Re: [Declude.JunkMail] Declude Woes Fixed
Title: Message Hi Will, We finally found our problems over the weekend. They were two-fold. I'll document them here in the hopes someone else with this problem will benefit. 1. IMail and Declude are using local MS DNS. However, we had set up Forwarders in MS DNS, and thoseforwarded DNS serverswere not resolving most of the DNS-based tests (thanks to our upstream providers :( ). So, Decludehad to wait for all of the DNS-based tests to time out, which meant total processing time on a single email was about 90 seconds. 2. We had three DNS-based tests that were timing out: RRBL, SBBL, and SOLID.SOLID is dead and the other two report server failure, which may be temporary. To find out if you are using any dead or failing DNS tests, switch to LOGLEVEL DEBUG for a couple of minutes or so, and trace a message through to see if any tests are not responding. After removing the DNS forwarders and the failed or dead DNS tests, processing time was down to 8 seconds. I doubt we'll see the overload issue again unless we don't pay attention to dead or unavailable DNS tests, or wehave a real load issue. Darin. - Original Message - From: Will To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 9:04 AM Subject: RE: [Declude.JunkMail] Declude Woes Just an update Last week I had disabled Declude and cleaned out my spool directory. For the next day I had not experienced any issues. My spooled messages are staying well under 500 and mail is flowing exactly how I want it to (without Declude). Now, we can get away with not having Declude Junkmail for a bit, but I really needed virus scanning, so I re-enabled Declude Antivirus. After I verified everything was running smoothly I downloaded F-prot and removed Mcafee before the weekend and things have also been running very smooth. Just a note, I had run Declude Antivirus for years without any issues and I only seem to run into these overflow problems when I introduce Declude Junkmail. Since the major issues I had last week I have made three changes I have modified the queue manager to process 100 messages at a time. I have disabled Declude Junkmail. I have now moved from Mcafee to F-Prot. The only one of these changes that has ensured that mail does not go into overflow and backup is the disabling of Declude Junkmail. Im not so sure its a DNS issue because the Imail spam filters run perfectly fine, which I am now using in place of Declude. They do not do as good a job identifying spam, but they are better than nothing. Things to think about: I was interested in the statement that the mail server can be setup to not bounce messages if they are detected as SPAM. This still confuses me, because the BOUNCEONLYIFYOUMUST statement in the $default$.junkmail file appears to actually bounce the messages. As it is, all my filters are set to WARN and I dont understand why changing them to BOUNCEONLYIFYOUMUST will help. I do not believe I have bulk mailers on my system, but I will not discount it. Does anyone have a good suggestion for determining this? After looking through my logs and running Imail log analyzer none of my own IPs stand out for message counts and the invalid user entries I find are from outside sources outside of my network. These connections are always denied and mail does not get processed onto our server. I will think about Declude HiJack. I still want to use Declude Junkmail, so I will test some of the suggestions put into place such as whitelisting my IP range and disabling outbout virus scanning, but other than these two suggestions, I dont see any major changes here that will affect me. Will Friday: SpamContent 13400 SpamPhrase 19107 SpamFeatures 1283 SpamUrlDomain 35018 LocalDeliver 92331 RemoteDeliver 10526 Saturday: SpamContent 10089 SpamPhrase 20739 SpamFeatures 1090 SpamUrlDomain 27194 LocalDeliver 83297 RemoteDeliver 9008 Sunday: SpamContent 10425 SpamPhrase 18741 SpamFeatures 793 SpamUrlDomain 25756 LocalDeliver 81033 RemoteDeliver 10142 -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Friday, July 29, 2005 2:03 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Declude Woes Will,What you probably have are users bulk-mailing through your server (evidenced by the GSE files), issues with running both IMail Antispam and Declude, and choosing a much slower than optimal virus scanner as your one an only engine in a CPU-challenged environment. There could well be issues with fragmentation and not enough disks as well.The reports that you shared are somewhat inconclusive, primarily because running Declude plus IMail Antispam will skew these numbers. So there is no telling what the true volume is. If you run Declude, you should turn IMail Antispam off and just rely on Declude alone.Your config looks fine except that you should strongly consider spending about $50
RE: [Declude.JunkMail] Declude Woes Fixed
Title: Message Thanks Darin, this is very helpful and informative. Have you had an issue with MS DNS where it had a hard time resolving with root servers? I have seen this and when I add a forwarded to our upstream provider is works fine but I would rather depend on root hits. My root servers are up to date with internic. Will -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Monday, August 01, 2005 10:00 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Declude Woes Fixed Hi Will, We finally found our problems over the weekend. They were two-fold. I'll document them here in the hopes someone else with this problem will benefit. 1. IMail and Declude are using local MS DNS. However, we had set up Forwarders in MS DNS, and thoseforwarded DNS serverswere not resolving most of the DNS-based tests (thanks to our upstream providers :( ). So, Decludehad to wait for all of the DNS-based tests to time out, which meant total processing time on a single email was about 90 seconds. 2. We had three DNS-based tests that were timing out: RRBL, SBBL, and SOLID.SOLID is dead and the other two report server failure, which may be temporary. To find out if you are using any dead or failing DNS tests, switch to LOGLEVEL DEBUG for a couple of minutes or so, and trace a message through to see if any tests are not responding. After removing the DNS forwarders and the failed or dead DNS tests, processing time was down to 8 seconds. I doubt we'll see the overload issue again unless we don't pay attention to dead or unavailable DNS tests, or wehave a real load issue. Darin. - Original Message - From: Will To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 9:04 AM Subject: RE: [Declude.JunkMail] Declude Woes Just an update Last week I had disabled Declude and cleaned out my spool directory. For the next day I had not experienced any issues. My spooled messages are staying well under 500 and mail is flowing exactly how I want it to (without Declude). Now, we can get away with not having Declude Junkmail for a bit, but I really needed virus scanning, so I re-enabled Declude Antivirus. After I verified everything was running smoothly I downloaded F-prot and removed Mcafee before the weekend and things have also been running very smooth. Just a note, I had run Declude Antivirus for years without any issues and I only seem to run into these overflow problems when I introduce Declude Junkmail. Since the major issues I had last week I have made three changes I have modified the queue manager to process 100 messages at a time. I have disabled Declude Junkmail. I have now moved from Mcafee to F-Prot. The only one of these changes that has ensured that mail does not go into overflow and backup is the disabling of Declude Junkmail. Im not so sure its a DNS issue because the Imail spam filters run perfectly fine, which I am now using in place of Declude. They do not do as good a job identifying spam, but they are better than nothing. Things to think about: I was interested in the statement that the mail server can be setup to not bounce messages if they are detected as SPAM. This still confuses me, because the BOUNCEONLYIFYOUMUST statement in the $default$.junkmail file appears to actually bounce the messages. As it is, all my filters are set to WARN and I dont understand why changing them to BOUNCEONLYIFYOUMUST will help. I do not believe I have bulk mailers on my system, but I will not discount it. Does anyone have a good suggestion for determining this? After looking through my logs and running Imail log analyzer none of my own IPs stand out for message counts and the invalid user entries I find are from outside sources outside of my network. These connections are always denied and mail does not get processed onto our server. I will think about Declude HiJack. I still want to use Declude Junkmail, so I will test some of the suggestions put into place such as whitelisting my IP range and disabling outbout virus scanning, but other than these two suggestions, I dont see any major changes here that will affect me. Will Friday: SpamContent 13400 SpamPhrase 19107 SpamFeatures 1283 SpamUrlDomain 35018 LocalDeliver 92331 RemoteDeliver 10526 Saturday: SpamContent 10089 SpamPhrase 20739 SpamFeatures 1090 SpamUrlDomain 27194 LocalDeliver 83297 RemoteDeliver 9008 Sunday: SpamContent 10425 SpamPhrase 18741 SpamFeatures 793 SpamUrlDomain 25756 LocalDeliver 81033 RemoteDeliver 10142 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Friday, July 29, 2005 2:03 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Declude Woes Will, What you probably have are users bulk-mailing through your server (evidenced
RE: [Declude.JunkMail] Declude Woes Fixed
Title: Message I checked, and my config does not contain those DNS tests. My config came with the 2.0.6 install though. Is this the line I should be looking for? 08/01/2005 10:45:49.781 Q358E01613310 [5904] Total Time: 31ms [313ms elapsed minus DNS] Will -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Monday, August 01, 2005 10:00 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Declude Woes Fixed Hi Will, We finally found our problems over the weekend. They were two-fold. I'll document them here in the hopes someone else with this problem will benefit. 1. IMail and Declude are using local MS DNS. However, we had set up Forwarders in MS DNS, and thoseforwarded DNS serverswere not resolving most of the DNS-based tests (thanks to our upstream providers :( ). So, Decludehad to wait for all of the DNS-based tests to time out, which meant total processing time on a single email was about 90 seconds. 2. We had three DNS-based tests that were timing out: RRBL, SBBL, and SOLID.SOLID is dead and the other two report server failure, which may be temporary. To find out if you are using any dead or failing DNS tests, switch to LOGLEVEL DEBUG for a couple of minutes or so, and trace a message through to see if any tests are not responding. After removing the DNS forwarders and the failed or dead DNS tests, processing time was down to 8 seconds. I doubt we'll see the overload issue again unless we don't pay attention to dead or unavailable DNS tests, or wehave a real load issue. Darin. - Original Message - From: Will To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 9:04 AM Subject: RE: [Declude.JunkMail] Declude Woes Just an update Last week I had disabled Declude and cleaned out my spool directory. For the next day I had not experienced any issues. My spooled messages are staying well under 500 and mail is flowing exactly how I want it to (without Declude). Now, we can get away with not having Declude Junkmail for a bit, but I really needed virus scanning, so I re-enabled Declude Antivirus. After I verified everything was running smoothly I downloaded F-prot and removed Mcafee before the weekend and things have also been running very smooth. Just a note, I had run Declude Antivirus for years without any issues and I only seem to run into these overflow problems when I introduce Declude Junkmail. Since the major issues I had last week I have made three changes I have modified the queue manager to process 100 messages at a time. I have disabled Declude Junkmail. I have now moved from Mcafee to F-Prot. The only one of these changes that has ensured that mail does not go into overflow and backup is the disabling of Declude Junkmail. Im not so sure its a DNS issue because the Imail spam filters run perfectly fine, which I am now using in place of Declude. They do not do as good a job identifying spam, but they are better than nothing. Things to think about: I was interested in the statement that the mail server can be setup to not bounce messages if they are detected as SPAM. This still confuses me, because the BOUNCEONLYIFYOUMUST statement in the $default$.junkmail file appears to actually bounce the messages. As it is, all my filters are set to WARN and I dont understand why changing them to BOUNCEONLYIFYOUMUST will help. I do not believe I have bulk mailers on my system, but I will not discount it. Does anyone have a good suggestion for determining this? After looking through my logs and running Imail log analyzer none of my own IPs stand out for message counts and the invalid user entries I find are from outside sources outside of my network. These connections are always denied and mail does not get processed onto our server. I will think about Declude HiJack. I still want to use Declude Junkmail, so I will test some of the suggestions put into place such as whitelisting my IP range and disabling outbout virus scanning, but other than these two suggestions, I dont see any major changes here that will affect me. Will Friday: SpamContent 13400 SpamPhrase 19107 SpamFeatures 1283 SpamUrlDomain 35018 LocalDeliver 92331 RemoteDeliver 10526 Saturday: SpamContent 10089 SpamPhrase 20739 SpamFeatures 1090 SpamUrlDomain 27194 LocalDeliver 83297 RemoteDeliver 9008 Sunday: SpamContent 10425 SpamPhrase 18741 SpamFeatures 793 SpamUrlDomain 25756 LocalDeliver 81033 RemoteDeliver 10142 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Friday, July 29, 2005 2:03 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Declude Woes Will, What you probably have are users bulk-mailing through your server (evidenced by the GSE files), issues with running both IMail Antispam
Re: [Declude.JunkMail] Declude Woes Fixed
Title: Message Nope...as it says it doesn't report the time used for DNS tests. You'll need to look through all lines for a particular message and see if any say the DNS-based test times out. I recommend using something like BareTail or BareGrep from BareMetalSoft to find and/or highlight lines for a particular message. Darin. - Original Message - From: Will To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 10:44 AM Subject: RE: [Declude.JunkMail] Declude Woes Fixed I checked, and my config does not contain those DNS tests. My config came with the 2.0.6 install though. Is this the line I should be looking for? 08/01/2005 10:45:49.781 Q358E01613310 [5904] Total Time: 31ms [313ms elapsed minus DNS] Will -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin CoxSent: Monday, August 01, 2005 10:00 AMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Declude Woes Fixed Hi Will, We finally found our problems over the weekend. They were two-fold. I'll document them here in the hopes someone else with this problem will benefit. 1. IMail and Declude are using local MS DNS. However, we had set up Forwarders in MS DNS, and thoseforwarded DNS serverswere not resolving most of the DNS-based tests (thanks to our upstream providers :( ). So, Decludehad to wait for all of the DNS-based tests to time out, which meant total processing time on a single email was about 90 seconds. 2. We had three DNS-based tests that were timing out: RRBL, SBBL, and SOLID.SOLID is dead and the other two report server failure, which may be temporary. To find out if you are using any dead or failing DNS tests, switch to LOGLEVEL DEBUG for a couple of minutes or so, and trace a message through to see if any tests are not responding. After removing the DNS forwarders and the failed or dead DNS tests, processing time was down to 8 seconds. I doubt we'll see the overload issue again unless we don't pay attention to dead or unavailable DNS tests, or wehave a real load issue. Darin. - Original Message - From: Will To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 9:04 AM Subject: RE: [Declude.JunkMail] Declude Woes Just an update Last week I had disabled Declude and cleaned out my spool directory. For the next day I had not experienced any issues. My spooled messages are staying well under 500 and mail is flowing exactly how I want it to (without Declude). Now, we can get away with not having Declude Junkmail for a bit, but I really needed virus scanning, so I re-enabled Declude Antivirus. After I verified everything was running smoothly I downloaded F-prot and removed Mcafee before the weekend and things have also been running very smooth. Just a note, I had run Declude Antivirus for years without any issues and I only seem to run into these overflow problems when I introduce Declude Junkmail. Since the major issues I had last week I have made three changes I have modified the queue manager to process 100 messages at a time. I have disabled Declude Junkmail. I have now moved from Mcafee to F-Prot. The only one of these changes that has ensured that mail does not go into overflow and backup is the disabling of Declude Junkmail. Im not so sure its a DNS issue because the Imail spam filters run perfectly fine, which I am now using in place of Declude. They do not do as good a job identifying spam, but they are better than nothing. Things to think about: I was interested in the statement that the mail server can be setup to not bounce messages if they are detected as SPAM. This still confuses me, because the BOUNCEONLYIFYOUMUST statement in the $default$.junkmail file appears to actually bounce the messages. As it is, all my filters are set to WARN and I dont understand why changing them to BOUNCEONLYIFYOUMUST will help. I do not believe I have bulk mailers on my system, but I will not discount it. Does anyone have a good suggestion for determining this? After looking through my logs and running Imail log analyzer none of my own IPs stand out for message counts and the invalid user entries I find are from outside sources outside of my network. These connections are always denied and mail does not get processed onto our server. I will think about Declude HiJack. I still want to use Declude Junkmail, so I will test some of the suggestions put into place such as whitelisting my IP range and disabling outbout virus scanning, but other than these two suggestions, I dont see any major changes here that will affect me. Will Friday: SpamContent 13400 SpamPhrase 19107 SpamFeatures 1283 SpamUrlDomain 35018 LocalDeliver 92331 RemoteDeliver 10526 Saturday: SpamContent 10089 SpamPhrase 20739 SpamFeatures 1090 SpamUrlDomain 27194 LocalDeliver 83297 RemoteDeliver 9008 Sunday: SpamContent 10425 SpamPhrase 18741
Re: [Declude.JunkMail] Declude Woes Fixed
Title: Message Wehaven't, but then we've been using forwarders with no recursion. Others on the list might be able to comment on their experiences. You could potentially use forwarders, but allow recursion... meaning DNS will use the forwarder first, and then try directly if it fails. We opted to remove the forwarders completely since the forwarderfailures were what was causing our processing delays. Darin. - Original Message - From: Will To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 10:31 AM Subject: RE: [Declude.JunkMail] Declude Woes Fixed Thanks Darin, this is very helpful and informative. Have you had an issue with MS DNS where it had a hard time resolving with root servers? I have seen this and when I add a forwarded to our upstream provider is works fine but I would rather depend on root hits. My root servers are up to date with internic. Will -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin CoxSent: Monday, August 01, 2005 10:00 AMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Declude Woes Fixed Hi Will, We finally found our problems over the weekend. They were two-fold. I'll document them here in the hopes someone else with this problem will benefit. 1. IMail and Declude are using local MS DNS. However, we had set up Forwarders in MS DNS, and thoseforwarded DNS serverswere not resolving most of the DNS-based tests (thanks to our upstream providers :( ). So, Decludehad to wait for all of the DNS-based tests to time out, which meant total processing time on a single email was about 90 seconds. 2. We had three DNS-based tests that were timing out: RRBL, SBBL, and SOLID.SOLID is dead and the other two report server failure, which may be temporary. To find out if you are using any dead or failing DNS tests, switch to LOGLEVEL DEBUG for a couple of minutes or so, and trace a message through to see if any tests are not responding. After removing the DNS forwarders and the failed or dead DNS tests, processing time was down to 8 seconds. I doubt we'll see the overload issue again unless we don't pay attention to dead or unavailable DNS tests, or wehave a real load issue. Darin. - Original Message - From: Will To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 9:04 AM Subject: RE: [Declude.JunkMail] Declude Woes Just an update Last week I had disabled Declude and cleaned out my spool directory. For the next day I had not experienced any issues. My spooled messages are staying well under 500 and mail is flowing exactly how I want it to (without Declude). Now, we can get away with not having Declude Junkmail for a bit, but I really needed virus scanning, so I re-enabled Declude Antivirus. After I verified everything was running smoothly I downloaded F-prot and removed Mcafee before the weekend and things have also been running very smooth. Just a note, I had run Declude Antivirus for years without any issues and I only seem to run into these overflow problems when I introduce Declude Junkmail. Since the major issues I had last week I have made three changes I have modified the queue manager to process 100 messages at a time. I have disabled Declude Junkmail. I have now moved from Mcafee to F-Prot. The only one of these changes that has ensured that mail does not go into overflow and backup is the disabling of Declude Junkmail. Im not so sure its a DNS issue because the Imail spam filters run perfectly fine, which I am now using in place of Declude. They do not do as good a job identifying spam, but they are better than nothing. Things to think about: I was interested in the statement that the mail server can be setup to not bounce messages if they are detected as SPAM. This still confuses me, because the BOUNCEONLYIFYOUMUST statement in the $default$.junkmail file appears to actually bounce the messages. As it is, all my filters are set to WARN and I dont understand why changing them to BOUNCEONLYIFYOUMUST will help. I do not believe I have bulk mailers on my system, but I will not discount it. Does anyone have a good suggestion for determining this? After looking through my logs and running Imail log analyzer none of my own IPs stand out for message counts and the invalid user entries I find are from outside sources outside of my network. These connections are always denied and mail does not get processed onto our server. I will think about Declude HiJack. I still want to use Declude Junkmail, so I will test some of the suggestions put into place such as whitelisting my IP range and disabling outbout virus scanning, but other than these two suggestions, I dont see any major changes here that will affect me. Will Friday: SpamContent 13400 SpamPhrase 19107 SpamFeatures 1283 SpamUrlDomain 35018 LocalDeliver 92331 RemoteDeliver 10526 Saturday: SpamContent
Re: [Declude.JunkMail] Declude Woes Fixed
Title: Message Hi List, I'm not sure if related or not, but since a few days we are getting at MS DNS 2000 Server, many EventIDs 5504 messages saying that malformed packets were received by some roots hints. And besides that, some domains are resolved to.freeservers !!! The cache protection is activated, but not lucky with it. Each one or two days, we must 'clean cache' to keep it working. No forwarders, unchecked 'disable recursion' and 'Fail on load if..', Name checking in Multibyte, unchecked automatic scavenging But each day, 'cleaning the cache' Ideas ?? Darin Cox escribi: Wehaven't, but then we've been using forwarders with no recursion. Others on the list might be able to comment on their experiences. You could potentially use forwarders, but allow recursion... meaning DNS will use the forwarder first, and then try directly if it fails. We opted to remove the forwarders completely since the forwarderfailures were what was causing our processing delays. Darin. - Original Message - From: Will To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 10:31 AM Subject: RE: [Declude.JunkMail] Declude Woes Fixed Thanks Darin, this is very helpful and informative. Have you had an issue with MS DNS where it had a hard time resolving with root servers? I have seen this and when I add a forwarded to our upstream provider is works fine but I would rather depend on root hits. My root servers are up to date with internic. Will -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darin Cox Sent: Monday, August 01, 2005 10:00 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Declude Woes Fixed Hi Will, We finally found our problems over the weekend. They were two-fold. I'll document them here in the hopes someone else with this problem will benefit. 1. IMail and Declude are using local MS DNS. However, we had set up Forwarders in MS DNS, and thoseforwarded DNS serverswere not resolving most of the DNS-based tests (thanks to our upstream providers :( ). So, Decludehad to wait for all of the DNS-based tests to time out, which meant total processing time on a single email was about 90 seconds. 2. We had three DNS-based tests that were timing out: RRBL, SBBL, and SOLID.SOLID is dead and the other two report server failure, which may be temporary. To find out if you are using any dead or failing DNS tests, switch to LOGLEVEL DEBUG for a couple of minutes or so, and trace a message through to see if any tests are not responding. After removing the DNS forwarders and the failed or dead DNS tests, processing time was down to 8 seconds. I doubt we'll see the overload issue again unless we don't pay attention to dead or unavailable DNS tests, or wehave a real load issue. Darin. - Original Message - From: Will To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 9:04 AM Subject: RE: [Declude.JunkMail] Declude Woes Just an update Last week I had disabled Declude and cleaned out my spool directory. For the next day I had not experienced any issues. My spooled messages are staying well under 500 and mail is flowing exactly how I want it to (without Declude). Now, we can get away with not having Declude Junkmail for a bit, but I really needed virus scanning, so I re-enabled Declude Antivirus. After I verified everything was running smoothly I downloaded F-prot and removed Mcafee before the weekend and things have also been running very smooth. Just a note, I had run Declude Antivirus for years without any issues and I only seem to run into these overflow problems when I introduce Declude Junkmail. Since the major issues I had last week I have made three changes I have modified the queue manager to process 100 messages at a time. I have disabled Declude Junkmail. I have now moved from Mcafee to F-Prot. The only one of these changes that has ensured that mail does not go into overflow and backup is the disabling of Declude Junkmail. Im not so sure its a DNS issue because the Imail spam filters run perfectly fine, which I am now using in place of Declude. They do not do as good a job identifying spam, but they are better than nothing. Things to think about: I was interested in the statement that the mail server can be setup to not bounce messages if they are detected as SPAM. This still confuses me, because the BOUNCEONLYIFYOUMUST statement in the $default$.junkmail file appears to actually bounce the messages. As it is, all my filters are set to WARN and I dont understand why changing them to BOUNCEONLYIFYOUMUST will help. I do not believe I have bulk mailers on my system, but I will not discount it. Does anyone have a good suggestion for determining this? After
Re: [Declude.JunkMail] Declude Woes Fixed
Title: Message Norton Corp. 10, updated everyday, says it's clean. I'm afraid of M$ BUG. No hotfix to download ( Windows Updated weekly ) The 5504 points to a couple of x.name-servers.net. NO idea, and wrong surfing !! Andres Darin Cox escribi: That's the same config we're running. It's only been one day, but we haven't seen any 5504's. Spyware or root kit? Darin. - Original Message - From: Ing. Andrs E. Gallo To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 11:57 AM Subject: Re: [Declude.JunkMail] Declude Woes Fixed Hi List, I'm not sure if related or not, but since a few days we are getting at MS DNS 2000 Server, many EventIDs 5504 messages saying that malformed packets were received by some roots hints. And besides that, some domains are resolved to.freeservers !!! The cache protection is activated, but not lucky with it. Each one or two days, we must 'clean cache' to keep it working. No forwarders, unchecked 'disable recursion' and 'Fail on load if..', Name checking in Multibyte, unchecked automatic scavenging But each day, 'cleaning the cache' Ideas ?? Darin Cox escribi: Wehaven't, but then we've been using forwarders with no recursion. Others on the list might be able to comment on their experiences. You could potentially use forwarders, but allow recursion... meaning DNS will use the forwarder first, and then try directly if it fails. We opted to remove the forwarders completely since the forwarderfailures were what was causing our processing delays. Darin. - Original Message - From: Will To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 10:31 AM Subject: RE: [Declude.JunkMail] Declude Woes Fixed Thanks Darin, this is very helpful and informative. Have you had an issue with MS DNS where it had a hard time resolving with root servers? I have seen this and when I add a forwarded to our upstream provider is works fine but I would rather depend on root hits. My root servers are up to date with internic. Will -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darin Cox Sent: Monday, August 01, 2005 10:00 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Declude Woes Fixed Hi Will, We finally found our problems over the weekend. They were two-fold. I'll document them here in the hopes someone else with this problem will benefit. 1. IMail and Declude are using local MS DNS. However, we had set up Forwarders in MS DNS, and thoseforwarded DNS serverswere not resolving most of the DNS-based tests (thanks to our upstream providers :( ). So, Decludehad to wait for all of the DNS-based tests to time out, which meant total processing time on a single email was about 90 seconds. 2. We had three DNS-based tests that were timing out: RRBL, SBBL, and SOLID.SOLID is dead and the other two report server failure, which may be temporary. To find out if you are using any dead or failing DNS tests, switch to LOGLEVEL DEBUG for a couple of minutes or so, and trace a message through to see if any tests are not responding. After removing the DNS forwarders and the failed or dead DNS tests, processing time was down to 8 seconds. I doubt we'll see the overload issue again unless we don't pay attention to dead or unavailable DNS tests, or wehave a real load issue. Darin. - Original Message - From: Will To: Declude.JunkMail@declude.com Sent: Monday, August 01, 2005 9:04 AM Subject: RE: [Declude.JunkMail] Declude Woes Just an update Last week I had disabled Declude and cleaned out my spool directory. For the next day I had not experienced any issues. My spooled messages are staying well under 500 and mail is flowing exactly how I want it to (without Declude). Now, we can get away with not having Declude Junkmail for a bit, but I really needed virus scanning, so I re-enabled Declude Antivirus. After I verified everything was running smoothly I downloaded F-prot and removed Mcafee before the weekend and things have also been running very smooth. Just a note, I had run Declude Antivirus for years without any issues and I only seem to run into these overflow problems when I introduce Declude Junkmail. Since the major issues I had last week I have made three changes I have modified the queue manager to process 100 messages at a time. I have disabled Declude Junkmail. I have now moved from Mcafee to F-Prot. The only one of these changes that has ensured that mail does not go into overflow and backup is the disabling
