[Declude.JunkMail] Sniffer in Persistent Mode using Windows Resource Kit Tools
Here is another method to install sniffer in persistent mode. I just want to share it with you and others out there. I hope it is useful. I am not sure if there is information about how to install persistent mode using the windows resource kit tools in this list. So I decided to post it just in case. I have tested for a week and it works fine for me under Windows 2003 I switched to it, since RunSvcExe started to show some errors in my event viewer ==Sniffer in Persistent Mode Using Windows Resource Kit Tools== 1. Create a directory in C: called for example reskit c:\reskit 2. Place the following windows NT/2000/2003 windows resource kit files (they are free). Download the kit from microsoft.com instsrv.exe srvany.exe 3. Run the following command line c:\reskit\instsrv.exe Declude Sniffer c:\reskit\Srvany.exe that will set a service under the name Declude Sniffer 4. Open your registry and look for the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Declude Sniffer 5. Then add a key and name it Parameters 6. Next Add a Value and type this information Value Name:Application Data Type: REG_SZ (String) String: [full path of your sniffer installation]\snfrv2r3.exe xnk05x5vmipeaof7 persistent Note for licensed users: replace snfrv2re.exe with your licenced sniffer application name and xnk05x5vmipeaof7 with the licenced code. 7. In your Services Manager locate the service named Declude Sniffer and start it. 8. Set the Startup Type to Automatic. You are set to go. TO REMOVE THE SERVICE--- if you want to remove the service just type the following command line c:\reskit\instsrv.exe Declude Sniffer REMOVE -Luis Arango __ [Email scanned for viruses] [Email escaneado contra virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelisting email address
Casselberry? Hello from Naples. :) Same issue, I'm the email admin for the City of Naples. We used to tweak filters continuously because of this. Routinely get questioned about why a message didn't get through and why so much spam gets through. We've gone to a defense in depth on this. Signed up with Postini for first level SPAM/Virus, and it gave us two benefits. The first is it dropped the load on our server by 85% or so eliminating 99% of the blatant spam and most viruses. It also gives the user an opportunity to view and manage their own quarrantined files. We use Declude to further tweak the incoming mail, and add a second virus scanning point. We primarily do two things, one is add a subject indicating possible spam, the other is using black lists for specific addresses. The spam header can be sorted in Outlook on the client side to further separate the spam but still allow the user to review the messages if they wish. Of course the last thing we did was assign the City Manager's admin the task of reviewing his mail, plus my boss, the Director of Technology Services, checks his quarrantine every morning. :) Have we bounced a citizen's mail? Occasionally. We apologize and white list their address. Somehow they seem to understand if the [EMAIL PROTECTED] spam filters ate their email. If you want to reach me off-list, work email is "jcochran at naplesgov dot com". Jeff From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of IS - Systems Eng. (Karl Drugge)Sent: Tuesday, January 17, 2006 5:18 PMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Whitelisting email address Believe me, Id love to find a way to do it, but when I HAVE to receive emails from hideously mis-configured servers, whack-job citizens, and other municipalities with less then stellar I.T. staff from any where at any time, not bouncing becomes the worse of two evils. As an example, if I DELETE an email from a citizen because it meets my delete criteria ( lets say a nut-job, retired, self declared IT samurai with a shareware SMTP server, on a dial up account to a local home based ISP run by his best friend ) I can ( and have ) been questioned by the City Manager on exactly WHY he didnt get this email, because this nut-job shows up to a city council meeting and has a foaming at the mouth fit in public. Technical explanations dont cut it in the political arena. I have to, at the very least, send something back to notify the originator that the email was bounced, unless its so horribly mal-formed, or chock full of key words, that it I can absolutely guarantee its spam. But, if someone wants to take a crack at it, Ill be more than happy to post my config files. Karl Drugge -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Tuesday, January 17, 2006 4:28 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Whitelisting email address Karl,Getting blacklisted for bouncing spam back to forged addresses would probably be a lot worse than missing a stray message that shouldn't have been blocked. This certainly can happen, especially if you get a lot of zombie generated spam.It is also of course a big pain dealing with servers that bounce this stuff back to forged addresses. Today I'm under heavy attack from multiple sources of backscatter. Backscatter costs others time, money and frustration. It's not fair if it is avoidable. Please reconsider your choices. Maybe we can help you figure out a better way to deal with this.MattIS - Systems Eng. (Karl Drugge) wrote: I hold at 20, bounce at 40, and delete at 60. I realize bouncing is bad, but were government, so I have to be careful about outright deleting email without notifying someone, somewhere. Karl Drugge -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of BrianSent: Tuesday, January 17, 2006 3:38 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Whitelisting email address What are you using for a hold weight and delete weight? Brian - Original Message - From: IS - Systems Eng. (Karl Drugge) To: Declude.JunkMail@declude.com Sent: Tuesday, January 17, 2006 3:17 PM Subject: RE: [Declude.JunkMail] Whitelisting email address I can confirm that. If a single email address is white listed, then all of them get white listed. The solution was a line like this : BYPASSWHITELIST bypasswhitelist 45 6 0 0 If an email was over weight 45, AND it also had 6 or more recipients, than it bypassed the white-listing and checked it normally. I never tried to do it with individual config files.. But that might work, if it didn't affect all the recipients. Karl Drugge -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of BrianSent: Tuesday, January 17, 2006 2:16 PMTo:
RE: [Declude.JunkMail] Sniffer in Persistent Mode using Windows Resource Kit Tools
So for no problem, but how we tell Declude or DecludeProc that he should connect to the service instead of executing the exe? Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Wednesday, January 18, 2006 1:15 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Sniffer in Persistent Mode using Windows Resource Kit Tools Here is another method to install sniffer in persistent mode. I just want to share it with you and others out there. I hope it is useful. I am not sure if there is information about how to install persistent mode using the windows resource kit tools in this list. So I decided to post it just in case. I have tested for a week and it works fine for me under Windows 2003 I switched to it, since RunSvcExe started to show some errors in my event viewer ==Sniffer in Persistent Mode Using Windows Resource Kit Tools== 1. Create a directory in C: called for example reskit c:\reskit 2. Place the following windows NT/2000/2003 windows resource kit files (they are free). Download the kit from microsoft.com instsrv.exe srvany.exe 3. Run the following command line c:\reskit\instsrv.exe Declude Sniffer c:\reskit\Srvany.exe that will set a service under the name Declude Sniffer 4. Open your registry and look for the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Declude Sniffer 5. Then add a key and name it Parameters 6. Next Add a Value and type this information Value Name:Application Data Type: REG_SZ (String) String: [full path of your sniffer installation]\snfrv2r3.exe xnk05x5vmipeaof7 persistent Note for licensed users: replace snfrv2re.exe with your licenced sniffer application name and xnk05x5vmipeaof7 with the licenced code. 7. In your Services Manager locate the service named Declude Sniffer and start it. 8. Set the Startup Type to Automatic. You are set to go. TO REMOVE THE SERVICE--- if you want to remove the service just type the following command line c:\reskit\instsrv.exe Declude Sniffer REMOVE -Luis Arango __ [Email scanned for viruses] [Email escaneado contra virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Sniffer in Persistent Mode using Windows Resource Kit Tools
Markus, You still point to the executable in your global config file, but since sniffer is running in persistant mode, it doesn't automatically launch a new instance. Dean On 1/18/06, Markus Gufler [EMAIL PROTECTED] wrote: So for no problem, but how we tell Declude or DecludeProc that he shouldconnect to the service instead of executing the exe? Markus -Original Message- From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Wednesday, January 18, 2006 1:15 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Sniffer in Persistent Mode using Windows Resource Kit Tools Here is another method to install sniffer in persistent mode. I just want to share it with you and others out there. I hope it is useful. I am not sure if there is information about how to install persistent mode using the windows resource kit tools in this list. So I decided to post it just in case. I have tested for a week and it works fine for me under Windows 2003 I switched to it, since RunSvcExe started to show some errors in my event viewer ==Sniffer in Persistent Mode Using Windows Resource Kit Tools== 1. Create a directory in C: called for example reskit c:\reskit 2. Place the following windows NT/2000/2003 windows resource kit files (they are free). Download the kit from microsoft.com instsrv.exe srvany.exe 3. Run the following command line c:\reskit\instsrv.exe Declude Sniffer c:\reskit\Srvany.exe that will set a service under the nameDeclude Sniffer 4. Open your registry and look for the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Declude Sniffer 5. Then add a key and name it Parameters 6. Next Add a Value and type this information Value Name:Application Data Type: REG_SZ (String) String: [full path of your sniffer installation]\snfrv2r3.exe xnk05x5vmipeaof7 persistent Note for licensed users: replace snfrv2re.exe with your licenced sniffer application name and xnk05x5vmipeaof7 with the licenced code. 7. In your Services Manager locate the service named Declude Sniffer and start it. 8. Set the Startup Type to Automatic. You are set to go. TO REMOVE THE SERVICE--- if you want to remove the service just type the following command line c:\reskit\instsrv.exe Declude Sniffer REMOVE -Luis Arango __ [Email scanned for viruses] [Email escaneado contra virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list.To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail.The archives can be found at http://www.mail-archive.com.---[This E-mail was scanned for viruses by Declude EVA www.declude.com]---This E-mail came from the Declude.JunkMail mailing list.Tounsubscribe, just send an E-mail to [EMAIL PROTECTED] , andtype unsubscribe Declude.JunkMail.The archives can be foundat http://www.mail-archive.com.-- __ Dean Lawrence, CIO/PartnerInternet Data Technology888.GET.IDT1 ext. 701 * fax: 888.438.4381http://www.idatatech.com/Corporate Internet Development and Marketing Specialists
[Declude.JunkMail] One down ....
http://www.cnn.com/2006/TECH/internet/01/18/internet.spam.ap/index.html One spammer down - ???,???,??? to go. John C --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Domain Keys?
Is there any way to implement Domain Keys with Declude (1.82)or IMAIL (8.15) Or any version? Anyway to put domain keys in any other way? Yahoo is once again delivering any e-mail from my IP to their Bulk folder, I figured if I can use their Domain Keys system I would have a better chance of getting our mail delivered. I have filled out all the Yahoo forms, but I get nothing but generic canned responses. I may change my IP over this Thanks - Marc --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Domain Keys?
Ditto. We'd love to be able to do this. In the interim, we've actually had success getting on Yahoo's good side by contacting them. We used the address [EMAIL PROTECTED] to get the process started. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marc Catuogno Sent: Wednesday, January 18, 2006 11:07 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Domain Keys? Is there any way to implement Domain Keys with Declude (1.82)or IMAIL (8.15) Or any version? Anyway to put domain keys in any other way? Yahoo is once again delivering any e-mail from my IP to their Bulk folder, I figured if I can use their Domain Keys system I would have a better chance of getting our mail delivered. I have filled out all the Yahoo forms, but I get nothing but generic canned responses. I may change my IP over this Thanks - Marc --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Domain Keys?
I would also like to use domain keys through Declude if possible. -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Marc Catuogno Sent: Wednesday, January 18, 2006 11:07 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Domain Keys? Is there any way to implement Domain Keys with Declude (1.82)or IMAIL (8.15) Or any version? Anyway to put domain keys in any other way? Yahoo is once again delivering any e-mail from my IP to their Bulk folder, I figured if I can use their Domain Keys system I would have a better chance of getting our mail delivered. I have filled out all the Yahoo forms, but I get nothing but generic canned responses. I may change my IP over this Thanks - Marc --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT: Imail Aliases
Sorry about the Off-Topic question... I use Imail/Declude as a gateway system only for a large Exchange org. To avoid the dictionary attacks, we do some scripting magic to put the Exchange SMTP addresses in the Imail Alias setup. Here's the problem. Our Exchange org has two domains associated with it due to a merger -- let's say @apple.com and @orange.com We've run into a problem with a generic mailbox for each of these domains -- info. There has always been an [EMAIL PROTECTED] and [EMAIL PROTECTED] Since the Imail Alias only contains the mailbox name (info) we have no way to email directly into both domains through this gateway server. Any ideas on how to get around this? --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Imail Aliases
Any ideas on how to get around this? Of course. Create a second virtual host for the second Exchange address space. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Sniffer in Persistent Mode using Windows Resource Kit Tools
I am confused with step 6 6. Next Add a Value and type this information Value Name:Application Data Type: REG_SZ (String) String: [full path of your sniffer installation]\snfrv2r3.exe xnk05x5vmipeaof7 persistent What is the Value name??? Thank you Harry Vanderzand inTown Internet Computer Services 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Wednesday, January 18, 2006 7:15 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Sniffer in Persistent Mode using Windows Resource Kit Tools Here is another method to install sniffer in persistent mode. I just want to share it with you and others out there. I hope it is useful. I am not sure if there is information about how to install persistent mode using the windows resource kit tools in this list. So I decided to post it just in case. I have tested for a week and it works fine for me under Windows 2003 I switched to it, since RunSvcExe started to show some errors in my event viewer ==Sniffer in Persistent Mode Using Windows Resource Kit Tools== 1. Create a directory in C: called for example reskit c:\reskit 2. Place the following windows NT/2000/2003 windows resource kit files (they are free). Download the kit from microsoft.com instsrv.exe srvany.exe 3. Run the following command line c:\reskit\instsrv.exe Declude Sniffer c:\reskit\Srvany.exe that will set a service under the name Declude Sniffer 4. Open your registry and look for the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Declude Sniffer 5. Then add a key and name it Parameters 6. Next Add a Value and type this information Value Name:Application Data Type: REG_SZ (String) String: [full path of your sniffer installation]\snfrv2r3.exe xnk05x5vmipeaof7 persistent Note for licensed users: replace snfrv2re.exe with your licenced sniffer application name and xnk05x5vmipeaof7 with the licenced code. 7. In your Services Manager locate the service named Declude Sniffer and start it. 8. Set the Startup Type to Automatic. You are set to go. TO REMOVE THE SERVICE--- if you want to remove the service just type the following command line c:\reskit\instsrv.exe Declude Sniffer REMOVE -Luis Arango __ [Email scanned for viruses] [Email escaneado contra virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Sniffer in Persistent Mode using Windows Resource Kit Tools
On Wednesday, January 18, 2006, 9:28:16 AM, Dean wrote: DL Markus, DL DL You still point to the executable in your global config file, DL but since sniffer is running in persistant mode, it doesn't DL automatically launch a new instance. That's almost correct... What happens is that the new instance recognizes that there is a persistent instance running and hands off the job to that service rather than processing it on it's own. _M --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Sniffer in Persistent Mode using Windows Resource Kit Tools
The Value Name of Step 6 is: Application -Luis Arango -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Miércoles, 18 de Enero de 2006 01:13 p.m. To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Sniffer in Persistent Mode using Windows Resource Kit Tools I am confused with step 6 6. Next Add a Value and type this information Value Name:Application Data Type: REG_SZ (String) String: [full path of your sniffer installation]\snfrv2r3.exe xnk05x5vmipeaof7 persistent What is the Value name??? Thank you Harry Vanderzand inTown Internet Computer Services 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Wednesday, January 18, 2006 7:15 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Sniffer in Persistent Mode using Windows Resource Kit Tools Here is another method to install sniffer in persistent mode. I just want to share it with you and others out there. I hope it is useful. I am not sure if there is information about how to install persistent mode using the windows resource kit tools in this list. So I decided to post it just in case. I have tested for a week and it works fine for me under Windows 2003 I switched to it, since RunSvcExe started to show some errors in my event viewer ==Sniffer in Persistent Mode Using Windows Resource Kit Tools== 1. Create a directory in C: called for example reskit c:\reskit 2. Place the following windows NT/2000/2003 windows resource kit files (they are free). Download the kit from microsoft.com instsrv.exe srvany.exe 3. Run the following command line c:\reskit\instsrv.exe Declude Sniffer c:\reskit\Srvany.exe that will set a service under the name Declude Sniffer 4. Open your registry and look for the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Declude Sniffer 5. Then add a key and name it Parameters 6. Next Add a Value and type this information Value Name:Application Data Type: REG_SZ (String) String: [full path of your sniffer installation]\snfrv2r3.exe xnk05x5vmipeaof7 persistent Note for licensed users: replace snfrv2re.exe with your licenced sniffer application name and xnk05x5vmipeaof7 with the licenced code. 7. In your Services Manager locate the service named Declude Sniffer and start it. 8. Set the Startup Type to Automatic. You are set to go. TO REMOVE THE SERVICE--- if you want to remove the service just type the following command line c:\reskit\instsrv.exe Declude Sniffer REMOVE -Luis Arango __ [Email scanned for viruses] [Email escaneado contra virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. __ [Email scanned for viruses] [Email escaneado contra virus] __ [Email scanned for viruses] [Email escaneado contra virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] decludeproc causing dns queries to fail
Just to clarify... If Imail was not processing, wouldn't the buildup be occurring in the /spool directory itself? Would declude also be affected by such an issue and cause a buildup in the /spool/proc folder? I ask, because my mail is getting built up in the /spool/proc folder, not the /spool folder. As I understand it, declude.exe deposits mail into the /spool/proc folder. The decludeproc.exe server runs to move mail out of this folder into the /spool/proc/work folder for processing and once completed moves it to the /spool folder so Imail may deliver it. Am I missing something? This also doesn't explain why no outgoing DNS queries are allowed while these issues are occurring, such as nslookup (unable to even establish a connection to any DNS server), but once again work when the decludeproc.exe is restarted. To clarify, I am not restarting or changing Imail services in any way. My one and only step to resolve the issue is to stop decludeproc.exe and restart it in services. Nothing else needs to be done. This is the only service I need to touch. I am more than happy to try modifying my setup as a form of troubleshooting, but forgive me for trying to understand the reasoning behind it. Will -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Wednesday, January 18, 2006 7:14 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] decludeproc causing dns queries to fail Will, It is possible that this is not a Declude issue. We had a similar problem years ago with an earlier version of Imail, even before we began using Declude. It turned out that there has been an ongoing bug in Imail about the entry of multiple DNS servers into the SMTP setup page. They say you can enter several IPs separated by spaces, but if you do this, IMail occasionally gets confused and basically stops looking at DNS entirely. This results in quick buildup in the spool and the kind of problems you describe. The cure is to run cache-only DNS locally on the server. Just install the service, set it for Automatic, turn it on, point IMail to 127.0.0.1,an stop/start the IMail SMTP service. This will result in improved performance because all your DNS lookups won't go over your network. You can point the local DNS to your other servers by entering their addresses into DNS in the Network | TCP/IP property sheet. -Dave Doherty Skywaves, Inc. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] decludeproc causing dns queries to fail
Will, When this happens again could you try start/stopping the queue manager and smtp services in Imail to see if it resolves the issue of not being able to connect to the DNS server. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Will Sent: Wednesday, January 18, 2006 3:49 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] decludeproc causing dns queries to fail Just to clarify... If Imail was not processing, wouldn't the buildup be occurring in the /spool directory itself? Would declude also be affected by such an issue and cause a buildup in the /spool/proc folder? I ask, because my mail is getting built up in the /spool/proc folder, not the /spool folder. As I understand it, declude.exe deposits mail into the /spool/proc folder. The decludeproc.exe server runs to move mail out of this folder into the /spool/proc/work folder for processing and once completed moves it to the /spool folder so Imail may deliver it. Am I missing something? This also doesn't explain why no outgoing DNS queries are allowed while these issues are occurring, such as nslookup (unable to even establish a connection to any DNS server), but once again work when the decludeproc.exe is restarted. To clarify, I am not restarting or changing Imail services in any way. My one and only step to resolve the issue is to stop decludeproc.exe and restart it in services. Nothing else needs to be done. This is the only service I need to touch. I am more than happy to try modifying my setup as a form of troubleshooting, but forgive me for trying to understand the reasoning behind it. Will -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Wednesday, January 18, 2006 7:14 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] decludeproc causing dns queries to fail Will, It is possible that this is not a Declude issue. We had a similar problem years ago with an earlier version of Imail, even before we began using Declude. It turned out that there has been an ongoing bug in Imail about the entry of multiple DNS servers into the SMTP setup page. They say you can enter several IPs separated by spaces, but if you do this, IMail occasionally gets confused and basically stops looking at DNS entirely. This results in quick buildup in the spool and the kind of problems you describe. The cure is to run cache-only DNS locally on the server. Just install the service, set it for Automatic, turn it on, point IMail to 127.0.0.1,an stop/start the IMail SMTP service. This will result in improved performance because all your DNS lookups won't go over your network. You can point the local DNS to your other servers by entering their addresses into DNS in the Network | TCP/IP property sheet. -Dave Doherty Skywaves, Inc. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] decludeproc causing dns queries to fail
Will, we have been having the same problem for months now with no resolution from Declude. They have told me they have never seen this problem before. It is nice to know we are not the only ones but, yet I feel your pain. If you come across something please let us know and we will do likewise. Thanks, Harvey At 03:49 PM 1/18/2006, Will wrote: Just to clarify... If Imail was not processing, wouldn't the buildup be occurring in the /spool directory itself? Would declude also be affected by such an issue and cause a buildup in the /spool/proc folder? I ask, because my mail is getting built up in the /spool/proc folder, not the /spool folder. As I understand it, declude.exe deposits mail into the /spool/proc folder. The decludeproc.exe server runs to move mail out of this folder into the /spool/proc/work folder for processing and once completed moves it to the /spool folder so Imail may deliver it. Am I missing something? This also doesn't explain why no outgoing DNS queries are allowed while these issues are occurring, such as nslookup (unable to even establish a connection to any DNS server), but once again work when the decludeproc.exe is restarted. To clarify, I am not restarting or changing Imail services in any way. My one and only step to resolve the issue is to stop decludeproc.exe and restart it in services. Nothing else needs to be done. This is the only service I need to touch. I am more than happy to try modifying my setup as a form of troubleshooting, but forgive me for trying to understand the reasoning behind it. Will -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Wednesday, January 18, 2006 7:14 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] decludeproc causing dns queries to fail Will, It is possible that this is not a Declude issue. We had a similar problem years ago with an earlier version of Imail, even before we began using Declude. It turned out that there has been an ongoing bug in Imail about the entry of multiple DNS servers into the SMTP setup page. They say you can enter several IPs separated by spaces, but if you do this, IMail occasionally gets confused and basically stops looking at DNS entirely. This results in quick buildup in the spool and the kind of problems you describe. The cure is to run cache-only DNS locally on the server. Just install the service, set it for Automatic, turn it on, point IMail to 127.0.0.1,an stop/start the IMail SMTP service. This will result in improved performance because all your DNS lookups won't go over your network. You can point the local DNS to your other servers by entering their addresses into DNS in the Network | TCP/IP property sheet. -Dave Doherty Skywaves, Inc. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Confidentiality Notice This message and the accompanying documents may contain information that is privileged, confidential, or exempt from disclosure under applicable law. If the reader of this e-mail is not the intended recipient, you are hereby notified that you are strictly prohibited from reading, disseminating, distributing, or copying this communication. If you have received this e-mail in error, please notify the sender immediately and destroy the original transmission. Thank you. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Performance note under odd circumstances
Using Declude JunkMail Pro v2.0.6.16 from 2005-05-25 on IMail v8.14 plus hotfixes on a dual 3.0 GHz Pentium 4 Xeon Proliant with hyperthreading on. There is no on-access antivirus software installed, and no defragmentation, no indexing or other type of disk tasks were running. I re-queued a message that was initially detected as spam and had modified my Declude filters so that the message would be accepted. I copied (not moved) the D*.SMD file to the spool folder, and then the Q*.SMD file to the spool\overflow folder. In this way, the message is re-scanned by Declude and if not held, it is then delivered by IMail. Messages were backlogged with multiple declude.exe processes running and occasionally using CPU (according to Task Manager). Collectively, this made CPU usage quite high. But messages were not being delivered inbound. I used my firewall to shut off new inbound messages, then paused each declude.exe process and trying to then allow a single instance to run. No joy. I killed all the declude.exe processes and then sent an internal mail to wake up the queuing and overflow processing. No joy, same behaviour. I looked at the logs, now that they wouldn't be clogged with unrelated lines caused by new inbound messages. The performance problem was because there were as many as 5 attempts per second at locking the Q*.SMD file, as per the Declude log, and ditto for the IMail log at about the same rate. Sample Declude log entry: 01/18/2006 00:10:56 Q1E4CBFE900D412F6 Cumulative action(s) taken on this email = LOG WARN [LAST ACTION=WARN] 01/18/2006 00:11:03 Q1E4CBFE900D412F6 WARNING: Could not unlock D:\IMAIL\SPOOL\_1E4CBFE900D412F6.~MD due to error #183. 01/18/2006 00:11:06 Q1E4CBFE900D412F6 Could not lock D:\IMAIL\SPOOL\Q1E4CBFE900D412F6.SMD: 183. 01/18/2006 00:11:07 Q1E4CBFE900D412F6 Could not lock D:\IMAIL\SPOOL\Q1E4CBFE900D412F6.SMD: 183. 01/18/2006 00:11:07 Q1E4CBFE900D412F6 Could not lock D:\IMAIL\SPOOL\Q1E4CBFE900D412F6.SMD: 183. Sample IMail log entry: 01:18 00:10 SMTP-() Info - Adding Queue file D:\IMail\spool\Q1E4CBFE900D412F6.SMD 01:18 00:11 SMTP-(1e4cbfe900d412f6) processing D:\IMail\spool\Q1E4CBFE900D412F6.SMD 01:18 00:11 SMTP-(1e4cbfe900d412f6) [E] lock file exists for D:\IMail\spool\Q1E4CBFE900D412F6.SMD I killed all the declude processes again, and shut down the IMail SMTP service, then deleted the extra _*.~MD file. I restarted the SMTP service and sent another local message to wake up the message processing. Joy! I'm providing this writeup here in hopes that it may be a useful troubleshooting story for others. I'm providing the logs to Declude Support in case they see a good reason to modify their retry behaviour in the circumstance the logs indicate. Andrew. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] decludeproc causing dns queries to fail
Does the DNS stop about every 2 1/2 days. If so turn off monitoring of the web service in the imail monitor. You will probably find a slew of TCI/IP ports in the WAIT state. Run netstat -an from a command prompt when having the problem. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Will Sent: Wednesday, January 18, 2006 12:49 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] decludeproc causing dns queries to fail Just to clarify... If Imail was not processing, wouldn't the buildup be occurring in the /spool directory itself? Would declude also be affected by such an issue and cause a buildup in the /spool/proc folder? I ask, because my mail is getting built up in the /spool/proc folder, not the /spool folder. As I understand it, declude.exe deposits mail into the /spool/proc folder. The decludeproc.exe server runs to move mail out of this folder into the /spool/proc/work folder for processing and once completed moves it to the /spool folder so Imail may deliver it. Am I missing something? This also doesn't explain why no outgoing DNS queries are allowed while these issues are occurring, such as nslookup (unable to even establish a connection to any DNS server), but once again work when the decludeproc.exe is restarted. To clarify, I am not restarting or changing Imail services in any way. My one and only step to resolve the issue is to stop decludeproc.exe and restart it in services. Nothing else needs to be done. This is the only service I need to touch. I am more than happy to try modifying my setup as a form of troubleshooting, but forgive me for trying to understand the reasoning behind it. Will -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Wednesday, January 18, 2006 7:14 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] decludeproc causing dns queries to fail Will, It is possible that this is not a Declude issue. We had a similar problem years ago with an earlier version of Imail, even before we began using Declude. It turned out that there has been an ongoing bug in Imail about the entry of multiple DNS servers into the SMTP setup page. They say you can enter several IPs separated by spaces, but if you do this, IMail occasionally gets confused and basically stops looking at DNS entirely. This results in quick buildup in the spool and the kind of problems you describe. The cure is to run cache-only DNS locally on the server. Just install the service, set it for Automatic, turn it on, point IMail to 127.0.0.1,an stop/start the IMail SMTP service. This will result in improved performance because all your DNS lookups won't go over your network. You can point the local DNS to your other servers by entering their addresses into DNS in the Network | TCP/IP property sheet. -Dave Doherty Skywaves, Inc. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.