[Declude.JunkMail] Difference Between MAILFROM and FROMFILE
Hello, All, I apologize for asking such a silly question but I'm suffering from a mental roadblock. What is the difference between the MAILFROM and FROMFILE tests? I understand the difference from a Declude configuration syntactical standpoint but I don't understand the intended benefit of having two tests which seem to do essentially the same thing, other than the fact that all entries in a FROMFILE would have the same number of points added whereas MAILFROM you can specify individual number of points. Do search strings used with MAILFROM and FROMFILE both search the entire X-Declude-Sender address? Or does one search the whole address and the other only look at stuff after the @ character? BTW, I have searched the archives and I'm still seeking clarification. Thanks In Advance, Dan Geiser [EMAIL PROTECTED] --- E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Difference Between MAILFROM and FROMFILE
I apologize for asking such a silly question but I'm suffering from a mental roadblock. What is the difference between the MAILFROM and FROMFILE tests? I understand the difference from a Declude configuration syntactical standpoint but I don't understand the intended benefit of having two tests which seem to do essentially the same thing, other than the fact that all entries in a FROMFILE would have the same number of points added whereas MAILFROM you can specify individual number of points. The MAILFROM test simply checks to see if the return address is on a valid domain. So if I sent an E-mail from [EMAIL PROTECTED], it would fail the MAILFROM test. You do not give the MAILFROM test any data (you don't give it an address, domain, list of addresses, etc.). It will work the same for everyone who uses the test. The fromfile test type is called a Sender Blacklist. It lets you enter a list of E-mail addresses that will cause the E-mail to fail that test. It will work differently depending on what E-mail addresses you list. So if you have @made_up_domain.com or [EMAIL PROTECTED] in your blacklist, an E-mail from [EMAIL PROTECTED] would fail both the MAILFROM and sender blacklist tests. But if you did not happen to list that user/domain, the E-mail would only fail the MAILFROM test. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Difference Between MAILFROM and FROMFILE
Scott, I'm sorry. I didn't mean the MAILFROM test. I mean the MAILFROM entry that you put in the filter file, e.g. MAILFROM 50 CONTAINS suspect. All I need to know is if the MAILFROM I describe above looks at the whole address in X-Declude-Sender, e.g. [EMAIL PROTECTED], or if it just looks at the stuff before the @ character or just looks after the @ character. Also with the FROMFILE test if I put in an entry... hotmail.com would the FROMFILE test add points if the X-Declude Sender was [EMAIL PROTECTED] Does FROMFILE look at the whole address or just stuff after but inclusive of the @ character? Sorry about that. Thanks, Dan - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, January 25, 2005 9:41 AM Subject: Re: [Declude.JunkMail] Difference Between MAILFROM and FROMFILE I apologize for asking such a silly question but I'm suffering from a mental roadblock. What is the difference between the MAILFROM and FROMFILE tests? I understand the difference from a Declude configuration syntactical standpoint but I don't understand the intended benefit of having two tests which seem to do essentially the same thing, other than the fact that all entries in a FROMFILE would have the same number of points added whereas MAILFROM you can specify individual number of points. The MAILFROM test simply checks to see if the return address is on a valid domain. So if I sent an E-mail from [EMAIL PROTECTED], it would fail the MAILFROM test. You do not give the MAILFROM test any data (you don't give it an address, domain, list of addresses, etc.). It will work the same for everyone who uses the test. The fromfile test type is called a Sender Blacklist. It lets you enter a list of E-mail addresses that will cause the E-mail to fail that test. It will work differently depending on what E-mail addresses you list. So if you have @made_up_domain.com or [EMAIL PROTECTED] in your blacklist, an E-mail from [EMAIL PROTECTED] would fail both the MAILFROM and sender blacklist tests. But if you did not happen to list that user/domain, the E-mail would only fail the MAILFROM test. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) --- E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Difference Between MAILFROM and FROMFILE
I'm sorry. I didn't mean the MAILFROM test. I mean the MAILFROM entry that you put in the filter file, e.g. MAILFROM 50 CONTAINS suspect. Filters work by looking at a specific piece of information, and comparing to information you supply. So the line MAILFROM 50 CONTAINS suspect does exactly that -- it checks to see if the MAILFROM (return address) contains suspect. If so, the E-mail will trigger that test. The Sender Blacklists check to see if the return address matches anything in a list you supply. It doesn't work the same way, as it looks for exact matches on E-mail addresses (so a line [EMAIL PROTECTED] won't match [EMAIL PROTECTED]), and partial matches on domains (so @example.com will match [EMAIL PROTECTED]). All I need to know is if the MAILFROM I describe above looks at the whole address in X-Declude-Sender, e.g. [EMAIL PROTECTED], or if it just looks at the stuff before the @ character or just looks after the @ character. It looks at the entire address (which is the same one as in the X-Declude-Sender: header, and IMail SMTP log file MAIL FROM entries). Also with the FROMFILE test if I put in an entry... hotmail.com would the FROMFILE test add points if the X-Declude Sender was [EMAIL PROTECTED] Yes (and it would also catch E-mail from [EMAIL PROTECTED]). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Well, I can say definitively that the hotfix worked. My DNS process is averaging less than 1% of CPU now during full traffic and 12 hours after the last restart with a very heavy config and well over 100,000 messages a day. I saw an article on MS's site showing that their DNS server could handle 9,500 requests per minute running on a single 733 MHz processor (plus other activity), and I'm not doubting that now. The backups in Declude/IMail were definitely being caused by the sluggishness of the DNS queries against this server, so that problem is now fixed as well. With this cleared up, it also appears that the server as a whole is running faster than the previous box despite the downgrade in disk I/O (all other things being the same exact platform). I can't be certain as yet, but it does appear to be about 30% more efficient so far. Windows 2003 might well be worth the money...after Service Pack 2 finally hits the streets. Matt Matt wrote: Thanks Darrell, that definitely sounds like it's the culprit: http://support.microsoft.com/?kbid=830381 This didn't come up in my searches because it is described so generically and I was searching for things like processor utilization and memory leaks. I like the part where the describe the workaround: "There is no suggested workaround. To minimize the effects of the problem, periodically stop and then restart the DNS Server service." The hotfix has been requested, I'll update the list as to whether or not this works. It certainly sounds promising. Matt Darrell ([EMAIL PROTECTED]) wrote: Matt, I seen a few articles about memory leaks in Win2K3 DNS. One specific one comes to mind about a leak when adding zones via scripting. Another one that we ran into (internally) was KB 830381. (Server Responsiveness Degrades and Queries Time Out When You Run the DNS Server Service). Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: "Matt" [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Monday, January 24, 2005 10:31 PM Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS I found MaxQueProc in the registry and changed that to 60. There is no GUI config for this option. I also looked at the issue with MS DNS 2003. After a restart of DNS, utilization dropped from an average of about 25% to under 1% (I had it in performance monitor)...but then over the next couple of hours, it has crept back up to 10%. I have watched it enough to verify that it's utilization grows consistently over time. Disabling the EDNS thing has no effect. I've found nothing really telling about this in Google, but it looks like a classic memory leak. This installation was fresh and there is hardly anything installed on it. I would be a bit surprised to see a memory leak in DNS go undetected/unfixed at this point. If anyone else has experienced this, or can confirm my findings, please speak up. I was intending on using this server for my Web hosting DNS, but this may keep me from going there. Matt R. Scott Perry wrote: You seemed to indicate that service launched processes count against the threads...meaning that smtp32.exe launches declude.exe, which launches F-Prot and McAfee. So would this count for 4 threads (not according to Declude, but Windows/IMail)? What about Sniffer and each external test that I have configured within Declude, would those count as well? Unfortunately, we are not aware of a way to determine if a process was started by a service or not. Currently, Declude looks for declude.exe, smtp32.exe, scan.exe, F-Prot.exe processes (and any processes listed in the rarely used DAISYCHAIN option). Note that SMTPD32.exe -- the IMail process/service that starts Declude -- is just a single process, so it will only count once. Message Sniffer and other external tests won't count, since Declude doesn't specifically look for it (but it does indeed count as a service-started process, and could cause the memory limit to be reached). However, there would only be a maximum of one of them per E-mail (since Declude runs the external tests in serial, not in parallel). I also re-read the following post by Sandy: http://www.mail-archive.com/imail_forum@list.ipswitch.com/msg94576.html It seems to indicate that there is no "thread limit", but something else instead; a limit of "64 objects per thread". That's not related here. The overflow issue deals with processes, not threads. Processes are what are listed in the "Process" tab in the Task Manager (such as one SMTPD32.exe process, 0 to 30 or so Declude.exe processes, etc.). Each process can have from 1 to an
RE: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Service Pack 2? For Windows 2003? Service Pack 1 is in beta right now. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Tuesday, January 25, 2005 10:25 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Well, I can say definitively that the hotfix worked. My DNS process is averaging less than 1% of CPU now during full traffic and 12 hours after the last restart with a very heavy config and well over 100,000 messages a day. I saw an article on MS's site showing that their DNS server could handle 9,500 requests per minute running on a single 733 MHz processor (plus other activity), and I'm not doubting that now. The backups in Declude/IMail were definitely being caused by the sluggishness of the DNS queries against this server, so that problem is now fixed as well. With this cleared up, it also appears that the server as a whole is running faster than the previous box despite the downgrade in disk I/O (all other things being the same exact platform). I can't be certain as yet, but it does appear to be about 30% more efficient so far. Windows 2003 might well be worth the money...after Service Pack 2 finally hits the streets. Matt Matt wrote: Thanks Darrell, that definitely sounds like it's the culprit: http://support.microsoft.com/?kbid=830381 This didn't come up in my searches because it is described so generically and I was searching for things like processor utilization and memory leaks. I like the part where the describe the workaround: There is no suggested workaround. To minimize the effects of the problem, periodically stop and then restart the DNS Server service. The hotfix has been requested, I'll update the list as to whether or not this works. It certainly sounds promising. Matt Darrell ([EMAIL PROTECTED]) wrote: Matt,I seen a few articles about memory leaks in Win2K3 DNS. One specific onecomes to mind about a leak when adding zones via scripting. Another onethat we ran into (internally) was KB 830381. (Server ResponsivenessDegrades and Queries Time Out When You Run the DNS Server Service).Darrell---Check out http://www.invariantsystems.com for utilities for Declude AndImail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTGIntegration, and Log Parsers.- Original Message - From: Matt [EMAIL PROTECTED]To: Declude.JunkMail@declude.comSent: Monday, January 24, 2005 10:31 PMSubject: Re: [Declude.JunkMail] Overflow directory and a note about Windows2003 DNS I found MaxQueProc in the registry and changed that to 60. There is noGUI config for this option.I also looked at the issue with MS DNS 2003. After a restart of DNS,utilization dropped from an average of about 25% to under 1% (I had itin performance monitor)...but then over the next couple of hours, it hascrept back up to 10%. I have watched it enough to verify that it'sutilization grows consistently over time. Disabling the EDNS thing hasno effect. I've found nothing really telling about this in Google, butit looks like a classic memory leak. This installation was fresh andthere is hardly anything installed on it. I would be a bit surprised tosee a memory leak in DNS go undetected/unfixed at this point. If anyoneelse has experienced this, or can confirm my findings, please speak up.I was intending on using this server for my Web hosting DNS, but thismay keep me from going there.MattR. Scott Perry wrote: You seemed to indicate that service launched processes count againstthe threads...meaning that smtp32.exe launches declude.exe, whichlaunches F-Prot and McAfee. So would this count for 4 threads (notaccording to Declude, but Windows/IMail)? What about Sniffer andeach external test that I have configured within Declude, would thosecount as well? Unfortunately, we are not aware of a way to determine if a process wasstarted by a service or not. Currently, Declude looks fordeclude.exe, smtp32.exe, scan.exe, F-Prot.exe processes (and anyprocesses listed in the rarely used DAISYCHAIN option).Note that SMTPD32.exe -- the IMail process/service that starts Declude-- is just a single process, so it will only count once.Message Sniffer and other external tests won't count, since Decludedoesn't specifically look for it (but it does indeed count as aservice-started process, and could cause the memory limit to bereached). However, there would only be a maximum of one of them perE-mail (since Declude runs the external tests in serial, not inparallel). I also re-read the following post by Sandy:http://www.mail-archive.com/imail_forum@list.ipswitch.com/msg94576.htmlIt seems to indicate that there is no thread limit, but somethingelse instead; a limit of 64 objects per thread. That's not related here. The overflow issue deals with processes, notthreads. Processes
Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Yeah, that's what I meant :) I also screwed up the stat for what MS DNS 2003 can apparently handle; it is in fact 9,500 per second and not minute. http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=""> Matt John Tolmachoff (Lists) wrote: Service Pack 2? For Windows 2003? Service Pack 1 is in beta right now. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Tuesday, January 25, 2005 10:25 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Well, I can say definitively that the hotfix worked. My DNS process is averaging less than 1% of CPU now during full traffic and 12 hours after the last restart with a very heavy config and well over 100,000 messages a day. I saw an article on MS's site showing that their DNS server could handle 9,500 requests per minute running on a single 733 MHz processor (plus other activity), and I'm not doubting that now. The backups in Declude/IMail were definitely being caused by the sluggishness of the DNS queries against this server, so that problem is now fixed as well. With this cleared up, it also appears that the server as a whole is running faster than the previous box despite the downgrade in disk I/O (all other things being the same exact platform). I can't be certain as yet, but it does appear to be about 30% more efficient so far. Windows 2003 might well be worth the money...after Service Pack 2 finally hits the streets. Matt Matt wrote: Thanks Darrell, that definitely sounds like it's the culprit: http://support.microsoft.com/?kbid=830381 This didn't come up in my searches because it is described so generically and I was searching for things like processor utilization and memory leaks. I like the part where the describe the workaround: "There is no suggested workaround. To minimize the effects of the problem, periodically stop and then restart the DNS Server service." The hotfix has been requested, I'll update the list as to whether or not this works. It certainly sounds promising. Matt Darrell ([EMAIL PROTECTED]) wrote: Matt, I seen a few articles about memory leaks in Win2K3 DNS. One specific one comes to mind about a leak when adding zones via scripting. Another one that we ran into (internally) was KB 830381. (Server Responsiveness Degrades and Queries Time Out When You Run the DNS Server Service). Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: "Matt" [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Monday, January 24, 2005 10:31 PM Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS I found MaxQueProc in the registry and changed that to 60. There is no GUI config for this option. I also looked at the issue with MS DNS 2003. After a restart of DNS, utilization dropped from an average of about 25% to under 1% (I had it in performance monitor)...but then over the next couple of hours, it has crept back up to 10%. I have watched it enough to verify that it's utilization grows consistently over time. Disabling the EDNS thing has no effect. I've found nothing really telling about this in Google, but it looks like a classic memory leak. This installation was fresh and there is hardly anything installed on it. I would be a bit surprised to see a memory leak in DNS go undetected/unfixed at this point. If anyone else has experienced this, or can confirm my findings, please speak up. I was intending on using this server for my Web hosting DNS, but this may keep me from going there. Matt R. Scott Perry wrote: You seemed to indicate that service launched processes count against the threads...meaning that smtp32.exe launches declude.exe, which launches F-Prot and McAfee. So would this count for 4 threads (not according to Declude, but Windows/IMail)? What about Sniffer and each external test that I have configured within Declude, would those count as well? Unfortunately, we are not aware of a way to determine if a process was started by a service or not. Currently, Declude looks for declude.exe, smtp32.exe, scan.exe, F-Prot.exe processes (and any processes listed in the rarely used DAISYCHAIN option). Note that SMTPD32.exe -- the IMail process/service that starts Declude -- is just a single process, so it
Re: [Declude.JunkMail] Declude 2.0b status
Yes. 2.0.3b, with no problems that I am aware of. Regards, Bill -- Original Message -- From: Scott Fisher [EMAIL PROTECTED] Reply-To: Declude.JunkMail@declude.com Date: Mon, 24 Jan 2005 14:02:37 -0600 Is anyone happily running Declude 2.0 beta for Imail? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] [OT] Exchange2Alias Question
I opened port 389 through a client firewall from our Imail Server (just in testing) and attempted to query their server using the exchange2alias script, however, it is returning the following error: ---Export Started--- C:\Documents and Settings\Administrator\Desktop\exchange2aliases.vbs(41, 1) (nul l): A referral was returned from the server. I did a netstat -an on their Exchange and see that I am connecting through to their server from my ip. The following is a sample of my string (company removed, with example in its place) C:\Documents and Settings\Administrator\Desktopcscript exchange2aliases.vbs example.com LDAP://out.side.ip.address/cn=Users,dc=example,dc=com example.com exch2alias.example.local Where 1st example.com is virtual domain in Imail Where dc=example,dc=com is actually FQDN for SMTP Where next example.com is main Exchange address Where exch2alias.example.local is additional Rec. Policy added (all users have as 2nd or 3rd address) Thanks for the aid. --- Keith Johnson --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude 2.0b status
Andy Schmidt wrote: Is there now a 2.0 beta that's robust enough to install? And is there a 2.0 beta that we can use with SmarterMail? Inquiring minds want to know! :) Jim --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Matt, We seen the same exact results you seen after we applied the hotfix. I am glad to see it worked for you as well. Darrell ---Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Matt To: Declude.JunkMail@declude.com Sent: Tuesday, January 25, 2005 1:24 PM Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Well, I can say definitively that the hotfix worked. My DNS process is averaging less than 1% of CPU now during full traffic and 12 hours after the last restart with a very heavy config and well over 100,000 messages a day. I saw an article on MS's site showing that their DNS server could handle 9,500 requests per minute running on a single 733 MHz processor (plus other activity), and I'm not doubting that now.The backups in Declude/IMail were definitely being caused by the sluggishness of the DNS queries against this server, so that problem is now fixed as well.With this cleared up, it also appears that the server as a whole is running faster than the previous box despite the downgrade in disk I/O (all other things being the same exact platform). I can't be certain as yet, but it does appear to be about 30% more efficient so far. Windows 2003 might well be worth the money...after Service Pack 2 finally hits the streets.MattMatt wrote: Thanks Darrell, that definitely sounds like it's the culprit: http://support.microsoft.com/?kbid=830381This didn't come up in my searches because it is described so generically and I was searching for things like processor utilization and memory leaks. I like the part where the describe the workaround: "There is no suggested workaround. To minimize the effects of the problem, periodically stop and then restart the DNS Server service."The hotfix has been requested, I'll update the list as to whether or not this works. It certainly sounds promising.MattDarrell ([EMAIL PROTECTED]) wrote: Matt, I seen a few articles about memory leaks in Win2K3 DNS. One specific one comes to mind about a leak when adding zones via scripting. Another one that we ran into (internally) was KB 830381. (Server Responsiveness Degrades and Queries Time Out When You Run the DNS Server Service). Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: "Matt" [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Monday, January 24, 2005 10:31 PM Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS I found MaxQueProc in the registry and changed that to 60. There is no GUI config for this option. I also looked at the issue with MS DNS 2003. After a restart of DNS, utilization dropped from an average of about 25% to under 1% (I had it in performance monitor)...but then over the next couple of hours, it has crept back up to 10%. I have watched it enough to verify that it's utilization grows consistently over time. Disabling the EDNS thing has no effect. I've found nothing really telling about this in Google, but it looks like a classic memory leak. This installation was fresh and there is hardly anything installed on it. I would be a bit surprised to see a memory leak in DNS go undetected/unfixed at this point. If anyone else has experienced this, or can confirm my findings, please speak up. I was intending on using this server for my Web hosting DNS, but this may keep me from going there. Matt R. Scott Perry wrote: You seemed to indicate that service launched processes count against the threads...meaning that smtp32.exe launches declude.exe, which launches F-Prot and McAfee. So would this count for 4 threads (not according to Declude, but Windows/IMail)? What about Sniffer and each external test that I have configured within Declude, would those count as well? Unfortunately, we are not aware of a way to determine if a process was started by a service or not. Currently, Declude looks for declude.exe, smtp32.exe, scan.exe, F-Prot.exe processes (and any processes listed in the rarely used DAISYCHAIN option). Note that SMTPD32.exe -- the IMail process/service that starts Declude -- is just a single process, so it will only count once. Message Sniffer and other external tests won't count, since Declude doesn't specifically look for it (but it does indeed count as a service-started process, and could cause the memory limit to be reached). However, there would only be a maximum of one of them per E-mail (since Declude runs the
Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Matt- The link http://support.microsoft.com/?kbid=830381leads to a bunch of pay support resources. Did you have to pay MS for this fix? -Dave - Original Message - From: Matt To: Declude.JunkMail@declude.com Sent: Tuesday, January 25, 2005 2:01 PM Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Yeah, that's what I meant :)I also screwed up the stat for what MS DNS 2003 can apparently handle; it is in fact 9,500 per second and not minute.http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url="">MattJohn Tolmachoff (Lists) wrote: Service Pack 2? For Windows 2003? Service Pack 1 is in beta right now. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of MattSent: Tuesday, January 25, 2005 10:25 AMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Well, I can say definitively that the hotfix worked. My DNS process is averaging less than 1% of CPU now during full traffic and 12 hours after the last restart with a very heavy config and well over 100,000 messages a day. I saw an article on MS's site showing that their DNS server could handle 9,500 requests per minute running on a single 733 MHz processor (plus other activity), and I'm not doubting that now.The backups in Declude/IMail were definitely being caused by the sluggishness of the DNS queries against this server, so that problem is now fixed as well.With this cleared up, it also appears that the server as a whole is running faster than the previous box despite the downgrade in disk I/O (all other things being the same exact platform). I can't be certain as yet, but it does appear to be about 30% more efficient so far. Windows 2003 might well be worth the money...after Service Pack 2 finally hits the streets.MattMatt wrote: Thanks Darrell, that definitely sounds like it's the culprit: http://support.microsoft.com/?kbid=830381This didn't come up in my searches because it is described so generically and I was searching for things like processor utilization and memory leaks. I like the part where the describe the workaround: "There is no suggested workaround. To minimize the effects of the problem, periodically stop and then restart the DNS Server service."The hotfix has been requested, I'll update the list as to whether or not this works. It certainly sounds promising.MattDarrell ([EMAIL PROTECTED]) wrote: Matt,I seen a few articles about memory leaks in Win2K3 DNS. One specific onecomes to mind about a leak when adding zones via scripting. Another onethat we ran into (internally) was KB 830381. (Server ResponsivenessDegrades and Queries Time Out When You Run the DNS Server Service).Darrell---Check out http://www.invariantsystems.com for utilities for Declude AndImail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTGIntegration, and Log Parsers.- Original Message - From: "Matt" [EMAIL PROTECTED]To: Declude.JunkMail@declude.comSent: Monday, January 24, 2005 10:31 PMSubject: Re: [Declude.JunkMail] Overflow directory and a note about Windows2003 DNS I found MaxQueProc in the registry and changed that to 60. There is noGUI config for this option.I also looked at the issue with MS DNS 2003. After a restart of DNS,utilization dropped from an average of about 25% to under 1% (I had itin performance monitor)...but then over the next couple of hours, it hascrept back up to 10%. I have watched it enough to verify that it'sutilization grows consistently over time. Disabling the EDNS thing hasno effect. I've found nothing really telling about this in Google, butit looks like a classic memory leak. This installation was fresh andthere is hardly anything installed on it. I would be a bit surprised tosee a memory leak in DNS go undetected/unfixed at this point. If anyoneelse has experienced this, or can confirm my findings, please speak up.I was intending on using this server for my Web hosting DNS, but thismay keep me from going there.MattR. Scott Perry wrote: You seemed to indicate that service launched processes count againstthe threads...meaning that smtp32.exe launches declude.exe, whichlaunches F-Prot and McAfee. So would this count for 4 threads (notaccording to Declude, but Windows/IMail)? What about Sniffer andeach external test that I have configured within Declude, would thosecount as well? Unfortunately, we are not aware of a way to determine if a process wasstarted by a service or not. Currently, Declude looks fordeclude.exe,
Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS
Dave, Just call the number and there will be an option for getting hotfixes before you get tossed into the pay for support system. Just give the person the hotfix number and your information and they will E-mail you a link to download it almost immediately. It's actually very easy, they just do a very poor job of explaining how it works on their site. Matt Dave Doherty wrote: Matt- The link http://support.microsoft.com/?kbid=830381leads to a bunch of pay support resources. Did you have to pay MS for this fix? -Dave - Original Message - From: Matt To: Declude.JunkMail@declude.com Sent: Tuesday, January 25, 2005 2:01 PM Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Yeah, that's what I meant :) I also screwed up the stat for what MS DNS 2003 can apparently handle; it is in fact 9,500 per second and not minute. http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=""> Matt John Tolmachoff (Lists) wrote: Service Pack 2? For Windows 2003? Service Pack 1 is in beta right now. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Tuesday, January 25, 2005 10:25 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS Well, I can say definitively that the hotfix worked. My DNS process is averaging less than 1% of CPU now during full traffic and 12 hours after the last restart with a very heavy config and well over 100,000 messages a day. I saw an article on MS's site showing that their DNS server could handle 9,500 requests per minute running on a single 733 MHz processor (plus other activity), and I'm not doubting that now. The backups in Declude/IMail were definitely being caused by the sluggishness of the DNS queries against this server, so that problem is now fixed as well. With this cleared up, it also appears that the server as a whole is running faster than the previous box despite the downgrade in disk I/O (all other things being the same exact platform). I can't be certain as yet, but it does appear to be about 30% more efficient so far. Windows 2003 might well be worth the money...after Service Pack 2 finally hits the streets. Matt Matt wrote: Thanks Darrell, that definitely sounds like it's the culprit: http://support.microsoft.com/?kbid=830381 This didn't come up in my searches because it is described so generically and I was searching for things like processor utilization and memory leaks. I like the part where the describe the workaround: "There is no suggested workaround. To minimize the effects of the problem, periodically stop and then restart the DNS Server service." The hotfix has been requested, I'll update the list as to whether or not this works. It certainly sounds promising. Matt Darrell ([EMAIL PROTECTED]) wrote: Matt, I seen a few articles about memory leaks in Win2K3 DNS. One specific one comes to mind about a leak when adding zones via scripting. Another one that we ran into (internally) was KB 830381. (Server Responsiveness Degrades and Queries Time Out When You Run the DNS Server Service). Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: "Matt" [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Monday, January 24, 2005 10:31 PM Subject: Re: [Declude.JunkMail] Overflow directory and a note about Windows 2003 DNS I found MaxQueProc in the registry and changed that to 60. There is no GUI config for this option. I also looked at the issue with MS DNS 2003. After a restart of DNS, utilization dropped from an average of about 25% to under 1% (I had it in performance monitor)...but then over the next couple of hours, it has crept back up to 10%. I have watched it enough to verify that it's utilization grows consistently over time. Disabling the EDNS thing has no effect. I've found nothing really telling about this in Google, but it looks like a classic memory leak. This installation was fresh and there is hardly anything installed on it. I would be a bit surprised to see a memory leak in DNS go
