RE: [Declude.JunkMail] Declude bugs and problems with smartermail
Darin, It's amazing how much time servers and software can suck up. Pretty soon you're working almost around the clock I actually am running the 2.0.6 version of Declude for Smartermail. As long as I don't try to HOLD spam it seems that only about 2 out of every 10 spams makes it through with no Declude headers attached to the message. The software is pretty buggy. With "HOLD" turned off the .VIR directories are being cleaned up in the SPOOL/PROC directory now, too. It seems that the logic in the program changes with different settings in the config file and right now I have it set at the lesser of two evils. At least 80% of the spam is being processed by Declude now. The rest of the spam comes through to my in-box untouched. I'm starting to think that maybe my wife is going to dump me because my manhood isn't large enough and that I just can't live without a Rolex watch! LOL! > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Darin Cox > Sent: Saturday, September 03, 2005 11:29 PM > To: Declude.JunkMail@declude.com > Subject: Re: [Declude.JunkMail] Declude bugs and problems with smartermail > > Hi Dave, > > I know what you mean. After the first startup venture in the late 90's, > holidays have never been the same... > > You might try running the 2.06 version for SmarterMail. I've heard mostly > success for that. That may buy you some time until the kinks get worked > out > of the 3.0 beta. > > Darin. > > > - Original Message - > From: "Dave Beckstrom" <[EMAIL PROTECTED]> > To: > Sent: Saturday, September 03, 2005 10:19 PM > Subject: RE: [Declude.JunkMail] Declude bugs and problems with smartermail > > > Darin, > > Ever since I started working out of a home office I do forget about the > holidays! > > Well, the "good news" is that I've made some progress in understanding the > problem. > > As long as I don't specify a "HOLD" action (EG. WEIGHT30 HOLD %DATE%) and > instead run with (WEIGHT30 SUBJECT [SPAM]) then Declude will at least > process MOST of the incoming email. > > When I tell Declude to hold email above a certain weight, it falls all > over > itself with problems. I'm seeing messages in the logs about attempts to > move non-existent files. I see paths for these files having spaces or > double slashes in the path names which are obvious programming errors. > I'm > half tempted to edit the Declude.exe file with a hex editor and fix the > path > problems myself. But there are some logic problems too so there is no > point. > > I hate the thought of running for 3 days not being able to block ANY spam > at > all. But what are you going to do? At least I can tag the majority of > the > spam. > > > > > > > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > > [EMAIL PROTECTED] On Behalf Of Darin Cox > > Sent: Saturday, September 03, 2005 8:15 PM > > To: Declude.JunkMail@declude.com > > Subject: Re: [Declude.JunkMail] Declude bugs and problems with > smartermail > > > > Hi Dave, > > > > Probably not... Monday's Labor Day. Easy to forget those little things > > called holidays, isn't it? > > > > Darin. > > > > > > - Original Message - > > From: "Dave Beckstrom" <[EMAIL PROTECTED]> > > To: > > Sent: Saturday, September 03, 2005 7:42 PM > > Subject: RE: [Declude.JunkMail] Declude bugs and problems with > smartermail > > > > > > Gary, > > > > Yeah, that sounds exactly like what is happening and I see messages in > the > > log, as well, that supports what you're saying. > > > > Hopefully Declude support will be around on Monday and maybe we can work > > on > > getting that one solved. > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > > > [EMAIL PROTECTED] On Behalf Of Gary Steiner > > > Sent: Saturday, September 03, 2005 5:51 PM > > > To: Declude.JunkMail@declude.com > > > Subject: re: [Declude.JunkMail] Declude bugs and problems with > > smartermail > > > > > > Regarding #5. I've run into spam that was sent to multiple addresses > on > > > the server, and the spam was processed by Declude (it's listed in the > > log > > > files), but somehow when this spam is then moved to the hold directory > > it > > > gets confused and somehow loses track of the file, and the file > doesn't > > > end up in the hold directory (you see an error message about this in > the > > > log file). It gets delivered, but without any Declude processing > > messages > > > in the header. > > > > > > > > > Original Message > > > > From: "Dave Beckstrom" <[EMAIL PROTECTED]> > > > > Sent: Saturday, September 03, 2005 1:01 PM > > > > To: Declude.JunkMail@declude.com > > > > Subject: [Declude.JunkMail] Declude bugs and problems with > > smartermail > > > > > > > > I've found a few Declude bugs and other problems when running in the > > > > smartermail environment. > > > > > > > > 1) Declude leaves directo
Re: [Declude.JunkMail] Declude bugs and problems with smartermail
Hi Dave, I know what you mean. After the first startup venture in the late 90's, holidays have never been the same... You might try running the 2.06 version for SmarterMail. I've heard mostly success for that. That may buy you some time until the kinks get worked out of the 3.0 beta. Darin. - Original Message - From: "Dave Beckstrom" <[EMAIL PROTECTED]> To: Sent: Saturday, September 03, 2005 10:19 PM Subject: RE: [Declude.JunkMail] Declude bugs and problems with smartermail Darin, Ever since I started working out of a home office I do forget about the holidays! Well, the "good news" is that I've made some progress in understanding the problem. As long as I don't specify a "HOLD" action (EG. WEIGHT30 HOLD %DATE%) and instead run with (WEIGHT30 SUBJECT [SPAM]) then Declude will at least process MOST of the incoming email. When I tell Declude to hold email above a certain weight, it falls all over itself with problems. I'm seeing messages in the logs about attempts to move non-existent files. I see paths for these files having spaces or double slashes in the path names which are obvious programming errors. I'm half tempted to edit the Declude.exe file with a hex editor and fix the path problems myself. But there are some logic problems too so there is no point. I hate the thought of running for 3 days not being able to block ANY spam at all. But what are you going to do? At least I can tag the majority of the spam. > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Darin Cox > Sent: Saturday, September 03, 2005 8:15 PM > To: Declude.JunkMail@declude.com > Subject: Re: [Declude.JunkMail] Declude bugs and problems with smartermail > > Hi Dave, > > Probably not... Monday's Labor Day. Easy to forget those little things > called holidays, isn't it? > > Darin. > > > - Original Message - > From: "Dave Beckstrom" <[EMAIL PROTECTED]> > To: > Sent: Saturday, September 03, 2005 7:42 PM > Subject: RE: [Declude.JunkMail] Declude bugs and problems with smartermail > > > Gary, > > Yeah, that sounds exactly like what is happening and I see messages in the > log, as well, that supports what you're saying. > > Hopefully Declude support will be around on Monday and maybe we can work > on > getting that one solved. > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > > [EMAIL PROTECTED] On Behalf Of Gary Steiner > > Sent: Saturday, September 03, 2005 5:51 PM > > To: Declude.JunkMail@declude.com > > Subject: re: [Declude.JunkMail] Declude bugs and problems with > smartermail > > > > Regarding #5. I've run into spam that was sent to multiple addresses on > > the server, and the spam was processed by Declude (it's listed in the > log > > files), but somehow when this spam is then moved to the hold directory > it > > gets confused and somehow loses track of the file, and the file doesn't > > end up in the hold directory (you see an error message about this in the > > log file). It gets delivered, but without any Declude processing > messages > > in the header. > > > > > > Original Message > > > From: "Dave Beckstrom" <[EMAIL PROTECTED]> > > > Sent: Saturday, September 03, 2005 1:01 PM > > > To: Declude.JunkMail@declude.com > > > Subject: [Declude.JunkMail] Declude bugs and problems with > smartermail > > > > > > I've found a few Declude bugs and other problems when running in the > > > smartermail environment. > > > > > > 1) Declude leaves directories with names such as 6432144091.vir in the > > > SPOOL/PROC overflow directory and it NEVER goes back and removes these > > > directories or cleans them up. I have to manually delete the .vir > > > directories. > > > > > > 2) Orphaned files. I have found files in the SPOOL/PROC directory > where > > the > > > .EML extension has been renamed to .EM$ and there is no matching .HDR > > file. > > > These stay until I delete the orphans. I currently have a file in my > > SPOOL > > > directory called X6432144091.EML with no matching .HDR file - which > > means > > > its an orphan file too. > > > > > > 3) The PROC overflow directory is being populated with files even when > > the > > > server is under very low utilization. This, in my opinion, portends > > major > > > performance problems ahead of us when the server is under a high load. > > I > > > don't see any tuning parameters available which allow me to tweak > under > > what > > > circumstances the PROC directory is utilized. I have a dual processor > > > server with 2 gig of RAM on it and I should not be forced to the same > > > limitations as someone with a single processor server. This process > > needs > > > to be tunable. > > > > > > 4) This morning I had about 100 files in the SPOOL/PROC directory. I > > had to > > > manually copy them to the SPOOL directory for processing. Once I > moved > > > them, the new files being placed into the PROC directory would
RE: [Declude.JunkMail] Declude bugs and problems with smartermail
Darin, Ever since I started working out of a home office I do forget about the holidays! Well, the "good news" is that I've made some progress in understanding the problem. As long as I don't specify a "HOLD" action (EG. WEIGHT30 HOLD %DATE%) and instead run with (WEIGHT30 SUBJECT [SPAM]) then Declude will at least process MOST of the incoming email. When I tell Declude to hold email above a certain weight, it falls all over itself with problems. I'm seeing messages in the logs about attempts to move non-existent files. I see paths for these files having spaces or double slashes in the path names which are obvious programming errors. I'm half tempted to edit the Declude.exe file with a hex editor and fix the path problems myself. But there are some logic problems too so there is no point. I hate the thought of running for 3 days not being able to block ANY spam at all. But what are you going to do? At least I can tag the majority of the spam. > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Darin Cox > Sent: Saturday, September 03, 2005 8:15 PM > To: Declude.JunkMail@declude.com > Subject: Re: [Declude.JunkMail] Declude bugs and problems with smartermail > > Hi Dave, > > Probably not... Monday's Labor Day. Easy to forget those little things > called holidays, isn't it? > > Darin. > > > - Original Message - > From: "Dave Beckstrom" <[EMAIL PROTECTED]> > To: > Sent: Saturday, September 03, 2005 7:42 PM > Subject: RE: [Declude.JunkMail] Declude bugs and problems with smartermail > > > Gary, > > Yeah, that sounds exactly like what is happening and I see messages in the > log, as well, that supports what you're saying. > > Hopefully Declude support will be around on Monday and maybe we can work > on > getting that one solved. > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > > [EMAIL PROTECTED] On Behalf Of Gary Steiner > > Sent: Saturday, September 03, 2005 5:51 PM > > To: Declude.JunkMail@declude.com > > Subject: re: [Declude.JunkMail] Declude bugs and problems with > smartermail > > > > Regarding #5. I've run into spam that was sent to multiple addresses on > > the server, and the spam was processed by Declude (it's listed in the > log > > files), but somehow when this spam is then moved to the hold directory > it > > gets confused and somehow loses track of the file, and the file doesn't > > end up in the hold directory (you see an error message about this in the > > log file). It gets delivered, but without any Declude processing > messages > > in the header. > > > > > > Original Message > > > From: "Dave Beckstrom" <[EMAIL PROTECTED]> > > > Sent: Saturday, September 03, 2005 1:01 PM > > > To: Declude.JunkMail@declude.com > > > Subject: [Declude.JunkMail] Declude bugs and problems with > smartermail > > > > > > I've found a few Declude bugs and other problems when running in the > > > smartermail environment. > > > > > > 1) Declude leaves directories with names such as 6432144091.vir in the > > > SPOOL/PROC overflow directory and it NEVER goes back and removes these > > > directories or cleans them up. I have to manually delete the .vir > > > directories. > > > > > > 2) Orphaned files. I have found files in the SPOOL/PROC directory > where > > the > > > .EML extension has been renamed to .EM$ and there is no matching .HDR > > file. > > > These stay until I delete the orphans. I currently have a file in my > > SPOOL > > > directory called X6432144091.EML with no matching .HDR file - which > > means > > > its an orphan file too. > > > > > > 3) The PROC overflow directory is being populated with files even when > > the > > > server is under very low utilization. This, in my opinion, portends > > major > > > performance problems ahead of us when the server is under a high load. > > I > > > don't see any tuning parameters available which allow me to tweak > under > > what > > > circumstances the PROC directory is utilized. I have a dual processor > > > server with 2 gig of RAM on it and I should not be forced to the same > > > limitations as someone with a single processor server. This process > > needs > > > to be tunable. > > > > > > 4) This morning I had about 100 files in the SPOOL/PROC directory. I > > had to > > > manually copy them to the SPOOL directory for processing. Once I > moved > > > them, the new files being placed into the PROC directory would > > automatically > > > move back to the SPOOL directory for processing. So it appears that > > there > > > is some situation where Declude forgets about some files in the > > SPOOL/PROC > > > directory and never goes back and moves them back to the SPOOL. I can > > set > > > up a script to do this (and delete the .vir folders too) every 15 > > minutes > > > but I shouldn't have to do that. > > > > > > 5) This morning I had 45 spam emails in my in-box that had no header > > record
Re: [Declude.JunkMail] ip4r blacklists
Gary, Also, I noticed from the NSLOOKUP below you are using Sprint's DNS? Is this the case for Declude / SmarterMail? Darrell --- DLAnalyzer - Comprehensive reporting on Declude Junkmail and Virus. Download it today - http://www.invariantsystems.com - Original Message - From: "Gary Steiner" <[EMAIL PROTECTED]> To: Sent: Saturday, September 03, 2005 6:45 PM Subject: Re: [Declude.JunkMail] ip4r blacklists 1. I have a "HOP 0" line in my global.cfg file. 2. Here's what I get: nslookup 2.0.0.127.bl.spamcop.net Server: ns1.sprintlink.net Address: 204.117.214.10 Non-authoritative answer: Name:2.0.0.127.bl.spamcop.net Address: 127.0.0.2 3. I had been running on debug, but this problem has been going on for at least a month, and I gave up on finding an answer, so I turned off my debug because my log files were chewing up disk space. Following are some lines for an email from Aug. 19 that SmarterMail caught with CBL and Spamhaus SBL: 08/19/2005 12:48:53.796 36110955 [3996] Got IP 204.9.244.26 08/19/2005 12:48:53.796 36110955 [3996] Setting remote IP address to 204.9.244.26 08/19/2005 12:48:53.796 36110955 [3996] 26.244.9.204.in-addr.arpa 08/19/2005 12:48:54.734 36110955 [3996] Done with reverse DNS lookup; processing it. 08/19/2005 12:48:54.734 36110955 [3996] revdns: ip-244-26.incyour.com. 08/19/2005 12:48:54.734 36110955 [3996] Hop 0: Checking IP Address 204.9.244.26. 08/19/2005 12:48:54.734 36110955 [3996] iptext=204.9.244.26 myip1=cc09f41a i=4 08/19/2005 12:48:56.046 36110955 [3996] Test #5 [AHBL] is same as Test #5 [AHBL=*]. Answer=admins.sosdg.org.? 08/19/2005 12:48:56.046 36110955 [3996] Test #6 [BLITZEDALL] is same as Test #6 [BLITZEDALL=*]. Answer=hostmaster.blitzed.org.? 08/19/2005 12:48:56.046 36110955 [3996] Test #7 [CBL] is same as Test #7 [CBL=127.0.0.2]. Answer=cbl.cbl.abuseat.org.? 08/19/2005 12:48:56.046 36110955 [3996] Test #8 [DSBL] is same as Test #8 [DSBL=*]. Answer=admin.dsbl.org.? 08/19/2005 12:48:56.046 36110955 [3996] Test #11 [ORDB] is same as Test #11 [ORDB=*]. Answer=hostmaster.ordb.org.? 08/19/2005 12:48:56.265 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #9 [MXRATE-BLOCK=127.0.0.2]. Answer=127.0.0.4? 08/19/2005 12:48:56.265 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #9 [MXRATE-BLOCK]. Answer=127.0.0.4 08/19/2005 12:48:56.265 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #10 [MXRATE-SUSPICIOUS=127.0.0.4]. Answer=127.0.0.4? 08/19/2005 12:48:56.265 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #10 [MXRATE-SUSPICIOUS]. Answer=127.0.0.4 08/19/2005 12:48:56.265 36110955 [3996] 204.9.244.26 IS listed in MXRATE-SUSPICIOUS. 08/19/2005 12:48:58.015 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #24 [MXRATE-ALLOW=127.0.0.3]. Answer=127.0.0.4? 08/19/2005 12:48:58.015 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #24 [MXRATE-ALLOW]. Answer=127.0.0.4 08/19/2005 12:48:59.765 36110955 [3996] Test 12-SBL didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 13-SORBS-HTTP didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 22-SPAMCOP didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 23-BONDEDSENDER didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 25-INTERSIL didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 26-CSMA-SBL didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 27-SPAMBAG didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 28-FIVETENSRC didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 29-JAMMDNSBL didn't get a response. Original Message From: "Darrell \([EMAIL PROTECTED])" <[EMAIL PROTECTED]> Sent: Saturday, September 03, 2005 11:21 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] ip4r blacklists Gary, Someone recently posted that they did not have the "HOP x" setting in their global.cfg and what was happening is that the ip4r tests were being skipped. Can you check on that? Also, if you drop down to a command prompt and type this what happens. nslookup 2.0.0.127.bl.spamcop.net Also, I would switch Declude's logging mode to "Debug" and post a snippet of the debug output for a message that smartermail tags on a ip4r list that declude did not. Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail Queue Monitoring, Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: "Gary Steiner" <[EMAIL PROTECTED]> To: Sent: Saturday, September 03, 2005 11:09 AM Subject: [Declude.JunkMail] ip4r blacklists I continue to run into a problem where Declude fails to get any response from the ip4r blacklists, then SmarterMail catches the exact same spam using the ip4r blacklists(spamcop, cbl, spa
Re: [Declude.JunkMail] ip4r blacklists
IP4R tests are running based on seeing results triggered for the MXRATE tests. The only thing I can suspect right now is that possibly your DNS server was slow to respond on that query and Declude moved on. The results would still have been returned to your DNS server hence why it was picked up with Smartermail. Again, that is only a guess. Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail Queue Monitoring, Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: "Gary Steiner" <[EMAIL PROTECTED]> To: Sent: Saturday, September 03, 2005 6:45 PM Subject: Re: [Declude.JunkMail] ip4r blacklists 1. I have a "HOP 0" line in my global.cfg file. 2. Here's what I get: nslookup 2.0.0.127.bl.spamcop.net Server: ns1.sprintlink.net Address: 204.117.214.10 Non-authoritative answer: Name:2.0.0.127.bl.spamcop.net Address: 127.0.0.2 3. I had been running on debug, but this problem has been going on for at least a month, and I gave up on finding an answer, so I turned off my debug because my log files were chewing up disk space. Following are some lines for an email from Aug. 19 that SmarterMail caught with CBL and Spamhaus SBL: 08/19/2005 12:48:53.796 36110955 [3996] Got IP 204.9.244.26 08/19/2005 12:48:53.796 36110955 [3996] Setting remote IP address to 204.9.244.26 08/19/2005 12:48:53.796 36110955 [3996] 26.244.9.204.in-addr.arpa 08/19/2005 12:48:54.734 36110955 [3996] Done with reverse DNS lookup; processing it. 08/19/2005 12:48:54.734 36110955 [3996] revdns: ip-244-26.incyour.com. 08/19/2005 12:48:54.734 36110955 [3996] Hop 0: Checking IP Address 204.9.244.26. 08/19/2005 12:48:54.734 36110955 [3996] iptext=204.9.244.26 myip1=cc09f41a i=4 08/19/2005 12:48:56.046 36110955 [3996] Test #5 [AHBL] is same as Test #5 [AHBL=*]. Answer=admins.sosdg.org.? 08/19/2005 12:48:56.046 36110955 [3996] Test #6 [BLITZEDALL] is same as Test #6 [BLITZEDALL=*]. Answer=hostmaster.blitzed.org.? 08/19/2005 12:48:56.046 36110955 [3996] Test #7 [CBL] is same as Test #7 [CBL=127.0.0.2]. Answer=cbl.cbl.abuseat.org.? 08/19/2005 12:48:56.046 36110955 [3996] Test #8 [DSBL] is same as Test #8 [DSBL=*]. Answer=admin.dsbl.org.? 08/19/2005 12:48:56.046 36110955 [3996] Test #11 [ORDB] is same as Test #11 [ORDB=*]. Answer=hostmaster.ordb.org.? 08/19/2005 12:48:56.265 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #9 [MXRATE-BLOCK=127.0.0.2]. Answer=127.0.0.4? 08/19/2005 12:48:56.265 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #9 [MXRATE-BLOCK]. Answer=127.0.0.4 08/19/2005 12:48:56.265 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #10 [MXRATE-SUSPICIOUS=127.0.0.4]. Answer=127.0.0.4? 08/19/2005 12:48:56.265 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #10 [MXRATE-SUSPICIOUS]. Answer=127.0.0.4 08/19/2005 12:48:56.265 36110955 [3996] 204.9.244.26 IS listed in MXRATE-SUSPICIOUS. 08/19/2005 12:48:58.015 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #24 [MXRATE-ALLOW=127.0.0.3]. Answer=127.0.0.4? 08/19/2005 12:48:58.015 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #24 [MXRATE-ALLOW]. Answer=127.0.0.4 08/19/2005 12:48:59.765 36110955 [3996] Test 12-SBL didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 13-SORBS-HTTP didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 22-SPAMCOP didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 23-BONDEDSENDER didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 25-INTERSIL didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 26-CSMA-SBL didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 27-SPAMBAG didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 28-FIVETENSRC didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 29-JAMMDNSBL didn't get a response. Original Message From: "Darrell \([EMAIL PROTECTED])" <[EMAIL PROTECTED]> Sent: Saturday, September 03, 2005 11:21 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] ip4r blacklists Gary, Someone recently posted that they did not have the "HOP x" setting in their global.cfg and what was happening is that the ip4r tests were being skipped. Can you check on that? Also, if you drop down to a command prompt and type this what happens. nslookup 2.0.0.127.bl.spamcop.net Also, I would switch Declude's logging mode to "Debug" and post a snippet of the debug output for a message that smartermail tags on a ip4r list that declude did not. Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail Queue Monitoring, Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: "Gary Steiner"
Re: [Declude.JunkMail] Declude bugs and problems with smartermail
Hi Dave, Probably not... Monday's Labor Day. Easy to forget those little things called holidays, isn't it? Darin. - Original Message - From: "Dave Beckstrom" <[EMAIL PROTECTED]> To: Sent: Saturday, September 03, 2005 7:42 PM Subject: RE: [Declude.JunkMail] Declude bugs and problems with smartermail Gary, Yeah, that sounds exactly like what is happening and I see messages in the log, as well, that supports what you're saying. Hopefully Declude support will be around on Monday and maybe we can work on getting that one solved. > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Gary Steiner > Sent: Saturday, September 03, 2005 5:51 PM > To: Declude.JunkMail@declude.com > Subject: re: [Declude.JunkMail] Declude bugs and problems with smartermail > > Regarding #5. I've run into spam that was sent to multiple addresses on > the server, and the spam was processed by Declude (it's listed in the log > files), but somehow when this spam is then moved to the hold directory it > gets confused and somehow loses track of the file, and the file doesn't > end up in the hold directory (you see an error message about this in the > log file). It gets delivered, but without any Declude processing messages > in the header. > > > Original Message > > From: "Dave Beckstrom" <[EMAIL PROTECTED]> > > Sent: Saturday, September 03, 2005 1:01 PM > > To: Declude.JunkMail@declude.com > > Subject: [Declude.JunkMail] Declude bugs and problems with smartermail > > > > I've found a few Declude bugs and other problems when running in the > > smartermail environment. > > > > 1) Declude leaves directories with names such as 6432144091.vir in the > > SPOOL/PROC overflow directory and it NEVER goes back and removes these > > directories or cleans them up. I have to manually delete the .vir > > directories. > > > > 2) Orphaned files. I have found files in the SPOOL/PROC directory where > the > > .EML extension has been renamed to .EM$ and there is no matching .HDR > file. > > These stay until I delete the orphans. I currently have a file in my > SPOOL > > directory called X6432144091.EML with no matching .HDR file - which > means > > its an orphan file too. > > > > 3) The PROC overflow directory is being populated with files even when > the > > server is under very low utilization. This, in my opinion, portends > major > > performance problems ahead of us when the server is under a high load. > I > > don't see any tuning parameters available which allow me to tweak under > what > > circumstances the PROC directory is utilized. I have a dual processor > > server with 2 gig of RAM on it and I should not be forced to the same > > limitations as someone with a single processor server. This process > needs > > to be tunable. > > > > 4) This morning I had about 100 files in the SPOOL/PROC directory. I > had to > > manually copy them to the SPOOL directory for processing. Once I moved > > them, the new files being placed into the PROC directory would > automatically > > move back to the SPOOL directory for processing. So it appears that > there > > is some situation where Declude forgets about some files in the > SPOOL/PROC > > directory and never goes back and moves them back to the SPOOL. I can > set > > up a script to do this (and delete the .vir folders too) every 15 > minutes > > but I shouldn't have to do that. > > > > 5) This morning I had 45 spam emails in my in-box that had no header > records > > indicating that they were ever processed by Declude. Apparently there > is > > some situation where Declude doesn't process messages. I haven't yet > > figured out how or why this may be happening. I'll do more research to > see > > what I can find. > > > > I am hoping that support will get with me ASAP and that together we can > > identify the cause of these problems and make some enhancements to > Declude > > which will make it more smartemail friendly. > > > > > > > > > > > > > > > > > > > > --- > > [This E-mail scanned for viruses by Declude Virus] > > > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com. > > --- > > [This E-mail scanned for viruses by Declude Virus] > > > --- > [This E-mail scanned for viruses by Declude Virus] > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archive
RE: [Declude.JunkMail] Declude bugs and problems with smartermail
Gary, Yeah, that sounds exactly like what is happening and I see messages in the log, as well, that supports what you're saying. Hopefully Declude support will be around on Monday and maybe we can work on getting that one solved. > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Gary Steiner > Sent: Saturday, September 03, 2005 5:51 PM > To: Declude.JunkMail@declude.com > Subject: re: [Declude.JunkMail] Declude bugs and problems with smartermail > > Regarding #5. I've run into spam that was sent to multiple addresses on > the server, and the spam was processed by Declude (it's listed in the log > files), but somehow when this spam is then moved to the hold directory it > gets confused and somehow loses track of the file, and the file doesn't > end up in the hold directory (you see an error message about this in the > log file). It gets delivered, but without any Declude processing messages > in the header. > > > Original Message > > From: "Dave Beckstrom" <[EMAIL PROTECTED]> > > Sent: Saturday, September 03, 2005 1:01 PM > > To: Declude.JunkMail@declude.com > > Subject: [Declude.JunkMail] Declude bugs and problems with smartermail > > > > I've found a few Declude bugs and other problems when running in the > > smartermail environment. > > > > 1) Declude leaves directories with names such as 6432144091.vir in the > > SPOOL/PROC overflow directory and it NEVER goes back and removes these > > directories or cleans them up. I have to manually delete the .vir > > directories. > > > > 2) Orphaned files. I have found files in the SPOOL/PROC directory where > the > > .EML extension has been renamed to .EM$ and there is no matching .HDR > file. > > These stay until I delete the orphans. I currently have a file in my > SPOOL > > directory called X6432144091.EML with no matching .HDR file - which > means > > its an orphan file too. > > > > 3) The PROC overflow directory is being populated with files even when > the > > server is under very low utilization. This, in my opinion, portends > major > > performance problems ahead of us when the server is under a high load. > I > > don't see any tuning parameters available which allow me to tweak under > what > > circumstances the PROC directory is utilized. I have a dual processor > > server with 2 gig of RAM on it and I should not be forced to the same > > limitations as someone with a single processor server. This process > needs > > to be tunable. > > > > 4) This morning I had about 100 files in the SPOOL/PROC directory. I > had to > > manually copy them to the SPOOL directory for processing. Once I moved > > them, the new files being placed into the PROC directory would > automatically > > move back to the SPOOL directory for processing. So it appears that > there > > is some situation where Declude forgets about some files in the > SPOOL/PROC > > directory and never goes back and moves them back to the SPOOL. I can > set > > up a script to do this (and delete the .vir folders too) every 15 > minutes > > but I shouldn't have to do that. > > > > 5) This morning I had 45 spam emails in my in-box that had no header > records > > indicating that they were ever processed by Declude. Apparently there > is > > some situation where Declude doesn't process messages. I haven't yet > > figured out how or why this may be happening. I'll do more research to > see > > what I can find. > > > > I am hoping that support will get with me ASAP and that together we can > > identify the cause of these problems and make some enhancements to > Declude > > which will make it more smartemail friendly. > > > > > > > > > > > > > > > > > > > > --- > > [This E-mail scanned for viruses by Declude Virus] > > > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com. > > --- > > [This E-mail scanned for viruses by Declude Virus] > > > --- > [This E-mail scanned for viruses by Declude Virus] > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude 3.0.3 update
Now the other thing to make sure of is did you increase the amount >of threads that it will use in the "declude.cfg" file? By default it >appears to use only 5 threads. I bumped mine up to 25 and that seems to be >working very well. The other thing which is documented on the beta page is >if you have more than one CPU where it will sleep for a period of time when >it should not. I wasn't that daring...I only bumped the number of threads to 10, thinking I could increase it later if warranted. I was initially concerned with 10 threads due to the high volume of unprocessed items in the 'proc' directory and the 100% CPU usage. However, now that the backlog has been processed, CPU usage is back to normal, and the 'proc' folder is empty every time I look at it. So, for the moment, 10 threads is a stable place to be until we get more experience with this new version of JunkMail. We're running a single CPU mail server but are considering moving to a dual processor system that just became available. Hopefully, I can remember your warning about multiple processors when we make the switch! -- Kim W. Premuda FastWave Internet Services San Diego, CA -- --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
re: [Declude.JunkMail] Declude bugs and problems with smartermail
Regarding #5. I've run into spam that was sent to multiple addresses on the server, and the spam was processed by Declude (it's listed in the log files), but somehow when this spam is then moved to the hold directory it gets confused and somehow loses track of the file, and the file doesn't end up in the hold directory (you see an error message about this in the log file). It gets delivered, but without any Declude processing messages in the header. Original Message > From: "Dave Beckstrom" <[EMAIL PROTECTED]> > Sent: Saturday, September 03, 2005 1:01 PM > To: Declude.JunkMail@declude.com > Subject: [Declude.JunkMail] Declude bugs and problems with smartermail > > I've found a few Declude bugs and other problems when running in the > smartermail environment. > > 1) Declude leaves directories with names such as 6432144091.vir in the > SPOOL/PROC overflow directory and it NEVER goes back and removes these > directories or cleans them up. I have to manually delete the .vir > directories. > > 2) Orphaned files. I have found files in the SPOOL/PROC directory where the > .EML extension has been renamed to .EM$ and there is no matching .HDR file. > These stay until I delete the orphans. I currently have a file in my SPOOL > directory called X6432144091.EML with no matching .HDR file - which means > its an orphan file too. > > 3) The PROC overflow directory is being populated with files even when the > server is under very low utilization. This, in my opinion, portends major > performance problems ahead of us when the server is under a high load. I > don't see any tuning parameters available which allow me to tweak under what > circumstances the PROC directory is utilized. I have a dual processor > server with 2 gig of RAM on it and I should not be forced to the same > limitations as someone with a single processor server. This process needs > to be tunable. > > 4) This morning I had about 100 files in the SPOOL/PROC directory. I had to > manually copy them to the SPOOL directory for processing. Once I moved > them, the new files being placed into the PROC directory would automatically > move back to the SPOOL directory for processing. So it appears that there > is some situation where Declude forgets about some files in the SPOOL/PROC > directory and never goes back and moves them back to the SPOOL. I can set > up a script to do this (and delete the .vir folders too) every 15 minutes > but I shouldn't have to do that. > > 5) This morning I had 45 spam emails in my in-box that had no header records > indicating that they were ever processed by Declude. Apparently there is > some situation where Declude doesn't process messages. I haven't yet > figured out how or why this may be happening. I'll do more research to see > what I can find. > > I am hoping that support will get with me ASAP and that together we can > identify the cause of these problems and make some enhancements to Declude > which will make it more smartemail friendly. > > > > > > > > > > --- > [This E-mail scanned for viruses by Declude Virus] > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] ip4r blacklists
1. I have a "HOP 0" line in my global.cfg file. 2. Here's what I get: nslookup 2.0.0.127.bl.spamcop.net Server: ns1.sprintlink.net Address: 204.117.214.10 Non-authoritative answer: Name:2.0.0.127.bl.spamcop.net Address: 127.0.0.2 3. I had been running on debug, but this problem has been going on for at least a month, and I gave up on finding an answer, so I turned off my debug because my log files were chewing up disk space. Following are some lines for an email from Aug. 19 that SmarterMail caught with CBL and Spamhaus SBL: 08/19/2005 12:48:53.796 36110955 [3996] Got IP 204.9.244.26 08/19/2005 12:48:53.796 36110955 [3996] Setting remote IP address to 204.9.244.26 08/19/2005 12:48:53.796 36110955 [3996] 26.244.9.204.in-addr.arpa 08/19/2005 12:48:54.734 36110955 [3996] Done with reverse DNS lookup; processing it. 08/19/2005 12:48:54.734 36110955 [3996] revdns: ip-244-26.incyour.com. 08/19/2005 12:48:54.734 36110955 [3996] Hop 0: Checking IP Address 204.9.244.26. 08/19/2005 12:48:54.734 36110955 [3996] iptext=204.9.244.26 myip1=cc09f41a i=4 08/19/2005 12:48:56.046 36110955 [3996] Test #5 [AHBL] is same as Test #5 [AHBL=*]. Answer=admins.sosdg.org.? 08/19/2005 12:48:56.046 36110955 [3996] Test #6 [BLITZEDALL] is same as Test #6 [BLITZEDALL=*]. Answer=hostmaster.blitzed.org.? 08/19/2005 12:48:56.046 36110955 [3996] Test #7 [CBL] is same as Test #7 [CBL=127.0.0.2]. Answer=cbl.cbl.abuseat.org.? 08/19/2005 12:48:56.046 36110955 [3996] Test #8 [DSBL] is same as Test #8 [DSBL=*]. Answer=admin.dsbl.org.? 08/19/2005 12:48:56.046 36110955 [3996] Test #11 [ORDB] is same as Test #11 [ORDB=*]. Answer=hostmaster.ordb.org.? 08/19/2005 12:48:56.265 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #9 [MXRATE-BLOCK=127.0.0.2]. Answer=127.0.0.4? 08/19/2005 12:48:56.265 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #9 [MXRATE-BLOCK]. Answer=127.0.0.4 08/19/2005 12:48:56.265 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #10 [MXRATE-SUSPICIOUS=127.0.0.4]. Answer=127.0.0.4? 08/19/2005 12:48:56.265 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #10 [MXRATE-SUSPICIOUS]. Answer=127.0.0.4 08/19/2005 12:48:56.265 36110955 [3996] 204.9.244.26 IS listed in MXRATE-SUSPICIOUS. 08/19/2005 12:48:58.015 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #24 [MXRATE-ALLOW=127.0.0.3]. Answer=127.0.0.4? 08/19/2005 12:48:58.015 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as Test #24 [MXRATE-ALLOW]. Answer=127.0.0.4 08/19/2005 12:48:59.765 36110955 [3996] Test 12-SBL didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 13-SORBS-HTTP didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 22-SPAMCOP didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 23-BONDEDSENDER didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 25-INTERSIL didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 26-CSMA-SBL didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 27-SPAMBAG didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 28-FIVETENSRC didn't get a response. 08/19/2005 12:48:59.765 36110955 [3996] Test 29-JAMMDNSBL didn't get a response. Original Message > From: "Darrell \([EMAIL PROTECTED])" <[EMAIL PROTECTED]> > Sent: Saturday, September 03, 2005 11:21 AM > To: Declude.JunkMail@declude.com > Subject: Re: [Declude.JunkMail] ip4r blacklists > > Gary, > > Someone recently posted that they did not have the "HOP x" setting in their > global.cfg and what was happening is that the ip4r tests were being skipped. > Can you check on that? Also, if you drop down to a command prompt and type > this what happens. > > nslookup 2.0.0.127.bl.spamcop.net > > Also, I would switch Declude's logging mode to "Debug" and post a snippet of > the debug output for a message that smartermail tags on a ip4r list that > declude did not. > > Darrell > --- > Check out http://www.invariantsystems.com for utilities for Declude And > Imail. IMail Queue Monitoring, Declude Overflow Queue Monitoring, SURBL/URI > integration, MRTG Integration, and Log Parsers. > > - Original Message - > From: "Gary Steiner" <[EMAIL PROTECTED]> > To: > Sent: Saturday, September 03, 2005 11:09 AM > Subject: [Declude.JunkMail] ip4r blacklists > > > I continue to run into a problem where Declude fails to get any response > from the ip4r blacklists, then SmarterMail catches the exact same spam using > the ip4r blacklists(spamcop, cbl, spamhaus, etc.). Declude support implied > that there was a problem with my DNS server. But both Declude and > SmarterMail are using the same DNS server. Why would Declude have a problem > with it and SmarterMail not? I'm using Declude 2.0.6.16 and SmarterMail > 2.6. It's very intermittent, happening on probably less than 5% of the > total spams, but enough that it's noticeable. > > --- [This E-m
Re: [Declude.JunkMail] Declude 3.0.3 update
Kim, I believe in the next beta that they will make sure the directory gets created. Now the other thing to make sure of is did you increase the amount of threads that it will use in the "declude.cfg" file? By default it appears to use only 5 threads. I bumped mine up to 25 and that seems to be working very well. The other thing which is documented on the beta page is if you have more than one CPU where it will sleep for a period of time when it should not. Darrell --- invURIBL - Intelligent URI Filtering. Stops 85%+ SPAM with the default configuration. Download a copy today - http://www.invariantsystems.com - Original Message - From: "Kim Premuda" <[EMAIL PROTECTED]> To: Sent: Saturday, September 03, 2005 2:49 PM Subject: Re: [Declude.JunkMail] Declude 3.0.3 update >Those were the same error messages that I seen when the work directory >was not created. Please see my earlier post - you need to make sure you have a /spool/proc/work directory. Darrell Thanks, Darrell. I did read your previous post, but not until I had already sent my posting to the list. In fact, I recalled seeing your original post on this matter but had forgotten about it. I created the 'work' directory per your previous post, then reloaded JunkMail 3.0.3 ...and, things started working. The trouble was that the backlog in the 'proc' directory took about 1.5 hours to clear while keeping the CPU at 100%. However, things look fairly normal at this time...thanks, again. I am a little surprised that the 'work' directory auto-creation was not implemented in version 3.0.3, as I believe you reported this before this latest release. -- Kim W. Premuda FastWave Internet Services San Diego, CA -- --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude 3.0.3 update
>Those were the same error messages that I seen when the work directory was >not created. Please see my earlier post - you need to make sure you have a >/spool/proc/work directory. > >Darrell Thanks, Darrell. I did read your previous post, but not until I had already sent my posting to the list. In fact, I recalled seeing your original post on this matter but had forgotten about it. I created the 'work' directory per your previous post, then reloaded JunkMail 3.0.3 ...and, things started working. The trouble was that the backlog in the 'proc' directory took about 1.5 hours to clear while keeping the CPU at 100%. However, things look fairly normal at this time...thanks, again. I am a little surprised that the 'work' directory auto-creation was not implemented in version 3.0.3, as I believe you reported this before this latest release. -- Kim W. Premuda FastWave Internet Services San Diego, CA -- --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude 3.0.3 update
Kim, Those were the same error messages that I seen when the work directory was not created. Please see my earlier post - you need to make sure you have a /spool/proc/work directory. Darrell -- DLAnalyzer - Comprehensive reporting on Declude Junkmail and Virus. Download it today - http://www.invariantsystems.com - Original Message - From: "Kim Premuda" <[EMAIL PROTECTED]> To: Sent: Saturday, September 03, 2005 12:48 PM Subject: Re: [Declude.JunkMail] Declude 3.0.3 update >We installed the latest 3.0.3 beta tonight; the decludeproc service shot >to 99% of CPU and stayed there for 15 minutes. During this time we >accumulated over 1000 items in the proc folder; nothing was going out. Anyone else experienced this? We loaded JunkMail 3.0.3 last night and, this morning, had to revert back to 2.0.6.16 for the same reason...the '\proc' directory was filled with over 2,000 unprocessed items. Our CPU usage was unusally low (most likely, due to JunkMail not processing those files). The Declude log showed the following (ad nauseum): 09/02/2005 23:58:03.875 q47210e4201f24dd0 Could not open envelope file C:\IMail\spool\proc\work\q47210e4201f24dd0.smd. 09/02/2005 23:58:03.875 q47210e4201f24dd0 Error: Failed; could not open C:\IMail\spool\proc\work\D47210e4201f24dd0.smd 09/02/2005 23:58:03.875 q47210e4201f24dd0 Cumulative action(s) taken on this email = NO ACTIONS WERE TAKEN 09/03/2005 00:03:08.546 q47210e4201f24dd0 Couldn't rename SMD to SM$ [3]. Priority back to 32. Error String: [The system cannot find the path specified.] [C:\IMail\spool\proc\work\D47210e4201f24dd0.smd] [C:\IMail\spool\proc\work\D47210e4201f24dd0.sm$] -- Kim W. Premuda FastWave Internet Services San Diego, CA -- --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude bugs and problems with smartermail
I've found a few Declude bugs and other problems when running in the smartermail environment. 1) Declude leaves directories with names such as 6432144091.vir in the SPOOL/PROC overflow directory and it NEVER goes back and removes these directories or cleans them up. I have to manually delete the .vir directories. 2) Orphaned files. I have found files in the SPOOL/PROC directory where the .EML extension has been renamed to .EM$ and there is no matching .HDR file. These stay until I delete the orphans. I currently have a file in my SPOOL directory called X6432144091.EML with no matching .HDR file - which means its an orphan file too. 3) The PROC overflow directory is being populated with files even when the server is under very low utilization. This, in my opinion, portends major performance problems ahead of us when the server is under a high load. I don't see any tuning parameters available which allow me to tweak under what circumstances the PROC directory is utilized. I have a dual processor server with 2 gig of RAM on it and I should not be forced to the same limitations as someone with a single processor server. This process needs to be tunable. 4) This morning I had about 100 files in the SPOOL/PROC directory. I had to manually copy them to the SPOOL directory for processing. Once I moved them, the new files being placed into the PROC directory would automatically move back to the SPOOL directory for processing. So it appears that there is some situation where Declude forgets about some files in the SPOOL/PROC directory and never goes back and moves them back to the SPOOL. I can set up a script to do this (and delete the .vir folders too) every 15 minutes but I shouldn't have to do that. 5) This morning I had 45 spam emails in my in-box that had no header records indicating that they were ever processed by Declude. Apparently there is some situation where Declude doesn't process messages. I haven't yet figured out how or why this may be happening. I'll do more research to see what I can find. I am hoping that support will get with me ASAP and that together we can identify the cause of these problems and make some enhancements to Declude which will make it more smartemail friendly. --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude 3.0.3 update
>We installed the latest 3.0.3 beta tonight; the decludeproc service shot to >99% of CPU and stayed there for 15 minutes. During this time we accumulated >over 1000 items in the proc folder; nothing was going out. > >Anyone else experienced this? We loaded JunkMail 3.0.3 last night and, this morning, had to revert back to 2.0.6.16 for the same reason...the '\proc' directory was filled with over 2,000 unprocessed items. Our CPU usage was unusally low (most likely, due to JunkMail not processing those files). The Declude log showed the following (ad nauseum): 09/02/2005 23:58:03.875 q47210e4201f24dd0 Could not open envelope file C:\IMail\spool\proc\work\q47210e4201f24dd0.smd. 09/02/2005 23:58:03.875 q47210e4201f24dd0 Error: Failed; could not open C:\IMail\spool\proc\work\D47210e4201f24dd0.smd 09/02/2005 23:58:03.875 q47210e4201f24dd0 Cumulative action(s) taken on this email = NO ACTIONS WERE TAKEN 09/03/2005 00:03:08.546 q47210e4201f24dd0 Couldn't rename SMD to SM$ [3]. Priority back to 32. Error String: [The system cannot find the path specified.] [C:\IMail\spool\proc\work\D47210e4201f24dd0.smd] [C:\IMail\spool\proc\work\D47210e4201f24dd0.sm$] -- Kim W. Premuda FastWave Internet Services San Diego, CA -- --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] ip4r blacklists
Gary, Someone recently posted that they did not have the "HOP x" setting in their global.cfg and what was happening is that the ip4r tests were being skipped. Can you check on that? Also, if you drop down to a command prompt and type this what happens. nslookup 2.0.0.127.bl.spamcop.net Also, I would switch Declude's logging mode to "Debug" and post a snippet of the debug output for a message that smartermail tags on a ip4r list that declude did not. Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail Queue Monitoring, Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: "Gary Steiner" <[EMAIL PROTECTED]> To: Sent: Saturday, September 03, 2005 11:09 AM Subject: [Declude.JunkMail] ip4r blacklists I continue to run into a problem where Declude fails to get any response from the ip4r blacklists, then SmarterMail catches the exact same spam using the ip4r blacklists(spamcop, cbl, spamhaus, etc.). Declude support implied that there was a problem with my DNS server. But both Declude and SmarterMail are using the same DNS server. Why would Declude have a problem with it and SmarterMail not? I'm using Declude 2.0.6.16 and SmarterMail 2.6. It's very intermittent, happening on probably less than 5% of the total spams, but enough that it's noticeable. --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] ip4r blacklists
I continue to run into a problem where Declude fails to get any response from the ip4r blacklists, then SmarterMail catches the exact same spam using the ip4r blacklists(spamcop, cbl, spamhaus, etc.). Declude support implied that there was a problem with my DNS server. But both Declude and SmarterMail are using the same DNS server. Why would Declude have a problem with it and SmarterMail not? I'm using Declude 2.0.6.16 and SmarterMail 2.6. It's very intermittent, happening on probably less than 5% of the total spams, but enough that it's noticeable. --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] EServices Autowhite?
> Maybe not only virtal host keys but also one for each user mailbox. AutoWhite doesn't consult user Registry keys, though it does look up alias Registry keys in order to consolidate aliases and their target usernames under the same .AWL whitelist file. AFAICS: - If a user only uses a single e-mail address, you wouldn't need to add anything to the Registry to "fake it out." - If a user only uses (both sends from and receives at) a single local e-mail address -- either user or alias -- for any given remote correspondent, it would also not require any extra tweaking. - Registry additions would only be necessary in the case that a user sends from and receives mail at _different local addresses for the same remote correspondent_, and you thus want to check one AutoWhite list for all combos. > Autowhite does a great job at my side here, but I would suggest the > following: The current way to keep all data in numerous files es the > same file-based way as declude 1.x and 2.x has done. Now with the > new declude v3 service it would be great to have this functionality > inside the service (or added as a module) > This module could keep a RAM-based database of MAILFROM <=> MAILTO > communication of the last - let's say - 7 days. I'll say this: just because you're now building from a service model doesn't mean that using shared memory will be smarter than using non-volatile storage for data that needs to persist across service restarts. You can use shared memory without running from a service, but very I'm glad AW does not. As an avid user of AW, I take great comfort in knowing that data is stored on disk, rather than trusting a "flush on shutdown" of what can easily grow to many MB of data, and also in knowing that I can manually add, edit, and delete entries in .AWL files, none of which would be possible if everything were moved to an opaque data store. The rest of your feature requests are similarly cool, but "databases" that are opaque to the user are usually not! --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] EServices Autowhite?
> You will probably need to add the virtual host keys as > well, but you certainly will be able to fake it out using > the Registry alone. No IMail EXEs will be necessary to install. Maybe not only virtal host keys but also one for each user mailbox. Autowhite does a great job at my side here, but I would suggest the following: The current way to keep all data in numerous files es the same file-based way as declude 1.x and 2.x has done. Now with the new declude v3 service it would be great to have this functionality inside the service (or added as a module) This module could keep a RAM-based database of MAILFROM <=> MAILTO communication of the last - let's say - 7 days. A.) If the combination MFROM-MTO has had previous email communication with final weights below a certain treshold (=legit msgs) then add a negative weight for further messages (the same thing that Autowhite already does) B.) If the same MFROM has send a certain number of msgs with a final weight in the "grey zone" do something like - move the message to a temporary hold folder an check the message again after - let's say one hour - in the hope that Blacklists, InvURIBL and Sniffer has new patterns to catch the msg as spam. - send an alert to the admin as he can look what's going on with this type of messages C.) If there is some mail loop (for example if a message is send to at least two recipients using un unpatched exchange pop3-connector) this module could also identify this repeatedly send messages having the same checksum or msgs size. If there are more then x messages in - let's say - 3 hours send an alert to the administrator as he can put this mailfrom adress to the SMTP-envelope kill list until the mail loop is broken by at least one of the exchange admin's. The RAM-based database can be stored in a file if declude is shutdown regulary, so that the data is imediatly available after a restart of the service or the entire server. The database could also clean old records based on his "lastupdate-timestamp" and maybe it could also alert the admin if there is a suspicious number of "unknown viruses" or "vulnerabilities" in a certain timerange. Markus --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
