[Declude.JunkMail] Email not being scanned by Declude.
I received 2 online pharmacy spams to my inbox (log snips and headers attached). One came in Saturday night at ~9:11, the other ~9:36. They were queued, then on Sunday at 3:32 AM, they were both delivered. They were never scanned by Declude. I'm trying to figure out what happened. First of all, why is there such a delay? Second why were the queue files renamed from .SMD to .RMD? Third, why weren't they passed off to Declude? Here are the changes I made on Friday at ~2:00 PM: Upgraded to Declude 2.04 from 1.82 Commented out the SPAMCHK test in global.cfg. No changes have been made to Imail. There is a scheduled task that runs at 3:00 AM that reboots the Imail server. I suspect that the first queue run after reboot was when they were delivered. Thanks for any assistance. NOTE: MX2.rmslink.net is my postfix gateway. Here is the Imail log MSG1: 20050211 211139 127.0.0.1 SMTPD (65db01d80148355c) [172.20.5.2] connect 68.118.154.7 port 54419 20050211 211139 127.0.0.1 SMTPD (65db01d80148355c) [68.118.154.7] EHLO mx2.rmslink.net 20050211 211139 127.0.0.1 SMTPD (65db01d80148355c) [68.118.154.7] MAIL FROM:[EMAIL PROTECTED] 20050211 211139 127.0.0.1 SMTPD (65db01d80148355c) [68.118.154.7] RCPT TO:[EMAIL PROTECTED] 20050211 211139 127.0.0.1 SMTPD (65db01d80148355c) [68.118.154.7] S:\imail\spool\D65db01d80148355c.SMD 4053 20050212 033231 127.0.0.1 SMTP () Info - Adding Queue file S:\imail\spool\Q65db01d80148355c.RMD 20050212 033231 127.0.0.1 SMTP (65db01d80148355c) processing S:\imail\spool\Q65db01d80148355c.RMD 20050212 033232 127.0.0.1 SMTP (65db01d80148355c) forwarded message to [EMAIL PROTECTED] 20050212 033232 127.0.0.1 SMTP (65db01d80148355c) ldeliver mail.taisweb.net copyall-main (1) [EMAIL PROTECTED] 4053 20050212 033232 127.0.0.1 SMTP (65db01d80148355c) finished S:\imail\spool\Q65db01d80148355c.RMD status=1 And these are the headers of the email MSG1: Received: from SMTP32-FWD by mail.wilcoxtravel.com (SMTP32) id A65DB01D80148355C; Sat, 12 Feb 2005 03:32:32 Received: from mx2.rmslink.net [68.118.154.7] by mail.taisweb.net with ESMTP (SMTPD32-8.15) id A5DB1D80148; Fri, 11 Feb 2005 21:11:39 -0500 Received: from wilcoxtravel.com (c-24-118-16-119.mn.client2.attbi.com [24.118.16.119]) by mx2.rmslink.net (Postfix) with SMTP id 3DBC339836 for ; Fri, 11 Feb 2005 21:10:53 -0500 (EST) X-Message-Info: FqS6gQcHx77o1H7RqHr Received: from scfzubp1.msn.com ([189.113.6.171]) by q1-r.msn.com with Microsoft SMTPSVC(5.0.2195.6824); Sat, 12 Feb 2005 02:07:55 -0400 Received: from restrict qz25 (carpathia orgiastic originate fleawort sequester faulty oatmeal textile bindle bern orgy tat inventory aphorism whimsey deja malaria spool greenbriar algaecide macdonald parthenon athlete novo actinide bourbon bottleneck rivulet rudolf serf schizophrenia danzig scrupulosity pate calculable terrific auric relict yacht starve diagnostic sixtieth mobility patriotic missionary bassett rejoinder envoy mysterious uphill monarchic musk mausoleum crater intestate feasible morose impetuous nelson douse borderland ami washbasin abominable crosswort trencherman leander oceanography apropos croupier weasel typology pinkish endothermic gerundial trypsin concretion graveyard orphan limbo thrush snail hereford staunton degrade student winters fredericks fern convolute mall fare walnut graceful crease pod crypt meter vie marshall star indium aniline rightmost impolite hedgehog therapy granny megohm lackey fibration approach impeach boxy exert professor needham s old inbred resentful canton reinforce aperture pecuniary wert malraux geiger knickerbocker elinor schnapps benjamin brasilia dynamite hippopotamus astral conspiracy loose cluj vaudois missy chalet histochemistry skullduggery quintic terrible troop numerology occurrent inroad spitz grommet chigger bipartisan hokan waggle roustabout urine heel therewith promote roister corona triode shrewd ) From: Emery U To: '%TO_NAME' Subject: Emery invites you to a private med warehouse Date: Sat, 12 Feb 2005 02:08:22 + Message-ID: [EMAIL PROTECTED] repudiate [1-3]wf[1-3]38[1-3]70[1-3] MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_ED41F_153E1AFF.15E33A00 X-RCPT-TO: Status: U X-UIDL: 403220807 Here is the Imail log MSG2: 20050211 193657 127.0.0.1 SMTPD (4fa90132012c3072) [172.20.5.2] connect 68.118.154.7 port 64078 20050211 193657 127.0.0.1 SMTPD (4fa90132012c3072) [68.118.154.7] EHLO mx2.rmslink.net 20050211 193657 127.0.0.1 SMTPD (4fa90132012c3072) [68.118.154.7] MAIL FROM:[EMAIL PROTECTED] 20050211 193657 127.0.0.1 SMTPD (4fa90132012c3072) [68.118.154.7] RCPT TO:[EMAIL PROTECTED] 20050211 193657 127.0.0.1 SMTPD (4fa90132012c3072) [68.118.154.7] S:\imail\spool\D4fa90132012c3072.SMD 4126 20050212 033231 127.0.0.1 SMTP () Info - Adding Queue file S:\imail\spool\Q4fa90132012c3072.RMD
Re: [Declude.JunkMail] Email not being scanned by Declude.
No changes have been made to Imail. There is a scheduled task that runs at 3:00 AM that reboots the Imail server. I suspect that the first queue run after reboot was when they were delivered. Others will chime in, but this is a known issue that after a reboot that the QueueManager will grab email that has not been scanned by Declude yet and deliver them. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Email not being scanned by Declude.
Hi, Although the IMail services don't have any dependencies I was thinking of linking some services in order to prevent stuff like this. I would have Syslog run first, then the Queuemanager and then the other services. This would for instance automatically stop the SMTP service when stop/starting the Queuemenager. So Most services, incl. queue manager, depend on Syslog. SMTP depends on queuemanager (and syslog)? Any caveats I should know about? Groetjes, Bonno Bloksma - Original Message - From: Matt [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Monday, February 14, 2005 4:47 PM Subject: Re: [Declude.JunkMail] Email not being scanned by Declude. It's actually during the shut down that this happens during a window of a few seconds. In order to avoid this, always stop the SMTP service before shutting down, and also before stopping the QueueManager service. Matt Darrell ([EMAIL PROTECTED]) wrote: No changes have been made to Imail. There is a scheduled task that runs at 3:00 AM that reboots the Imail server. I suspect that the first queue run after reboot was when they were delivered. Others will chime in, but this is a known issue that after a reboot that the QueueManager will grab email that has not been scanned by Declude yet and deliver them. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [E-mail scanned at tio.nl for viruses by Declude Virus] --- [E-mail scanned at tio.nl for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Email not being scanned by Declude.
OK, but the shutdown doesn't happen until 3:00 AM. These messages were received (and queued, which is the point they SHOULD have been handed off to Declude) at 9:30 PM. That's a 6 hour window between receipt and delivery. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, February 14, 2005 10:48 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Email not being scanned by Declude. It's actually during the shut down that this happens during a window of a few seconds. In order to avoid this, always stop the SMTP service before shutting down, and also before stopping the QueueManager service. Matt Darrell ([EMAIL PROTECTED]) wrote: No changes have been made to Imail. There is a scheduled task that runs at 3:00 AM that reboots the Imail server. I suspect that the first queue run after reboot was when they were delivered. Others will chime in, but this is a known issue that after a reboot that the QueueManager will grab email that has not been scanned by Declude yet and deliver them. Darrell -- -- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
