[Declude.JunkMail] Fine tuning Declude

2010-05-12 Thread Michael Cummins 
So this past week has been fairly hellish for me, buried in the thick of
Botnet Spam storms.  (Quite a number of people seem to be experiencing them,
at least as reported over on the [SNIFFER] list)

 

My implementation of Declude seems to be pressed to its limits to handle the
volume.

 

1)  Dedicated SmarterMail 6.8

2)  Declude, Invaluement RBLs added, running off a SimpleDNSPlus install
on another local machine

3)  INVURIBL with Invaluement and SpamEatingMonkey added

4)  SNIFFER, integrated with Declude

 

This is the root of my volume issues: this box is a dedicated Incoming
Gateway for several dozen Exchange servers for SMBs, which means it accepts
ALL mail for those domains.  It's not like my other mail server that rejects
bad addresses right off the bat.  When the spam storms hit, it's like a
hurricane.  My usual Sniffer-measured rate of about 150-200k messages per
day kick up as high as 850k.  I don't really handle that much mail, but
that's the rate when it storms.  My regular SmarterMail server that dishes
out POP/IMAP handles a more appropriate level of 50k messages per day.

 

1)  If I keep WAITBETWEENTHREADS too low, DecludeProc will race up to
the top of THREADS and crash when the storms hit.  I currently find that 45
is the bleeding edge of sanity (for my config) with INVURIBL and SNIFFER
running, but in a bad storm, even that is too low, and sometimes I have to
drop it back to 60 or 65; but then it's just keeping up with things, and
it's difficult to reduce the backlog that swelled during the crash.

2)  If I keep WAITBETWEENTHREADS too high, like around 100, Declude is
stable as a rock, but can't keep up with the mail load when times get tough.

3)  When things get bad, I go into GLOBAL.CFG and comment out INVURIBL
and/or the many SNIFFER tests.  

 

Does anyone have any useful advice for beefing up or streamlining this
process? 

 

What hardware choices have the biggest impact on Declude?

 

As an aside, I imagine that you could prevent a lot of Declude crashes if
WAITBETWEENTRHEADS was a dynamic setting, derived from the mail rate.  Yes?
No?

 

On a related note, I've been building a Declude Management interface in
ColdFusion that makes excellent use of Mark Russinovich's Sysinternals suite
of tools, most specifically PsList and PsKill, so I can keep a careful eye
on DecludeProc on my two machines, and using the Microsoft FSO to keep an
eye on file counts.

 

Sysinternals

http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

 

FSO

http://msdn.microsoft.com/en-us/library/z9ty6h50(VS.85).aspx

 

I really recommend those tools.  FSO is really responsive when inspecting
large file counts, for keeping an eye on /spool/  /proc/ and /review/.  You
can write a parse the results of PsList to keep an eye on the number of
Threads that Declude is spawning, and even detect a crash.

 

Oh, and I have to compliment Linda and David for their relentless and
professional service.  They are a fantastic and responsive team.  BZ!

 

-- Michael Cummins

 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Fine tuning Declude

2010-05-12 Thread Scott Fisher 
I put an alligate server in front of Declude. It kills about 95% of incoming 
connections.
Declude Intercepter incorporates this
Sent via BlackBerry by ATT

-Original Message-
From: Michael Cummins mich...@i-magery.com
Date: Wed, 12 May 2010 09:25:57 
To: declude.junkmail@declude.com
Subject: [Declude.JunkMail] Fine tuning Declude

So this past week has been fairly hellish for me, buried in the thick of
Botnet Spam storms.  (Quite a number of people seem to be experiencing them,
at least as reported over on the [SNIFFER] list)

 

My implementation of Declude seems to be pressed to its limits to handle the
volume.

 

1)  Dedicated SmarterMail 6.8

2)  Declude, Invaluement RBLs added, running off a SimpleDNSPlus install
on another local machine

3)  INVURIBL with Invaluement and SpamEatingMonkey added

4)  SNIFFER, integrated with Declude

 

This is the root of my volume issues: this box is a dedicated Incoming
Gateway for several dozen Exchange servers for SMBs, which means it accepts
ALL mail for those domains.  It's not like my other mail server that rejects
bad addresses right off the bat.  When the spam storms hit, it's like a
hurricane.  My usual Sniffer-measured rate of about 150-200k messages per
day kick up as high as 850k.  I don't really handle that much mail, but
that's the rate when it storms.  My regular SmarterMail server that dishes
out POP/IMAP handles a more appropriate level of 50k messages per day.

 

1)  If I keep WAITBETWEENTHREADS too low, DecludeProc will race up to
the top of THREADS and crash when the storms hit.  I currently find that 45
is the bleeding edge of sanity (for my config) with INVURIBL and SNIFFER
running, but in a bad storm, even that is too low, and sometimes I have to
drop it back to 60 or 65; but then it's just keeping up with things, and
it's difficult to reduce the backlog that swelled during the crash.

2)  If I keep WAITBETWEENTHREADS too high, like around 100, Declude is
stable as a rock, but can't keep up with the mail load when times get tough.

3)  When things get bad, I go into GLOBAL.CFG and comment out INVURIBL
and/or the many SNIFFER tests.  

 

Does anyone have any useful advice for beefing up or streamlining this
process? 

 

What hardware choices have the biggest impact on Declude?

 

As an aside, I imagine that you could prevent a lot of Declude crashes if
WAITBETWEENTRHEADS was a dynamic setting, derived from the mail rate.  Yes?
No?

 

On a related note, I've been building a Declude Management interface in
ColdFusion that makes excellent use of Mark Russinovich's Sysinternals suite
of tools, most specifically PsList and PsKill, so I can keep a careful eye
on DecludeProc on my two machines, and using the Microsoft FSO to keep an
eye on file counts.

 

Sysinternals

http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

 

FSO

http://msdn.microsoft.com/en-us/library/z9ty6h50(VS.85).aspx

 

I really recommend those tools.  FSO is really responsive when inspecting
large file counts, for keeping an eye on /spool/  /proc/ and /review/.  You
can write a parse the results of PsList to keep an eye on the number of
Threads that Declude is spawning, and even detect a crash.

 

Oh, and I have to compliment Linda and David for their relentless and
professional service.  They are a fantastic and responsive team.  BZ!

 

-- Michael Cummins

 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Fine tuning Declude

2010-05-12 Thread Harry Vanderzand 
I solved the load issue by putting Alligate  in front of the mail server.  I
put it in the same server and can handle everything coming at it much better
than before.  Alligate gets rid of the obvious spam, about  90 %, before it
hits my mail software

 

Thank you

 

Please note our new Address

 

Harry Vanderzand

Intown Internet

740 Erbsville Road

Waterloo, On, N2J 3Z4

519-741-1222

 

DISCLAIMER: The information in this message is confidential and may be
legally privileged. It is intended solely for the addressee. Access to this
message by anyone else is unauthorised. If you are not the intended
recipient, any disclosure, copying,or distribution of the message, or any
action or omission taken by you in reliance on it, is prohibited and may be
unlawful. Please immediately contact the sender if you have received this
message in error. Thank you. 

 

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael
Cummins
Sent: May-12-10 9:26 AM
To: declude.junkmail@declude.com
Subject: [Declude.JunkMail] Fine tuning Declude

 

So this past week has been fairly hellish for me, buried in the thick of
Botnet Spam storms.  (Quite a number of people seem to be experiencing them,
at least as reported over on the [SNIFFER] list)

 

My implementation of Declude seems to be pressed to its limits to handle the
volume.

 

1)  Dedicated SmarterMail 6.8

2)  Declude, Invaluement RBLs added, running off a SimpleDNSPlus install
on another local machine

3)  INVURIBL with Invaluement and SpamEatingMonkey added

4)  SNIFFER, integrated with Declude

 

This is the root of my volume issues: this box is a dedicated Incoming
Gateway for several dozen Exchange servers for SMBs, which means it accepts
ALL mail for those domains.  It's not like my other mail server that rejects
bad addresses right off the bat.  When the spam storms hit, it's like a
hurricane.  My usual Sniffer-measured rate of about 150-200k messages per
day kick up as high as 850k.  I don't really handle that much mail, but
that's the rate when it storms.  My regular SmarterMail server that dishes
out POP/IMAP handles a more appropriate level of 50k messages per day.

 

1)  If I keep WAITBETWEENTHREADS too low, DecludeProc will race up to
the top of THREADS and crash when the storms hit.  I currently find that 45
is the bleeding edge of sanity (for my config) with INVURIBL and SNIFFER
running, but in a bad storm, even that is too low, and sometimes I have to
drop it back to 60 or 65; but then it's just keeping up with things, and
it's difficult to reduce the backlog that swelled during the crash.

2)  If I keep WAITBETWEENTHREADS too high, like around 100, Declude is
stable as a rock, but can't keep up with the mail load when times get tough.

3)  When things get bad, I go into GLOBAL.CFG and comment out INVURIBL
and/or the many SNIFFER tests.  

 

Does anyone have any useful advice for beefing up or streamlining this
process? 

 

What hardware choices have the biggest impact on Declude?

 

As an aside, I imagine that you could prevent a lot of Declude crashes if
WAITBETWEENTRHEADS was a dynamic setting, derived from the mail rate.  Yes?
No?

 

On a related note, I've been building a Declude Management interface in
ColdFusion that makes excellent use of Mark Russinovich's Sysinternals suite
of tools, most specifically PsList and PsKill, so I can keep a careful eye
on DecludeProc on my two machines, and using the Microsoft FSO to keep an
eye on file counts.

 

Sysinternals

http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

 

FSO

http://msdn.microsoft.com/en-us/library/z9ty6h50(VS.85).aspx

 

I really recommend those tools.  FSO is really responsive when inspecting
large file counts, for keeping an eye on /spool/  /proc/ and /review/.  You
can write a parse the results of PsList to keep an eye on the number of
Threads that Declude is spawning, and even detect a crash.

 

Oh, and I have to compliment Linda and David for their relentless and
professional service.  They are a fantastic and responsive team.  BZ!

 

-- Michael Cummins

 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Fine tuning Declude

2010-05-12 Thread Michael Cummins 
I actually paid for Alligate a couple of years ago, but then had to
repurpose the hardware for a casualty before I could install it and trial
it.  I never got around to putting it together after that (I'm not a big
company, and I don't have a huge budget).  It expired, and now every year
Alligate contacts me asking me if I want to renew, and I write them back
asking them if I simply lost my money, and they never respond again until
the following year.  It's like a bad game now.

 

I don't have a lot of confidence in them.  Which is sad.  I hear it's a fine
product.

 

-- Michael Cummins

 

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Scott
Fisher
Sent: Wednesday, May 12, 2010 9:54 AM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] Fine tuning Declude

 

I put an alligate server in front of Declude. It kills about 95% of incoming
connections.
Declude Intercepter incorporates this

Sent via BlackBerry by ATT

  _  

From: Michael Cummins mich...@i-magery.com 

Date: Wed, 12 May 2010 09:25:57 -0400

To: declude.junkmail@declude.com

Subject: [Declude.JunkMail] Fine tuning Declude

 

So this past week has been fairly hellish for me, buried in the thick of
Botnet Spam storms.  (Quite a number of people seem to be experiencing them,
at least as reported over on the [SNIFFER] list)

 

My implementation of Declude seems to be pressed to its limits to handle the
volume.

 

1)  Dedicated SmarterMail 6.8

2)  Declude, Invaluement RBLs added, running off a SimpleDNSPlus install
on another local machine

3)  INVURIBL with Invaluement and SpamEatingMonkey added

4)  SNIFFER, integrated with Declude

 

This is the root of my volume issues: this box is a dedicated Incoming
Gateway for several dozen Exchange servers for SMBs, which means it accepts
ALL mail for those domains.  It's not like my other mail server that rejects
bad addresses right off the bat.  When the spam storms hit, it's like a
hurricane.  My usual Sniffer-measured rate of about 150-200k messages per
day kick up as high as 850k.  I don't really handle that much mail, but
that's the rate when it storms.  My regular SmarterMail server that dishes
out POP/IMAP handles a more appropriate level of 50k messages per day.

 

1)  If I keep WAITBETWEENTHREADS too low, DecludeProc will race up to
the top of THREADS and crash when the storms hit.  I currently find that 45
is the bleeding edge of sanity (for my config) with INVURIBL and SNIFFER
running, but in a bad storm, even that is too low, and sometimes I have to
drop it back to 60 or 65; but then it's just keeping up with things, and
it's difficult to reduce the backlog that swelled during the crash.

2)  If I keep WAITBETWEENTHREADS too high, like around 100, Declude is
stable as a rock, but can't keep up with the mail load when times get tough.

3)  When things get bad, I go into GLOBAL.CFG and comment out INVURIBL
and/or the many SNIFFER tests.  

 

Does anyone have any useful advice for beefing up or streamlining this
process? 

 

What hardware choices have the biggest impact on Declude?

 

As an aside, I imagine that you could prevent a lot of Declude crashes if
WAITBETWEENTRHEADS was a dynamic setting, derived from the mail rate.  Yes?
No?

 

On a related note, I've been building a Declude Management interface in
ColdFusion that makes excellent use of Mark Russinovich's Sysinternals suite
of tools, most specifically PsList and PsKill, so I can keep a careful eye
on DecludeProc on my two machines, and using the Microsoft FSO to keep an
eye on file counts.

 

Sysinternals

http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

 

FSO

http://msdn.microsoft.com/en-us/library/z9ty6h50(VS.85).aspx

 

I really recommend those tools.  FSO is really responsive when inspecting
large file counts, for keeping an eye on /spool/  /proc/ and /review/.  You
can write a parse the results of PsList to keep an eye on the number of
Threads that Declude is spawning, and even detect a crash.

 

Oh, and I have to compliment Linda and David for their relentless and
professional service.  They are a fantastic and responsive team.  BZ!

 

-- Michael Cummins

 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Fine tuning Declude

2010-05-12 Thread Nick Hayer 
Hi Michael,

I guess this is best said - let it go,,,Alligate is the the way to go in 
front of Declude - Contact them again - they probaby will be glad to set you up 
with at trial even of some sort,

-Nick

MadRiverAccess.com|Skywaves.com Tech Support 
US/Canada 877-873-6482 or International +1-802-229-6574 
Emergency Support 24/7: supp...@skywaves.net 
General and Non-Emergency support ticket: 
https://www.skywaves.com/content/secure/support_ticket.htm







From: Michael Cummins mich...@i-magery.com
Sent: Wednesday, May 12, 2010 10:25 AM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Fine tuning Declude



I actually paid for Alligate a couple of years ago, but then had
to repurpose the hardware for a casualty before I could install it and trial 
it. 
I never got around to putting it together after that (I'm not a big company,
and I don't have a huge budget).  It expired, and now every year Alligate
contacts me asking me if I want to renew, and I write them back asking them if
I simply lost my money, and they never respond again until the following year. 
It's like a bad game now.
 
I don't have a lot of confidence in them.  Which is sad.  I hear
it's a fine product.
 

-- Michael Cummins
 

 


From: supp...@declude.com
[mailto:supp...@declude.com] On Behalf Of Scott Fisher
Sent: Wednesday, May 12, 2010 9:54 AM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] Fine tuning Declude


 
I put an alligate server in front of Declude. It kills about
95% of incoming connections.
Declude Intercepter incorporates this


Sent via BlackBerry by ATT






From: Michael Cummins
mich...@i-magery.com 


Date: Wed, 12 May 2010 09:25:57 -0400


To: declude.junkmail@declude.com


Subject: [Declude.JunkMail] Fine tuning Declude


 

So this past week has been fairly hellish for me, buried in the
thick of Botnet Spam storms.  (Quite a number of people seem to be experiencing
them, at least as reported over on the [SNIFFER] list)
 
My implementation of Declude seems to be pressed to its limits
to handle the volume.
 
1) 
Dedicated SmarterMail 6.8
2) 
Declude, Invaluement RBLs added, running off a SimpleDNSPlus
install on another local machine
3) 
INVURIBL with Invaluement and SpamEatingMonkey added
4) 
SNIFFER, integrated with Declude
 
This is the root of my volume issues: this box is a dedicated
Incoming Gateway for several dozen Exchange servers for SMBs, which means it
accepts ALL mail for those domains.  It's not like my other mail server
that rejects bad addresses right off the bat.  When the spam storms hit,
it's like a hurricane.  My usual Sniffer-measured rate of about 150-200k
messages per day kick up as high as 850k.  I don't really handle that much
mail, but that's the rate when it storms.  My regular SmarterMail server
that dishes out POP/IMAP handles a more appropriate level of 50k messages per
day.
 
1) 
If I keep WAITBETWEENTHREADS too low, DecludeProc will race up
to the top of THREADS and crash when the storms hit.  I currently find
that 45 is the bleeding edge of sanity (for my config) with INVURIBL and
SNIFFER running, but in a bad storm, even that is too low, and sometimes I have
to drop it back to 60 or 65; but then it's just keeping up with things, and
it's difficult to reduce the backlog that swelled during the crash.
2) 
If I keep WAITBETWEENTHREADS too high, like around 100, Declude
is stable as a rock, but can't keep up with the mail load when times get tough.
3) 
When things get bad, I go into GLOBAL.CFG and comment out
INVURIBL and/or the many SNIFFER tests.  
 
Does anyone have any useful advice for beefing up or
streamlining this process? 
 
What hardware choices have the biggest impact on Declude?
 
As an aside, I imagine that you could prevent a lot of Declude
crashes if WAITBETWEENTRHEADS was a dynamic setting, derived from the mail
rate.  Yes?  No?
 
On a related note, I've been building a Declude Management
interface in ColdFusion that makes excellent use of Mark Russinovich's
Sysinternals suite of tools, most specifically PsList and PsKill, so I can keep
a careful eye on DecludeProc on my two machines, and using the Microsoft FSO to
keep an eye on file counts.
 
Sysinternals
http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx
 
FSO
http://msdn.microsoft.com/en-us/library/z9ty6h50(VS.85).aspx
 
I really recommend those tools.  FSO is really responsive
when inspecting large file counts, for keeping an eye on /spool/  /proc/
and /review/.  You can write a parse the results of PsList to keep an eye
on the number of Threads that Declude is spawning, and even detect a crash.
 
Oh, and I have to compliment Linda and David for their
relentless and professional service.  They are a fantastic and responsive
team.  BZ!
 
-- Michael Cummins
 

---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to

Re: [Declude.JunkMail] Fine tuning Declude

2010-05-12 Thread Scott Fisher 
Hardware reqs for alligate are fairly low too
Sent via BlackBerry by ATT

-Original Message-
From: Michael Cummins mich...@i-magery.com
Date: Wed, 12 May 2010 10:17:13 
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Fine tuning Declude

I actually paid for Alligate a couple of years ago, but then had to
repurpose the hardware for a casualty before I could install it and trial
it.  I never got around to putting it together after that (I'm not a big
company, and I don't have a huge budget).  It expired, and now every year
Alligate contacts me asking me if I want to renew, and I write them back
asking them if I simply lost my money, and they never respond again until
the following year.  It's like a bad game now.

 

I don't have a lot of confidence in them.  Which is sad.  I hear it's a fine
product.

 

-- Michael Cummins

 

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Scott
Fisher
Sent: Wednesday, May 12, 2010 9:54 AM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] Fine tuning Declude

 

I put an alligate server in front of Declude. It kills about 95% of incoming
connections.
Declude Intercepter incorporates this

Sent via BlackBerry by ATT

  _  

From: Michael Cummins mich...@i-magery.com 

Date: Wed, 12 May 2010 09:25:57 -0400

To: declude.junkmail@declude.com

Subject: [Declude.JunkMail] Fine tuning Declude

 

So this past week has been fairly hellish for me, buried in the thick of
Botnet Spam storms.  (Quite a number of people seem to be experiencing them,
at least as reported over on the [SNIFFER] list)

 

My implementation of Declude seems to be pressed to its limits to handle the
volume.

 

1)  Dedicated SmarterMail 6.8

2)  Declude, Invaluement RBLs added, running off a SimpleDNSPlus install
on another local machine

3)  INVURIBL with Invaluement and SpamEatingMonkey added

4)  SNIFFER, integrated with Declude

 

This is the root of my volume issues: this box is a dedicated Incoming
Gateway for several dozen Exchange servers for SMBs, which means it accepts
ALL mail for those domains.  It's not like my other mail server that rejects
bad addresses right off the bat.  When the spam storms hit, it's like a
hurricane.  My usual Sniffer-measured rate of about 150-200k messages per
day kick up as high as 850k.  I don't really handle that much mail, but
that's the rate when it storms.  My regular SmarterMail server that dishes
out POP/IMAP handles a more appropriate level of 50k messages per day.

 

1)  If I keep WAITBETWEENTHREADS too low, DecludeProc will race up to
the top of THREADS and crash when the storms hit.  I currently find that 45
is the bleeding edge of sanity (for my config) with INVURIBL and SNIFFER
running, but in a bad storm, even that is too low, and sometimes I have to
drop it back to 60 or 65; but then it's just keeping up with things, and
it's difficult to reduce the backlog that swelled during the crash.

2)  If I keep WAITBETWEENTHREADS too high, like around 100, Declude is
stable as a rock, but can't keep up with the mail load when times get tough.

3)  When things get bad, I go into GLOBAL.CFG and comment out INVURIBL
and/or the many SNIFFER tests.  

 

Does anyone have any useful advice for beefing up or streamlining this
process? 

 

What hardware choices have the biggest impact on Declude?

 

As an aside, I imagine that you could prevent a lot of Declude crashes if
WAITBETWEENTRHEADS was a dynamic setting, derived from the mail rate.  Yes?
No?

 

On a related note, I've been building a Declude Management interface in
ColdFusion that makes excellent use of Mark Russinovich's Sysinternals suite
of tools, most specifically PsList and PsKill, so I can keep a careful eye
on DecludeProc on my two machines, and using the Microsoft FSO to keep an
eye on file counts.

 

Sysinternals

http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

 

FSO

http://msdn.microsoft.com/en-us/library/z9ty6h50(VS.85).aspx

 

I really recommend those tools.  FSO is really responsive when inspecting
large file counts, for keeping an eye on /spool/  /proc/ and /review/.  You
can write a parse the results of PsList to keep an eye on the number of
Threads that Declude is spawning, and even detect a crash.

 

Oh, and I have to compliment Linda and David for their relentless and
professional service.  They are a fantastic and responsive team.  BZ!

 

-- Michael Cummins

 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe,

Re: [Declude.JunkMail] Fine tuning Declude

2010-05-12 Thread Darin Cox 
Hi Michael,

I may be able to help with this.  You mention doing gateway filtering for 
Exchange servers.  We also do that, but instead of accepting any address with 
the domain, we have accounts set up on our server and refuse connections that 
don't go to one of those accounts.

Now your next comment is probably that you don't want the extra management of 
setting up accounts on both servers.  Well we've handled that by using a sync 
process we developed to extract the list of accounts from the Exchange server, 
ship that up to the gateway server, and check to see what accounts need to be 
added or deleted.  We've been using this process for a couple of years with 
perfect success.

Since it is a batch process, it is scheduled to run every few minutes, so there 
could be a few minute delay when new accounts are added, but it has worked 
flawlessly for a couple of years.  There are checks in place to make sure 
incomplete transfers don't result in accounts being deleted or incorrect 
accounts getting added to the gateway, and notifications are sent every time 
accounts are added or deleted.

Currently it runs as a script on the destination Exchange or IMail server, and 
a scheduled process on a SQL database on our mail gateway server. Also, our 
gateway is an IMail server, but we could easily adapt it to use the account 
creation command line utilities I assume SmarterMail has.

One other comment about the implementation.  We maintain a hosts file for 
forwarding to the destination mail server, and use a subdomain to forward the 
mail for routing purposes, so the destination mail server is configured to 
accept mail for the subdomain.  That's a simple change in Exchange to add an 
SMTP alias, and can be added to the default policy in Exchange so it is 
automatically added when an account is created.

Anyway, if you have any interest, let me know.  I know we wouldn't be able to 
survive if we were accepting email for any address in a domain, so I feel your 
pain.

Best,

Darin Cox
4C Web
A division of 4C Design Technology Corp.
(813) 413-4883  Tampa Bay, FL
(919) 533-5000  Research Triangle, NC




- Original Message - 
From: Michael Cummins 
To: declude.junkmail@declude.com 
Sent: Wednesday, May 12, 2010 9:25 AM
Subject: [Declude.JunkMail] Fine tuning Declude


So this past week has been fairly hellish for me, buried in the thick of Botnet 
Spam storms.  (Quite a number of people seem to be experiencing them, at least 
as reported over on the [SNIFFER] list)

 

My implementation of Declude seems to be pressed to its limits to handle the 
volume.

 

1)  Dedicated SmarterMail 6.8

2)  Declude, Invaluement RBLs added, running off a SimpleDNSPlus install on 
another local machine

3)  INVURIBL with Invaluement and SpamEatingMonkey added

4)  SNIFFER, integrated with Declude

 

This is the root of my volume issues: this box is a dedicated Incoming Gateway 
for several dozen Exchange servers for SMBs, which means it accepts ALL mail 
for those domains.  It's not like my other mail server that rejects bad 
addresses right off the bat.  When the spam storms hit, it's like a hurricane.  
My usual Sniffer-measured rate of about 150-200k messages per day kick up as 
high as 850k.  I don't really handle that much mail, but that's the rate when 
it storms.  My regular SmarterMail server that dishes out POP/IMAP handles a 
more appropriate level of 50k messages per day.

 

1)  If I keep WAITBETWEENTHREADS too low, DecludeProc will race up to the 
top of THREADS and crash when the storms hit.  I currently find that 45 is the 
bleeding edge of sanity (for my config) with INVURIBL and SNIFFER running, but 
in a bad storm, even that is too low, and sometimes I have to drop it back to 
60 or 65; but then it's just keeping up with things, and it's difficult to 
reduce the backlog that swelled during the crash.

2)  If I keep WAITBETWEENTHREADS too high, like around 100, Declude is 
stable as a rock, but can't keep up with the mail load when times get tough.

3)  When things get bad, I go into GLOBAL.CFG and comment out INVURIBL 
and/or the many SNIFFER tests.  

 

Does anyone have any useful advice for beefing up or streamlining this process? 

 

What hardware choices have the biggest impact on Declude?

 

As an aside, I imagine that you could prevent a lot of Declude crashes if 
WAITBETWEENTRHEADS was a dynamic setting, derived from the mail rate.  Yes?  No?

 

On a related note, I've been building a Declude Management interface in 
ColdFusion that makes excellent use of Mark Russinovich's Sysinternals suite of 
tools, most specifically PsList and PsKill, so I can keep a careful eye on 
DecludeProc on my two machines, and using the Microsoft FSO to keep an eye on 
file counts.

 

Sysinternals

http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

 

FSO

http://msdn.microsoft.com/en-us/library/z9ty6h50(VS.85).aspx

 

I really recommend those tools.  FSO is really

Re: [Declude.JunkMail] Fine tuning Declude

2010-05-12 Thread Darin Cox 
Sorry guys, I meant to send this directly to Michael.  Got distracted with 
other email and phone calls, and didn't check the address before sending.

My apologies.

Darin.


- Original Message - 
From: Darin Cox 
To: declude.junkmail@declude.com 
Sent: Wednesday, May 12, 2010 10:55 AM
Subject: Re: [Declude.JunkMail] Fine tuning Declude


Hi Michael,

I may be able to help with this.  You mention doing gateway filtering for 
Exchange servers.  We also do that, but instead of accepting any address with 
the domain, we have accounts set up on our server and refuse connections that 
don't go to one of those accounts.

Now your next comment is probably that you don't want the extra management of 
setting up accounts on both servers.  Well we've handled that by using a sync 
process we developed to extract the list of accounts from the Exchange server, 
ship that up to the gateway server, and check to see what accounts need to be 
added or deleted.  We've been using this process for a couple of years with 
perfect success.

Since it is a batch process, it is scheduled to run every few minutes, so there 
could be a few minute delay when new accounts are added, but it has worked 
flawlessly for a couple of years.  There are checks in place to make sure 
incomplete transfers don't result in accounts being deleted or incorrect 
accounts getting added to the gateway, and notifications are sent every time 
accounts are added or deleted.

Currently it runs as a script on the destination Exchange or IMail server, and 
a scheduled process on a SQL database on our mail gateway server. Also, our 
gateway is an IMail server, but we could easily adapt it to use the account 
creation command line utilities I assume SmarterMail has.

One other comment about the implementation.  We maintain a hosts file for 
forwarding to the destination mail server, and use a subdomain to forward the 
mail for routing purposes, so the destination mail server is configured to 
accept mail for the subdomain.  That's a simple change in Exchange to add an 
SMTP alias, and can be added to the default policy in Exchange so it is 
automatically added when an account is created.

Anyway, if you have any interest, let me know.  I know we wouldn't be able to 
survive if we were accepting email for any address in a domain, so I feel your 
pain.

Best,

Darin Cox
4C Web
A division of 4C Design Technology Corp.
(813) 413-4883  Tampa Bay, FL
(919) 533-5000  Research Triangle, NC




- Original Message - 
From: Michael Cummins 
To: declude.junkmail@declude.com 
Sent: Wednesday, May 12, 2010 9:25 AM
Subject: [Declude.JunkMail] Fine tuning Declude


So this past week has been fairly hellish for me, buried in the thick of Botnet 
Spam storms.  (Quite a number of people seem to be experiencing them, at least 
as reported over on the [SNIFFER] list)

 

My implementation of Declude seems to be pressed to its limits to handle the 
volume.

 

1)  Dedicated SmarterMail 6.8

2)  Declude, Invaluement RBLs added, running off a SimpleDNSPlus install on 
another local machine

3)  INVURIBL with Invaluement and SpamEatingMonkey added

4)  SNIFFER, integrated with Declude

 

This is the root of my volume issues: this box is a dedicated Incoming Gateway 
for several dozen Exchange servers for SMBs, which means it accepts ALL mail 
for those domains.  It's not like my other mail server that rejects bad 
addresses right off the bat.  When the spam storms hit, it's like a hurricane.  
My usual Sniffer-measured rate of about 150-200k messages per day kick up as 
high as 850k.  I don't really handle that much mail, but that's the rate when 
it storms.  My regular SmarterMail server that dishes out POP/IMAP handles a 
more appropriate level of 50k messages per day.

 

1)  If I keep WAITBETWEENTHREADS too low, DecludeProc will race up to the 
top of THREADS and crash when the storms hit.  I currently find that 45 is the 
bleeding edge of sanity (for my config) with INVURIBL and SNIFFER running, but 
in a bad storm, even that is too low, and sometimes I have to drop it back to 
60 or 65; but then it's just keeping up with things, and it's difficult to 
reduce the backlog that swelled during the crash.

2)  If I keep WAITBETWEENTHREADS too high, like around 100, Declude is 
stable as a rock, but can't keep up with the mail load when times get tough.

3)  When things get bad, I go into GLOBAL.CFG and comment out INVURIBL 
and/or the many SNIFFER tests.  

 

Does anyone have any useful advice for beefing up or streamlining this process? 

 

What hardware choices have the biggest impact on Declude?

 

As an aside, I imagine that you could prevent a lot of Declude crashes if 
WAITBETWEENTRHEADS was a dynamic setting, derived from the mail rate.  Yes?  No?

 

On a related note, I've been building a Declude Management interface in 
ColdFusion that makes excellent use of Mark Russinovich's Sysinternals suite of 
tools, most specifically

RE: [Declude.JunkMail] Fine tuning Declude

2010-05-12 Thread Colbeck, Andrew 
I wrote a batch file once on a number of the exchange servers that used
VBS and LDAP to generate a list of valid exchange recipients and then
FTP them to the server where a CF script parsed it clean.
 
Michael, it sounds like you were most of the way there.
 
Alligate does have the feature you were working towards, which was a
recipient file for a given domain, the magic phrase being the rvInput
folder. I don't use it, but the rough idea is that you periodically drop
in a plain text file, say, per domain, in that folder and an Alligate
process picks them up.
 
Another one of the problems is that most all of my clients don't want to
disable NDRs with whatever solution I come up with, which makes it
fairly impossible to avoid backscatter.
 
This lets your gateway accept only email for valid recipients and reject
mail during the envelope conversation, thus you are not generating spam
backscatter and you are emitting valid NDRs only (when the bad guys
spoof a MAILFROM and you accept a message because your gateway can't
validate the recipient yet, then later bounce the message as
undeliverable, your backscatter spams the spoofed sender).
 
Darin's earlier message describes a way to accomplish the same thing via
IMail and aliases; I believe this method was pioneered by Sandy (Sanford
Whiteman) back in 2004 and the thread can be picked up here:
 
http://www.mail-archive.com/search?q=Exchange2aliasesl=declude.junkmail
%40declude.com
 
The trouble for you is that this is an even more significant
implementation for your clients than your scraping of their AD.
 
 
Andrew.



From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of
Michael Cummins
Sent: Wednesday, May 12, 2010 11:14 AM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Fine tuning Declude



I wrote a batch file once on a number of the exchange servers that used
VBS and LDAP to generate a list of valid exchange recipients and then
FTP them to the server where a CF script parsed it clean.  I didn't
quite know what to do with them when they got there though (I was
originally going to use them in Alligate, but never got that up and
going) and I don't have the full granular cooperation of all the
Exchange network peeps, only most of them, so it was difficult to
implement a one-size-fits-all policy regardless.

 

I'll put my thinking cap on.  

 

Another one of the problems is that most all of my clients don't want to
disable NDRs with whatever solution I come up with, which makes it
fairly impossible to avoid backscatter.  It goes in me one way, and out
another :p

 

 

Very Respectfully, 

 

Michael Cummins

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of
Darin Cox
Sent: Wednesday, May 12, 2010 10:55 AM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] Fine tuning Declude

 

Hi Michael,

 

I may be able to help with this.  You mention doing gateway filtering
for Exchange servers.  We also do that, but instead of accepting any
address with the domain, we have accounts set up on our server and
refuse connections that don't go to one of those accounts.

 

Now your next comment is probably that you don't want the extra
management of setting up accounts on both servers.  Well we've handled
that by using a sync process we developed to extract the list of
accounts from the Exchange server, ship that up to the gateway server,
and check to see what accounts need to be added or deleted.  We've been
using this process for a couple of years with perfect success.

 

Since it is a batch process, it is scheduled to run every few minutes,
so there could be a few minute delay when new accounts are added, but it
has worked flawlessly for a couple of years.  There are checks in place
to make sure incomplete transfers don't result in accounts being deleted
or incorrect accounts getting added to the gateway, and notifications
are sent every time accounts are added or deleted.

 

Currently it runs as a script on the destination Exchange or IMail
server, and a scheduled process on a SQL database on our mail gateway
server. Also, our gateway is an IMail server, but we could easily adapt
it to use the account creation command line utilities I assume
SmarterMail has.

 

One other comment about the implementation.  We maintain a hosts file
for forwarding to the destination mail server, and use a subdomain to
forward the mail for routing purposes, so the destination mail server is
configured to accept mail for the subdomain.  That's a simple change in
Exchange to add an SMTP alias, and can be added to the default policy in
Exchange so it is automatically added when an account is created.

 

Anyway, if you have any interest, let me know.  I know we wouldn't be
able to survive if we were accepting email for any address in a domain,
so I feel your pain.

 

Best,


Darin Cox
4C Web
A division of 4C Design Technology Corp.
(813) 413-4883  Tampa Bay, FL
(919) 533-5000  Research

RE: [Declude.JunkMail] Fine tuning Declude

2010-05-12 Thread Andy Schmidt 
Hi Michael:

 

I have a Windows script that I use with a whole bunch of different Exchange
customers to pull their email addresses from their servers and dump them
into a small JET (.mdb = Access) Database.  It does have a few input
parameters where you configure the LDAP path to the mail domain (because
many Exchange customers have different schemes), the LDAP user/pwd, and
which alias domain names to generate.

 

I uses that list in a SQL query that my ORF gateway uses to block invalid
email address and outright terminate connections that have too many invalid
email addresses. If you have any use for it, I'll be happy to let you have
it. Instead of outputting database rows, you could certainly expand the
script to output a flat file instead or add alias items to the IMAIL
registry, etc.

 

Best Regards,

Andy

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael
Cummins
Sent: Wednesday, May 12, 2010 2:14 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Fine tuning Declude

 

I wrote a batch file once on a number of the exchange servers that used VBS
and LDAP to generate a list of valid exchange recipients and then FTP them
to the server where a CF script parsed it clean.  I didn't quite know what
to do with them when they got there though (I was originally going to use
them in Alligate, but never got that up and going) and I don't have the full
granular cooperation of all the Exchange network peeps, only most of them,
so it was difficult to implement a one-size-fits-all policy regardless.

 

I'll put my thinking cap on.  

 

Another one of the problems is that most all of my clients don't want to
disable NDRs with whatever solution I come up with, which makes it fairly
impossible to avoid backscatter.  It goes in me one way, and out another :p

 

 

Very Respectfully, 

 

Michael Cummins 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Fine tuning Declude

2010-05-12 Thread Michael Cummins 
That sounds like it would be fun to review, regardless.  I can dig up my old
script and post it, too.  Mine is pretty primitive: spew and parse.

 

Does it reach out to LDAP from the internet side of things, through a
properly configured firewall, I imagine?  Mine was a local script that
uploaded.  I like your idea better, if I am reading it right.  With your
idea, I provide minimum requirements instead of installation steps.

 

 

Very Respectfully, 

 

Michael Cummins

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Wednesday, May 12, 2010 3:07 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Fine tuning Declude

 

Hi Michael:

 

I have a Windows script that I use with a whole bunch of different Exchange
customers to pull their email addresses from their servers and dump them
into a small JET (.mdb = Access) Database.  It does have a few input
parameters where you configure the LDAP path to the mail domain (because
many Exchange customers have different schemes), the LDAP user/pwd, and
which alias domain names to generate.

 

I uses that list in a SQL query that my ORF gateway uses to block invalid
email address and outright terminate connections that have too many invalid
email addresses. If you have any use for it, I'll be happy to let you have
it. Instead of outputting database rows, you could certainly expand the
script to output a flat file instead or add alias items to the IMAIL
registry, etc.

 

Best Regards,

Andy

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael
Cummins
Sent: Wednesday, May 12, 2010 2:14 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Fine tuning Declude

 

I wrote a batch file once on a number of the exchange servers that used VBS
and LDAP to generate a list of valid exchange recipients and then FTP them
to the server where a CF script parsed it clean.  I didn't quite know what
to do with them when they got there though (I was originally going to use
them in Alligate, but never got that up and going) and I don't have the full
granular cooperation of all the Exchange network peeps, only most of them,
so it was difficult to implement a one-size-fits-all policy regardless.

 

I'll put my thinking cap on.  

 

Another one of the problems is that most all of my clients don't want to
disable NDRs with whatever solution I come up with, which makes it fairly
impossible to avoid backscatter.  It goes in me one way, and out another :p

 

 

Very Respectfully, 

 

Michael Cummins 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Fine tuning Declude

2010-05-12 Thread Andy Schmidt 
Not sure that this list supports attachments - but here it is.

 

Here's how I launch it every half hour:

 

cscript //Nologo ExtractLDAP.wsf 70.255.255.84 ou=Their
Staff,dc=TheirCompany,dc=local logon.u...@theircompany.local mypassword
domainalias1.com domainalias2.com domainalias3.com TheirCompany

 

I usually use the LDAP Explorer tool to make sure I can connect to their
LDAP port through their firewall, that they have set up a valid
user/password for me, etc. Then I navigate through their LDAP hierarchy to
determine the correct OU/DC/DC, CN/DC/DC, etc path to their email users.
Once that succeeds I can simply take that info and use it as the parameters
to my script.

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael
Cummins
Sent: Wednesday, May 12, 2010 3:25 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Fine tuning Declude

 

That sounds like it would be fun to review, regardless.  I can dig up my old
script and post it, too.  Mine is pretty primitive: spew and parse.

 

Does it reach out to LDAP from the internet side of things, through a
properly configured firewall, I imagine?  Mine was a local script that
uploaded.  I like your idea better, if I am reading it right.  With your
idea, I provide minimum requirements instead of installation steps.

 

 

Very Respectfully, 

 

Michael Cummins 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.?XML version=1.0 standalone=yes ?
package

job id=ExtractLDAPAdr
?job error=true debug=true ?
reference object=Scripting.FileSystemObject /
reference object=ADODB.Connection /
reference object=ADOX.Catalog /
reference object=ADODB.Recordset/

script language=JScript
![CDATA[

// 
===
// Extract Email Addresses from Active Directory
// 
--- 
//
//  Author:  © 2005, Andy Schmidt
//  Email:   a...@argos.net
//  Runtime: Windows Scripting Host 5.6
//
//
// 
--- 
//
//  CHANGE HISTORY
//
//  1.0.0 05-Apr-05 (AS)  Initial Development.
//  1.1.0 17-Jan-07 (AS)  Generalization and SQL sanitizing
//  1.2.0 19-Feb-07 (AS)  Set Page Size ADO property for large query results
//  1.3.0 15-Apr-08 (AS)  Allow for CommandLine Parameters
//  1.3.1 22-Apr-08 (AS)  Reliable detection of DupRec return code from JET
//Permit Origin length of 15, check for max length
//
// 
===


// --
//   Global Constants
// --

var nPageSize = 2000;   // (LDAP)

var strMDBFileName ='ImailAdr.mdb';
var strMDBConn ='Provider=Microsoft.Jet.OLEDB.4.0;Data Source=';

var strTable =  'UserList';
var strTableCreate = CREATE TABLE [ + strTable + ] ( [Domain] CHARACTER(255) 
NOT NULL, [Host] CHARACTER(255) CONSTRAINT [HostKey] NOT NULL, [User] 
CHARACTER(255) NOT NULL, [Email] CHARACTER(255) NOT NULL CONSTRAINT 
[PrimaryKey] PRIMARY KEY, [Current] BIT, [Origin] CHARACTER(15) NOT NULL );;
var strIndexCreate = CREATE INDEX HostKey ON [ + strTable + ] ( [Host] ) 
WITH DISALLOW NULL;;


// --
//   Global Variables
// --

var retCode =   0;
var bListOnly = false;
var nAddresses =0;
var nInserted = 0;
var nUpdated =  0;
var nRecordsEffected =  0;

var i, tempstr, temparr;
var strDomain, strEmail;


// ==
//   Prolog
// ==

// Instantiate core objects
var objShell = WScript.CreateObject(WScript.Shell);
var objCat = WScript.CreateObject(ADOX.Catalog);
var objConn = WScript.CreateObject(ADODB.Connection);
var objRS = WScript.CreateObject(ADODB.Recordset);

// Get Command Line Parameters
if ( WScript.Arguments.Unnamed.Length  6 || WScript.Arguments.Unnamed.Length  
7  )
{
WScript.Echo( 'Incorrect number of command line parameters: ' + 
WScript.Arguments.Unnamed.Length + '. ');
WScript.Arguments.ShowUsage();
WScript.Quit( -4 );
}

var strComputer =   WScript.Arguments.Unnamed.Item(0);
var adBase =WScript.Arguments.Unnamed.Item(1);
var adUser =WScript.Arguments.Unnamed.Item(2);
var adPwd = WScript.Arguments.Unnamed.Item(3);
var strDomains =  + WScript.Arguments.Unnamed.Item(4) +  ;
var strOrigin = WScript.Arguments.Unnamed.Item(5);

if ( WScript.Arguments.Unnamed.Length  6 )
bListOnly =

[Declude.JunkMail] SORBS Website Down?

2010-05-12 Thread Andy Schmidt 
Hi,

 

Does anyone have a URL that works? I haven't been able to get
www.sorbs.net/lookup.shtml, or www.au.sorbs.net/lookup.shtml to come up?

 

I remember reading something last year that they had trouble getting a
hosting sponsor - but later they were acquired by GFI.

 

Best Regards,

Andy

 

 

 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Fine tuning Declude

2010-05-12 Thread SpamManager 
Hi Michael,

 

You're working too hard. Send a message to support @ Alligate.com and put
ATTN: Brian in the subject. We'll figure out something. I usually don't
see the license renewal things unless it is someone I deal with regularly,
which includes a lot of members of this list. Believe it or not we get a
fair number of people that say they haven't  used the product yet and really
just don't want to pay for it. Someone has to go back and do research in old
update logs to try and find evidence or lack thereof,  it and it can take
half a day. It probably would have been a good idea to let us know if there
were going to be deployment delays because we just make a note in the
database and it saves everyone a lot of frustration. In your case, it sounds
like we never heard anything until after the anniversary and the renewal
reminder went out.

 

Alligate is going to help you with a lot of this, and this is exactly what
it is for. 

 

Brian Milburn

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael
Cummins
Sent: Wednesday, May 12, 2010 12:25 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Fine tuning Declude

 

That sounds like it would be fun to review, regardless.  I can dig up my old
script and post it, too.  Mine is pretty primitive: spew and parse.

 

Does it reach out to LDAP from the internet side of things, through a
properly configured firewall, I imagine?  Mine was a local script that
uploaded.  I like your idea better, if I am reading it right.  With your
idea, I provide minimum requirements instead of installation steps.

 

 

Very Respectfully, 

 

Michael Cummins

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Wednesday, May 12, 2010 3:07 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Fine tuning Declude

 

Hi Michael:

 

I have a Windows script that I use with a whole bunch of different Exchange
customers to pull their email addresses from their servers and dump them
into a small JET (.mdb = Access) Database.  It does have a few input
parameters where you configure the LDAP path to the mail domain (because
many Exchange customers have different schemes), the LDAP user/pwd, and
which alias domain names to generate.

 

I uses that list in a SQL query that my ORF gateway uses to block invalid
email address and outright terminate connections that have too many invalid
email addresses. If you have any use for it, I'll be happy to let you have
it. Instead of outputting database rows, you could certainly expand the
script to output a flat file instead or add alias items to the IMAIL
registry, etc.

 

Best Regards,

Andy

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael
Cummins
Sent: Wednesday, May 12, 2010 2:14 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Fine tuning Declude

 

I wrote a batch file once on a number of the exchange servers that used VBS
and LDAP to generate a list of valid exchange recipients and then FTP them
to the server where a CF script parsed it clean.  I didn't quite know what
to do with them when they got there though (I was originally going to use
them in Alligate, but never got that up and going) and I don't have the full
granular cooperation of all the Exchange network peeps, only most of them,
so it was difficult to implement a one-size-fits-all policy regardless.

 

I'll put my thinking cap on.  

 

Another one of the problems is that most all of my clients don't want to
disable NDRs with whatever solution I come up with, which makes it fairly
impossible to avoid backscatter.  It goes in me one way, and out another :p

 

 

Very Respectfully, 

 

Michael Cummins 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Fine tuning Declude

2010-05-12 Thread Darin Cox 
This is about 1/3 of the process to sync the servers.  Then there's the 
processing of the file on the gateway to add/delete accounts as needed, and the 
minor Exchange config changes to accept mail from a subdomain.

In our implementations, and due to often insufficient access/knowledge on the 
part of most customers, it's a two-part batch sync.  I like the all-in-one 
process you have by connecting through the firewall, Andy, but it's been hard 
enough getting access to customer servers to place the extraction script. 
Trying to get access to LDAP through firewalls for an external process would 
take a lot longer to coordinate on a per-customer basis.

Darin.


- Original Message - 
From: Andy Schmidt 
To: declude.junkmail@declude.com 
Sent: Wednesday, May 12, 2010 4:05 PM
Subject: RE: [Declude.JunkMail] Fine tuning Declude


Not sure that this list supports attachments - but here it is.

 

Here's how I launch it every half hour:

 

cscript //Nologo ExtractLDAP.wsf 70.255.255.84 ou=Their 
Staff,dc=TheirCompany,dc=local logon.u...@theircompany.local mypassword 
domainalias1.com domainalias2.com domainalias3.com TheirCompany

 

I usually use the LDAP Explorer tool to make sure I can connect to their LDAP 
port through their firewall, that they have set up a valid user/password for 
me, etc. Then I navigate through their LDAP hierarchy to determine the correct 
OU/DC/DC, CN/DC/DC, etc path to their email users. Once that succeeds I can 
simply take that info and use it as the parameters to my script.

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael 
Cummins
Sent: Wednesday, May 12, 2010 3:25 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Fine tuning Declude

 

That sounds like it would be fun to review, regardless.  I can dig up my old 
script and post it, too.  Mine is pretty primitive: spew and parse.

 

Does it reach out to LDAP from the internet side of things, through a properly 
configured firewall, I imagine?  Mine was a local script that uploaded.  I like 
your idea better, if I am reading it right.  With your idea, I provide minimum 
requirements instead of installation steps.

 

 

Very Respectfully, 

 

Michael Cummins 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Fine tuning Declude

2010-05-12 Thread Andy Schmidt 
Hi Darin,

 

I have been fortunate that my customers (or their network consultants) were
able to open the LDAP port and add a user without trouble. Either they were
big enough to have their own IT staff, or small enough to have an external
IT consultant. But I understand that this might be different for everyone
else. 

 

As far as adding/deleting accounts - this script is designed to add/delete
records in the live database (that is actively used by ORF) - instead of
deleting and then refreshing the entire list. This way, there is no
downtime.  Of course, if your gateway does not support ODBC lookups (ORF
supports ODBC, LDAP and AD lookups), then you're out of luck.

 

Anyway - I'm just sharing the code in case it helps Michael.

 

Best Regards,

Andy

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Darin
Cox
Sent: Wednesday, May 12, 2010 4:32 PM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] Fine tuning Declude

 

This is about 1/3 of the process to sync the servers.  Then there's the
processing of the file on the gateway to add/delete accounts as needed, and
the minor Exchange config changes to accept mail from a subdomain.

 

In our implementations, and due to often insufficient access/knowledge on
the part of most customers, it's a two-part batch sync.  I like the
all-in-one process you have by connecting through the firewall, Andy, but
it's been hard enough getting access to customer servers to place the
extraction script. Trying to get access to LDAP through firewalls for an
external process would take a lot longer to coordinate on a per-customer
basis.


Darin.

 

 

- Original Message - 

From: Andy Schmidt mailto:andy_schm...@hm-software.com  

To: declude.junkmail@declude.com 

Sent: Wednesday, May 12, 2010 4:05 PM

Subject: RE: [Declude.JunkMail] Fine tuning Declude

 

Not sure that this list supports attachments - but here it is.

 

Here's how I launch it every half hour:

 

cscript //Nologo ExtractLDAP.wsf 70.255.255.84 ou=Their
Staff,dc=TheirCompany,dc=local logon.u...@theircompany.local mypassword
domainalias1.com domainalias2.com domainalias3.com TheirCompany

 

I usually use the LDAP Explorer tool to make sure I can connect to their
LDAP port through their firewall, that they have set up a valid
user/password for me, etc. Then I navigate through their LDAP hierarchy to
determine the correct OU/DC/DC, CN/DC/DC, etc path to their email users.
Once that succeeds I can simply take that info and use it as the parameters
to my script.

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael
Cummins
Sent: Wednesday, May 12, 2010 3:25 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Fine tuning Declude

 

That sounds like it would be fun to review, regardless.  I can dig up my old
script and post it, too.  Mine is pretty primitive: spew and parse.

 

Does it reach out to LDAP from the internet side of things, through a
properly configured firewall, I imagine?  Mine was a local script that
uploaded.  I like your idea better, if I am reading it right.  With your
idea, I provide minimum requirements instead of installation steps.

 

 

Very Respectfully, 

 

Michael Cummins 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Fine tuning Declude

2010-05-12 Thread Michael Cummins 
It's good all around discussion, too.  I imagine it's quite topical for
anyone that uses Declude ; these things affect our environment.

 

Thanks lots!

 

I guess I'll review my Alligate history and give Brian a shout.

 

 

Very Respectfully, 

 

Michael Cummins

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Wednesday, May 12, 2010 4:51 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Fine tuning Declude

 

Hi Darin,

 

I have been fortunate that my customers (or their network consultants) were
able to open the LDAP port and add a user without trouble. Either they were
big enough to have their own IT staff, or small enough to have an external
IT consultant. But I understand that this might be different for everyone
else. 

 

As far as adding/deleting accounts - this script is designed to add/delete
records in the live database (that is actively used by ORF) - instead of
deleting and then refreshing the entire list. This way, there is no
downtime.  Of course, if your gateway does not support ODBC lookups (ORF
supports ODBC, LDAP and AD lookups), then you're out of luck.

 

Anyway - I'm just sharing the code in case it helps Michael.

 

Best Regards,

Andy

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Darin
Cox
Sent: Wednesday, May 12, 2010 4:32 PM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] Fine tuning Declude

 

This is about 1/3 of the process to sync the servers.  Then there's the
processing of the file on the gateway to add/delete accounts as needed, and
the minor Exchange config changes to accept mail from a subdomain.

 

In our implementations, and due to often insufficient access/knowledge on
the part of most customers, it's a two-part batch sync.  I like the
all-in-one process you have by connecting through the firewall, Andy, but
it's been hard enough getting access to customer servers to place the
extraction script. Trying to get access to LDAP through firewalls for an
external process would take a lot longer to coordinate on a per-customer
basis.


Darin.

 

 

- Original Message - 

From: Andy Schmidt mailto:andy_schm...@hm-software.com  

To: declude.junkmail@declude.com 

Sent: Wednesday, May 12, 2010 4:05 PM

Subject: RE: [Declude.JunkMail] Fine tuning Declude

 

Not sure that this list supports attachments - but here it is.

 

Here's how I launch it every half hour:

 

cscript //Nologo ExtractLDAP.wsf 70.255.255.84 ou=Their
Staff,dc=TheirCompany,dc=local logon.u...@theircompany.local mypassword
domainalias1.com domainalias2.com domainalias3.com TheirCompany

 

I usually use the LDAP Explorer tool to make sure I can connect to their
LDAP port through their firewall, that they have set up a valid
user/password for me, etc. Then I navigate through their LDAP hierarchy to
determine the correct OU/DC/DC, CN/DC/DC, etc path to their email users.
Once that succeeds I can simply take that info and use it as the parameters
to my script.

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael
Cummins
Sent: Wednesday, May 12, 2010 3:25 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Fine tuning Declude

 

That sounds like it would be fun to review, regardless.  I can dig up my old
script and post it, too.  Mine is pretty primitive: spew and parse.

 

Does it reach out to LDAP from the internet side of things, through a
properly configured firewall, I imagine?  Mine was a local script that
uploaded.  I like your idea better, if I am reading it right.  With your
idea, I provide minimum requirements instead of installation steps.

 

 

Very Respectfully, 

 

Michael Cummins 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] SORBS Website Down?

2010-05-12 Thread Colbeck, Andrew 
It may have been down when you looked, Andy. It's up now.
 
Also, I like to use this 3rd party for an instant second opinion:
 
http://downforeveryoneorjustme.com
 
 
Andrew 8)
 
 



From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Wednesday, May 12, 2010 1:15 PM
To: declude.junkmail@declude.com
Subject: [Declude.JunkMail] SORBS Website Down?



Hi,

 

Does anyone have a URL that works? I haven't been able to get
www.sorbs.net/lookup.shtml, or www.au.sorbs.net/lookup.shtml to come up?

 

I remember reading something last year that they had trouble getting a
hosting sponsor - but later they were acquired by GFI.

 

Best Regards,

Andy

 

 

 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] SORBS Website Down?

2010-05-12 Thread Andy Schmidt 
Thanks Andrew - it was down for a long time - but now I can get it. Thanks
for reassuring me.

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Colbeck,
Andrew
Sent: Wednesday, May 12, 2010 5:29 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] SORBS Website Down?

 

It may have been down when you looked, Andy. It's up now.

 

Also, I like to use this 3rd party for an instant second opinion:

 

http://downforeveryoneorjustme.com

 

 

Andrew 8)

 

 

 

  _  

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Wednesday, May 12, 2010 1:15 PM
To: declude.junkmail@declude.com
Subject: [Declude.JunkMail] SORBS Website Down?

Hi,

 

Does anyone have a URL that works? I haven't been able to get
www.sorbs.net/lookup.shtml, or www.au.sorbs.net/lookup.shtml to come up?

 

I remember reading something last year that they had trouble getting a
hosting sponsor - but later they were acquired by GFI.

 

Best Regards,

Andy

 

 

 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] SORBS Website Down?

2010-05-12 Thread Andy Schmidt 
Nah - I wasn't imaging things - they really ARE having problems, e.g., when
trying to query an IP address.

 

Software error:

Open DB Handle needed at /home/dnsbl/htdocs/cgi-bin/db line 190

For help, please send mail to the webmaster (supp...@support.sorbs.net),
giving this error message and the time and date of the error. 

 

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Colbeck,
Andrew
Sent: Wednesday, May 12, 2010 5:29 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] SORBS Website Down?

 

It may have been down when you looked, Andy. It's up now.

 

Also, I like to use this 3rd party for an instant second opinion:

 

http://downforeveryoneorjustme.com

 

 

Andrew 8)

 

 

 

  _  

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Wednesday, May 12, 2010 1:15 PM
To: declude.junkmail@declude.com
Subject: [Declude.JunkMail] SORBS Website Down?

Hi,

 

Does anyone have a URL that works? I haven't been able to get
www.sorbs.net/lookup.shtml, or www.au.sorbs.net/lookup.shtml to come up?

 

I remember reading something last year that they had trouble getting a
hosting sponsor - but later they were acquired by GFI.

 

Best Regards,

Andy

 

 

 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com. 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.