Matt wrote:
I might try the NET START SMTPSVC trick, however I did come across
someone else's server that would crash when SMTPSVC was in a bad state
and a restart attempt was made. In this case, a NET STOP would seem
to be required before a NET START since it only partially crashes.
Maybe stop the queuesvc, as well and start it last? Somehow imail can
grab email from declude there by preventing scanning - not sure what the
correct start/stop sequence should be though.
FYI, I am running behind ORF which is knocking out most of the bad
addresses, but with this virus some domains that weren't under
dictionary attack and weren't being validated are now under heavy
attack from it's mail engine which uses a predefined list of addresses
on each domain it attacks.So I am therefore seeing much more traffic
of this variety, and it comes through really, really quick. I believe
that I have also noted that it doesn't quit connections when a message
is rejected for having a bad recipient, or at least my bandwidth has
shown strange spurts that are highly indicative of a single box that
is maxed out on bandwidth that is pounding on bad addresses and
shouldn't otherwise be consuming bandwidth. Between the bad
addresses, rapid delivery and the bandwidth consumption, there is no
doubt that the new Sober's are built to cause problems for mail
servers through effectively DDoS attacks.
Well even if this is all 100% true it would seem Imail should be able to
deal with it - otherwise others would have seen the issue in past
because similar circumstance must have occured before in the imail
userbase. You maybe on to it with the mysteryheap thing. Time will tell.
-Nick
I wouldn't gain anything by doing virus scanning with my ORF gateways
since that would only add load to my system as a whole. I am in fact
working towards doing virus scanning after all JunkMail processes so
that I can save on processing power.
Matt
nick hayer wrote:
Matt wrote:
Hi Matt -
I have not had any issues at all - what other clues do you have to
offer? In your logs is there any simularity among the last message
processed before the crash(s). Do you record the 'peak memory usage'
- to see if there is some kind of of memory issue? Run the smtp log
in dubug mode? Will a NET START SMTPSVC restart the service? If the
latter is true I would suggest running that command at least every hr
until the mystery is solved. [ if it is running it will not hurt
anything and if its down it will help!]
-Nick
I was just wondering if anyone else has been seeing IMail SMTP crash
with a noticeable frequency in the last few weeks. I have had mine
go down 3 times now in the last 5 days or so, and this is something
that I can't recall the last time that it happened before that.
Essentially the SMTP service stops responding, but it doesn't crash
in a way that Windows sees it as being down.
I have a sneaking suspicion that the massively increased traffic
from the Sober worms which are trying many pre-defined addresses
that don't exist could be the problem. I am going to drop my
PROCESSES value in my Declude.cfg just in case this is a mystery
heap issue.
Any other clues???
Thanks,
Matt
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
