Re: AW: AW: [Declude.JunkMail] Spool Directory Backed Up

2006-01-26 Thread A. Clausen



Guhl, Markus (LDS) wrote:


hi john,

we did not changed those settings when we changed from declude 2.x to 3.0.5.23
(queue timer is 20 and tries before returning to sender is also 20) but those
queueruns did not even start. also a *.fwd should be processed right away (at
least this was my expirience when will still used declude 2.x).

when i force imail to deliver (by using send all) it works, so it looks like
something is preventing imail from starting the queuerun but not from doing the
queuerun. i'm just guessing, but could it be that some of the new
declude-processes are blocking parts of the imail processes?

 

This is our experience as well.  I've used the suggestion of manually 
restarting the queue run every hour, but that's a rather ugly kludge.  I 
have no idea how Declude would be influencing the queue like this, since 
I thought that that operation came *after* any Declude functions, but we 
did not have this problem prior to the upgrade, and with the Postfix box 
getting rid of 99% of the distributed dictionary attacks, there's no 
other explanation for an expanding balloon of queued mail that sits 
there unless I start directly using the web interface spool control to 
send them.


--
A. Clausen
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: AW: AW: [Declude.JunkMail] Spool Directory Backed Up

2006-01-25 Thread A. Clausen



Guhl, Markus (LDS) wrote:


hi randy,

since we use imail 7.15 we do not have somethimg like Queuemgr. the funny thing
is, that something like that never happend with declude 2.x. it started at the
very second we changed to 3.0.5.x.

my declude.cfg settings are

THREADS 13
CONCATENATELOGS ON
#CONCATENATELOGSTHRESHOLD 50
#KEEPINDIVIDUALLOGSON
WINSOCKCLEANUP   ON 
WAITFORMAIL 1500

WAITFORTHREADS 150
WAITBETWEENTHREADS 300 


as i said, declude is working on it. i do not think that it is a loadproblem. we
changed during the christmasholydays (we provide the mailboxes for 6800 schools)
and there was nearly no load when we first detected the problem. all incomming
mails get processed and delivered (as long as those mails do not hit a forward),
but all *.fwd , *.gse and manually moved *.smd files wait in the spool-directory
(it looks like imail stopped it's own queue-run). 

 

Interesting.  So that does put Declude back up on top of the list of 
culprits.


What I have done in the short term because I run an IMGate box in front, 
is to tell IMail to use it as an outgoing gateway.  This seems to get 
things sent out in an orderly way, though I'd prefer not to be putting 
my gateway server through that kind of load.


I certainly hope Declude solves this problem.

--
A. Clausen
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: AW: [Declude.JunkMail] Spool Directory Backed Up

2006-01-24 Thread A. Clausen



Guhl, Markus (LDS) wrote:


hi,
 
are those files backing up regular incomming mails or are they *.fwd 
and *.gse files?
 
what happens when you put a mail (d*.smd and q*.smd) into spool by 
hand (something like a false positiv)?
 
which version of imail do you use?




I've tried manipulating by hand.  Moving data out.  If I go to the spool 
function in Webmail it does appear that hitting send will shove through 
the message, but other than that, everything seems to just sit on the 
queue.  I can't quite say for sure, but I'm fairly certain this happened 
after the upgrade of Declude.  One curious thing is if I go to into the 
IMail administrator program and try through there to manually send a 
message, I get a window showing Declude.exe is trying to push the program.


This is a big problem, and I'm just not sure where to turn.  I've moved 
all the queue files out of the queue and putting a few in, but the files 
just seem to sit there and do nothing.  It's quite frustrating, as 
everything was working fine until the Declude upgrade.


--
A. Clausen
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] Spool Directory Backed Up

2006-01-20 Thread A. Clausen



We upgraded to 3.0.5.23 a couple of weeks ago, and 
since then I've noticed a steady expansion in the number of files in the spool 
directory. It's now up to about 37000 files. I'm fairly certain that 
Declude has something to do with this. Any hints?

-- 
A. Clausen


Re: [Declude.JunkMail] Spool Directory Backed Up

2006-01-20 Thread A. Clausen






David Barker wrote:

  
  
  
  1. Check for DNS problems by
running your logs on DEBUG and then searching for didn't get response
if you see multiple entries like this it could be DNS
  
  2. How many threads are you
running in your Declude.cfg and what is the CPU of the server ?

Here's a curious thing. Where is the Declude.cfg file? I can't even
find it.

-- 
A. Clausen





Re: [Declude.JunkMail] Spool Directory Backed Up

2006-01-20 Thread A. Clausen






Panda Consulting S.A. Luis Alberto Arango wrote:

  
  
  
  Have you seen any of the files
in the spool to see if there are real mails and not bouncing ones. Or
perhaps to make sure your mailserver wasn't hikacked? Are those emails
for or from your users? Make sure nobody is using your server to relay
on and is sending large amounts of spam from there. That will explain
why you have 37K messages in your spool
  
  what is you daily volumen of
emails?
  
  Have you checked declude logs to
see if they offer valuable information to determine what is going on.
  
  Do you run Imail or Smartermail?
  

I'm running IMail. I haven't noticed anything unusual in the logs, and
I'm running two Postfix boxes in front of the IMail server to ward off
distributed dictionary attacks, and their config has not changed.

-- 
A. Clausen





[Declude.JunkMail] Foreign Language Spam

2005-09-20 Thread A. Clausen
We have a customer who is getting significant amounts of Spanish spam
slipping through, and I was wondering if there was any particular means of
filtering this out.

-- 
A. Clausen

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] Outlook Blank Folding Vulnerability

2005-08-17 Thread A. Clausen
We have had a user get a plain-text message he sent out using Thunderbird
1.0.2 that got caught by this check in Declude Junkmail.  Just wondering
what precisely the error is and why Thunderbird-generated messages would be
getting nailed with it.

-- 
A. Clausen

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Outlook Blank Folding Vulnerability

2005-08-17 Thread Aaron Clausen
-- Original Message --
From: Colbeck, Andrew [EMAIL PROTECTED]
Reply-To: Declude.JunkMail@declude.com
Date:  Wed, 17 Aug 2005 11:01:48 -0700

A similar Outlook CR vulnerability was just discussed; check the
archives at:

http://www.mail-archive.com/declude.virus%40declude.com/msg12356.html

The same things would apply.  The manual does list the gory details of
what each vulnerability looks for, if you're interested.

So, what is the best solution?  Disable checking for this particular
vulnerability?

-- 
A. Clausen
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Declude Woes

2005-08-02 Thread A. Clausen

- Original Message - 
From: Matt [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Thursday, July 28, 2005 09:23
Subject: Re: [Declude.JunkMail] Declude Woes



 In Robert's issue below, the fact that you are cleaning up GSE files
 points to a non-Declude issue.  GSE files are generated for bounces, and
 it suggests that you are accepting E-mail for addresses that don't
 exist.  If there is a huge volume of these, there is a definite issue
 with the environment, and it wouldn't be uncommon for Declude to get
 backed up.

I have to concur with this.  Declude's major flaw is that it's only as good
as IMail is.  When we were being nailed with very high volume distributed
dictionary attacks, our IMail server, which is sitting on a high-end machine
(fast CPU, fast drives, lots of RAM) just started to die.  The spool
directory was getting bogged down, and with it the machine.

Ultimately the only solution I could find was to use IMGate between the
outside world and our IMail box.  To this very day, I estimate that on a
slow day, we probably get about eighty to ninety thousand dictionary attacks
per day, though I haven't seen the volume that we had a year ago.

-- 
A. Clausen

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Declude Woes

2005-08-02 Thread A. Clausen

- Original Message - 
From: Dave Beckstrom [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Friday, July 29, 2005 16:32
Subject: RE: [Declude.JunkMail] Declude Woes


 That won't work.  They come from thousands of different IP addresses.



 Our mail server is under continual bombardment all day long every day from
 these dictionary attacks.  I have blackice set up to automatically block
the
 IP address after 3 attempts at non-existing email accounts.  The IP is
 blocked for 1 hour and then the block goes away.


The reason we went with Postfix was twofold:

1. It can continue to receive email and hold it even if your mail server
goes down.  Big plus when I'm doing maintenenance!

2. If, at some point, we decide to migrate away from IMail, Postfix is, on
its own, a damn good mail server.

We're running to Postfix boxes; one a classic 233mhz Pentium MMX with 128mb
of RAM and the other a 266mhz Pentium 2 with 384mb of RAM.  The only reason
for the Pentium II is redundancy, but I have both set to equal priority in
their MX records, so I also get a bit of load balancing.  The solution has
been working flawlessly for a year.  Linux/Postfix is just simply more
capable, even on hardware only a fraction as powerful as your IMail Windows
box, of handling large numbers of connections.

-- 
A. Clausen

-- 
A. Clausen

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] Virus Getting Through AV and FProt

2005-05-31 Thread A. Clausen
We're getting a virus coming through and its causing some strange results in
Declude AV.  The file itself is a zip file called 2.zip which contains the
file 02_05_2005.exe.  In the Declude AV log we're seeing lines like this:

05/31/2005 09:07:28 Q8bbf2a5f00800b96 MIME file: 8.zip [base64; Length=18205
Checksum=2348990]
05/31/2005 09:07:38 Q8bbf2a5f00800b96 Could not find parse string Infection
in report.txt
05/31/2005 09:07:38 Q8bbf2a5f00800b96 Error 8 in virus scanner 1.
05/31/2005 09:07:38 Q8bbf2a5f00800b96 Scanned: Error in virus scanner.
[MIME: 2 18323]

Is FProt just behind in updating its definitions or is there something nasty
happening?

-- 
Aaron Clausen

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] Forwarding

2005-05-06 Thread A. Clausen
This is probably a fairly stupid question, but I was wondering whether 
or not if you forwarded a local user to another external address (ie. 
Yahoo or AOL) would Declude still catch spam via the accounts's junkmail 
file?

--
A. Clausen
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] MS-Exchange, Store and Forward and Declude

2005-04-12 Thread A. Clausen
Alright, I've run a few tests, and much of it seems to be working. 
However, when I look at the headers, it says X-Note: This E-mail was 
scanned by Declude JunkMail for spam. but I'm not seeing 
X-Spam-Tests-Failed or any of the other headers.  I do have a 
directory set up in the declude directory with a $default$.junkmail 
file, but I'm fairly certain that Declude is not using that file at all, 
and is likely defaulting to the global.cfg settings.

--
A. Clausen
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] MS-Exchange, Store and Forward and Declude

2005-04-12 Thread A. Clausen
Darrell ([EMAIL PROTECTED]) wrote:
Is this for a local domain or a store and forward domain.  If its for a 
store and forward domain did you create the domain folder for it under 
Declude?
Darrell
It's a store-and-forward domain, and I did create a domain folder under 
the Declude directory.  So far as I can tell, Declude is not using that 
directory to scan the incoming mail.

--
A. Clausen
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] MS-Exchange, Store and Forward and Declude

2005-04-12 Thread A. Clausen

David Barker wrote:
If you are forwarding mail to another server in other words using Declude
for OUTBOUND scanning the Actions are defined in the global.cfg also
consider it will be using the xoutheaders in your global.cfg.
Okay, I'm a little confused here, but if what you say is right, then it 
makes sense.  We're not scanning outbound mail, except for antivirus, 
which explains why the message has a header saying Scanned by declude. 
 The question then is how do I set things up so that Declude Junkmail 
scans this message?

--
A. Clausen
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] MS-Exchange, Store and Forward and Declude

2005-04-12 Thread A. Clausen

A. Clausen wrote:

David Barker wrote:
If you are forwarding mail to another server in other words using Declude
for OUTBOUND scanning the Actions are defined in the global.cfg also
consider it will be using the xoutheaders in your global.cfg.

Okay, I'm a little confused here, but if what you say is right, then it 
makes sense.  We're not scanning outbound mail, except for antivirus, 
which explains why the message has a header saying Scanned by declude. 
 The question then is how do I set things up so that Declude Junkmail 
scans this message?
I should make myself clearer.  We're only doing antivirus scanning on 
the outbound, and no junkmail scanning.  However, it's pretty clear that 
we're going to have to turn it on, and I was wondering if this could be 
done on a domain-specific basis.
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] MS-Exchange, Store and Forward and Declude

2005-04-12 Thread A. Clausen

Darrell ([EMAIL PROTECTED]) wrote:
For the domains we store and forward for all we did is the following.
1.) Create a folder for the domain under the declude folder. example: 
domain.com
2.) Drop in a $default$.junkmail file.
In the logs you will see this (under log level high).
04/12/2005 01:22:59 Q5AEE30FF023260B2 Using [incoming] CFG file 
e:\IMail\Declude\domain.com\$default$.junkmail.
Are you scanning outgoing mail as well?
--
A. Clausen
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] MS-Exchange, Store and Forward and Declude

2005-04-11 Thread A. Clausen

Colbeck, Andrew wrote:
Back in the day, fetching mail for your enterprise via POP was viable.
It had everything to do with weak SMTP support and expensive dial on
demand style connectivity.
Now we have cheap pervasive broadband to the Internet and a heroin-like
dependency on email.
I didn't think anybody was still using POP this way, unless it was to
fetch a few mailboxes from a 3rd party domain to remove a burden on
users (or keeping the users firewalled).
Incidentally, I've only seen ETRN used once, and that was an Exchange
5.5 server that had dial on demand ISDN and little traffic.
It looks like ETRN is what we'll be using.  I'm having a bit of trouble 
with that as well, but that's a question for the IMail list.

--
A. Clausen
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] MS-Exchange, Store and Forward and Declude

2005-04-07 Thread A. Clausen
We have a customer that is setting up an Exchange server, and wants all
their mail redirected to it.  They have shown some interest in keeping our
antivirus and spam control services.  Is there a way to do store and forward
with Declude spam and virus scanning?

-- 
A. Clausen

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Declude development strategy

2004-10-27 Thread A. Clausen

- Original Message - 
From: Barry Simpson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, October 27, 2004 08:23
Subject: [Declude.JunkMail] Declude development strategy


 We have been asked to be more explicit as to our future strategy but like
 every well managed software company we are reluctant to set expectations
we
 cannot meet, so with every caveat imaginable in mind here is the outline
of
 the plan.

 Downloadable Windows based version - In design with three options on the
 table; MS SMTP, Listening on Port 25, or alternative mail server. Each of
 these choices has pluses and minuses and we will shortly make a decision
as
 to the first roll out choice. This does not preclude us from offering all
of
 these options over time.

 Linux based appliance - obviously using Linux and either Postfix or QMail.
 The final choice has not been made.

 All options will have Message Sniffer and additional third party
 applications available.

 With the recent announcement and the flurry of activity on the mailing
lists
 we are watching and reading and we are committed to reaching decisions
that
 will make at least some of the people happy all of the time.

We certainly would look at a product involving Postfix.

-- 
A. Clausen[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] SPF issue

2004-10-01 Thread A. Clausen

- Original Message - 
From: Imail Admin [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, September 30, 2004 11:47
Subject: Re: [Declude.JunkMail] SPF issue


 I've been just begging for motivation to upgrade from 7.15 to 8.x, and so
 far, the only good reason I've found is the WHITELIST AUTH feature.
 Otherwise, it's hard to see any reason for upgrading, especially when I've
 got a stable, trouble-free mail server now, and an upgrade could introduce
 any number of new problems.  Now if someone could just convince Ipswitch
to
 do something significant with IMail (better calendaring, improved list
 server, support for ASP in web pages, better handling of IMAP, and so on),
 I'd jump to the upgrade in a snap.

 In the meanwhile, I'm with David: we sit at 7.15 and just work around the
 absence of WHITELIST AUTH.

It may be painful, but it seems likely that I'm going to have to split up my
DNS using Bind 9 views, which means groan two zone files for each domain
we host, an internal one with an SPF record that permits sending from all
our IPs, and an external one that only permits the MTAs to do it.  I'm not
terribly happy about this, as it's going to make my DNS config very
perplexing just a few months after I had finished a major cleanup.  It would
be better if Declude would just simply have some way of whitelisting IP
addresses to prevent SPF testing.  We aren't going to spend money on an
upgrade path just for WHITELIST AUTH, that's for certain.

-- 
A. Clausen
[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] SPF Envelope Rewriting

2004-09-28 Thread A. Clausen
We've implemented SPF for all the domains we do mail hosting for, and have
enabled SPF checking on Declude.  Only one thing remains, and that is the
issue of message envelopes.  The big thing that busts SPF is a message
forwarding, and the only way around this is to rewrite the envelope.  I know
IMail has no support for this, and I have my doubts it ever will.  I was
wondering if there are any plans for this in Declude, which does seem to
have some ability to add headers.  My only alternative is turn this task
over to my Postfix relay server (guarding the IMail server for distributed
dictionary attacks), but I'm hoping for something simpler because, well, I'm
just plain lazy.

-- 
A. Clausen
[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.