## #FILTER-BODYURL filter E:\Imail\KM00\IMail_Filter_URLinBody.txt x 0 0 #FILTER-SPAMMER-COMPANY filter E:\Imail\KM00\IMail_Filter_SpammerCompany.txt x 0 0 #FILTER-PORN filter E:\Imail\KM00\IMail_Filter_PornoSite.txt x -2 0 #FILTER-PORNw filter E:\Imail\KM00\IMail_Filter_PornoSite.txt x -5 0 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [email protected], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [email protected], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [email protected], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [email protected], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [email protected], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [email protected], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [email protected], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [email protected], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [email protected], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
