Have you customized any registry settings for TCP/IP?
I haven't installed the patch myself yet, but what I'll do is export that part of my registry before and after and do a comparison looking for changes. If you customized yours and they were set back to a default, that could cause a problem. Personally, I haven't changed any of mine, so if they are just defaulted back, I wouldn't see it (nor would most people), but if the default is changed, I should see that. I'll let you know.
Here's another idea. Considering your traffic, you should do two things with your DNS lookups. First, you should be downloading TXT records from the RBL's instead of doing remote lookups. That should save you a ton of resources. Secondly, you should scan your declude logs for tests that produce little or no hits and remove them if you haven't already, and test each RBL at a busy time of day looking for ping delays, and remove any problematic servers. Considering your load, you could probably easily script something that takes an average ping time to a remote list and if it is excessively slow, automatically comment out that test in your config, and then uncomment it if it get's faster. A decent programmer could probably manage that task in only a few hours of work (I've got one that I could loan you if you don't). That's of course if you insist on using RBL's that don't provide TXT records. Almost all the major ones do, and you just have them downloaded on a 30 minute schedule or so. Many prefer this as well because of the load so many lookups place on their servers, and buying a box for DNS only is a lot cheaper than buying a full mail server. A home PC (newer) could probably handle that load, especially a trimmed down Linux box (which is a foreign subject to me unfortunately). I wouldn't think you would even need RAID for that.
If you insist on testing the outgoing stuff, why not try Declude Hijack instead of JunkMail? It's got to be a whole bunch easier on your resources and who wants to be spamming from a server that would cap your traffic to only 600 an hour (adjustable) per account? I've never used it or heard anyone talk about it, but the concept makes sense. If you do use Declude on a separate server for your outgoing stuff, maybe you could turn off some tests like DUL lists to save on resources?
Paying Microsoft for a trouble ticket also isn't anywhere near as expensive as a new server either. It's pretty clear they broke your setup, and from reading the bulletin, it shouldn't be limiting your connections like it appears to be doing. The rest of us should have been seeing issues with Declude if it uncovered a bug in the way it worked. Right? Microsoft has a long history of issuing patches for their patches, so next week might bring something different. From what I read, there is no danger if you are isolated behind a firewall that is blocking ports that you should be blocking by default.
I'm just thinking out loud of course. I'll let you know if I see any changes in my registry.
Matt
Keith Anderson wrote:
Hi Matt,
Thanks for your suggestions. I don't claim to be an expert-- I just stumble along and ask for a lot of help when things go bad.
I think we're going to buy another Declude license (pending budgetary issues) and offload outbound traffic to another machine. We already cache the DNS lookups from that server, but the connection is still opened even if the actual transaction is cached on another machine.
We didn't originally intend to put so much load on a single machine, but the server has been able to scale up and handle it virtually without problems, which is actually a positive note for the combination of IBM, Imail, Windows 2000 and now Declude. (the machine is a modular quad-Pentium III-1GHz, 240 gigs RAID 10 SCSI, 2 gigabytes DDR266 RAM, connecting through OC12 via dual FE NICs.) We also have a few upstream tricks implemented to balance the inbound load and average out periodic bursts of mail over longer periods of time, such as spam-slams of a 1000 emails in a second, which are held and passed to the server at a maximum of 80 per second. So far outbound has been handled just fine by Imail.
Regards, Keith
-----Original Message----- From: Matthew Bramble [mailto:[EMAIL PROTECTED] Sent: Saturday, September 13, 2003 2:01 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Timing out with latest Microsoft patch
Keith,
First off, I can't believe that you can get a single Windows server to handle that load. Sounds like Microsoft didn't expect that was possible either...
Your explanation makes sense regarding the number of network connections suddenly being limited somehow. I'm guessing that the same problem would exist for IMail 8 with a bunch of RBL's configured there. Maybe Ipswitch would at least let you know if they have seen similar problems?
Microsoft also should be aware of the problem if in fact it isn't related to how Declude in particular works, which it doesn't sound like. One thing I am thinking is that you have a massive pipe going to your server, and you might have played with your TCP settings, and maybe this patch changed the values on you? That would bottleneck your bandwidth but not your processor. It's just a stab in the dark though. This could probably be tested fairly easily. The following article is very informative on that topic:
Windows 2000 TCP Performance Tuning Tips http://rdweb.cns.vt.edu/public/notes/win2k-tcpip.htm
According to that article, Windows 2000 out of the box is set best for Internet connectivity and 10 Mbps LANs, but your Internet bandwidth and the number of simultaneous connections can both influence what the best settings are. I'm not a TCP guru though, just roughly familiar with what the article points out (shame on me, I went to school for telecom). It could be a very unfortunate circumstance where your traffic is split into larger segments and wasteful small DNS queries, and there's no real good middle ground.
If this is the case, maybe also a different DNS scheme could lessen the load on your servers outbound connections? Like having a caching server installed on the same box doing lookups off another local box? That would dramatically reduce the number of outbound connections I would think. But again, you obviously have more experience than I do with issues related to high traffic and I'm just stabbing in the dark at some ideas.
BTW, I did read in one MS tech note that there was "unlimited" connections allowed under their server products. That might require some registry tweaking knowing them, and I wouldn't put it past them to change it on you with a patch.
Matt
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
