Re: AW: AW: [Declude.JunkMail] Spool Directory Backed Up
Guhl, Markus (LDS) wrote: hi john, we did not changed those settings when we changed from declude 2.x to 3.0.5.23 (queue timer is 20 and tries before returning to sender is also 20) but those queueruns did not even start. also a *.fwd should be processed right away (at least this was my expirience when will still used declude 2.x). when i force imail to deliver (by using send all) it works, so it looks like something is preventing imail from starting the queuerun but not from doing the queuerun. i'm just guessing, but could it be that some of the new declude-processes are blocking parts of the imail processes? This is our experience as well. I've used the suggestion of manually restarting the queue run every hour, but that's a rather ugly kludge. I have no idea how Declude would be influencing the queue like this, since I thought that that operation came *after* any Declude functions, but we did not have this problem prior to the upgrade, and with the Postfix box getting rid of 99% of the distributed dictionary attacks, there's no other explanation for an expanding balloon of queued mail that sits there unless I start directly using the web interface spool control to send them. -- A. Clausen --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: AW: AW: [Declude.JunkMail] Spool Directory Backed Up
Guhl, Markus (LDS) wrote: hi randy, since we use imail 7.15 we do not have somethimg like Queuemgr. the funny thing is, that something like that never happend with declude 2.x. it started at the very second we changed to 3.0.5.x. my declude.cfg settings are THREADS 13 CONCATENATELOGS ON #CONCATENATELOGSTHRESHOLD 50 #KEEPINDIVIDUALLOGSON WINSOCKCLEANUP ON WAITFORMAIL 1500 WAITFORTHREADS 150 WAITBETWEENTHREADS 300 as i said, declude is working on it. i do not think that it is a loadproblem. we changed during the christmasholydays (we provide the mailboxes for 6800 schools) and there was nearly no load when we first detected the problem. all incomming mails get processed and delivered (as long as those mails do not hit a forward), but all *.fwd , *.gse and manually moved *.smd files wait in the spool-directory (it looks like imail stopped it's own queue-run). Interesting. So that does put Declude back up on top of the list of culprits. What I have done in the short term because I run an IMGate box in front, is to tell IMail to use it as an outgoing gateway. This seems to get things sent out in an orderly way, though I'd prefer not to be putting my gateway server through that kind of load. I certainly hope Declude solves this problem. -- A. Clausen --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: AW: [Declude.JunkMail] Spool Directory Backed Up
Guhl, Markus (LDS) wrote: hi, are those files backing up regular incomming mails or are they *.fwd and *.gse files? what happens when you put a mail (d*.smd and q*.smd) into spool by hand (something like a false positiv)? which version of imail do you use? I've tried manipulating by hand. Moving data out. If I go to the spool function in Webmail it does appear that hitting send will shove through the message, but other than that, everything seems to just sit on the queue. I can't quite say for sure, but I'm fairly certain this happened after the upgrade of Declude. One curious thing is if I go to into the IMail administrator program and try through there to manually send a message, I get a window showing Declude.exe is trying to push the program. This is a big problem, and I'm just not sure where to turn. I've moved all the queue files out of the queue and putting a few in, but the files just seem to sit there and do nothing. It's quite frustrating, as everything was working fine until the Declude upgrade. -- A. Clausen --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spool Directory Backed Up
We upgraded to 3.0.5.23 a couple of weeks ago, and since then I've noticed a steady expansion in the number of files in the spool directory. It's now up to about 37000 files. I'm fairly certain that Declude has something to do with this. Any hints? -- A. Clausen
Re: [Declude.JunkMail] Spool Directory Backed Up
David Barker wrote: 1. Check for DNS problems by running your logs on DEBUG and then searching for didn't get response if you see multiple entries like this it could be DNS 2. How many threads are you running in your Declude.cfg and what is the CPU of the server ? Here's a curious thing. Where is the Declude.cfg file? I can't even find it. -- A. Clausen
Re: [Declude.JunkMail] Spool Directory Backed Up
Panda Consulting S.A. Luis Alberto Arango wrote: Have you seen any of the files in the spool to see if there are real mails and not bouncing ones. Or perhaps to make sure your mailserver wasn't hikacked? Are those emails for or from your users? Make sure nobody is using your server to relay on and is sending large amounts of spam from there. That will explain why you have 37K messages in your spool what is you daily volumen of emails? Have you checked declude logs to see if they offer valuable information to determine what is going on. Do you run Imail or Smartermail? I'm running IMail. I haven't noticed anything unusual in the logs, and I'm running two Postfix boxes in front of the IMail server to ward off distributed dictionary attacks, and their config has not changed. -- A. Clausen
[Declude.JunkMail] Foreign Language Spam
We have a customer who is getting significant amounts of Spanish spam slipping through, and I was wondering if there was any particular means of filtering this out. -- A. Clausen --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Outlook Blank Folding Vulnerability
We have had a user get a plain-text message he sent out using Thunderbird 1.0.2 that got caught by this check in Declude Junkmail. Just wondering what precisely the error is and why Thunderbird-generated messages would be getting nailed with it. -- A. Clausen --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Outlook Blank Folding Vulnerability
-- Original Message -- From: Colbeck, Andrew [EMAIL PROTECTED] Reply-To: Declude.JunkMail@declude.com Date: Wed, 17 Aug 2005 11:01:48 -0700 A similar Outlook CR vulnerability was just discussed; check the archives at: http://www.mail-archive.com/declude.virus%40declude.com/msg12356.html The same things would apply. The manual does list the gory details of what each vulnerability looks for, if you're interested. So, what is the best solution? Disable checking for this particular vulnerability? -- A. Clausen --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude Woes
- Original Message - From: Matt [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Thursday, July 28, 2005 09:23 Subject: Re: [Declude.JunkMail] Declude Woes In Robert's issue below, the fact that you are cleaning up GSE files points to a non-Declude issue. GSE files are generated for bounces, and it suggests that you are accepting E-mail for addresses that don't exist. If there is a huge volume of these, there is a definite issue with the environment, and it wouldn't be uncommon for Declude to get backed up. I have to concur with this. Declude's major flaw is that it's only as good as IMail is. When we were being nailed with very high volume distributed dictionary attacks, our IMail server, which is sitting on a high-end machine (fast CPU, fast drives, lots of RAM) just started to die. The spool directory was getting bogged down, and with it the machine. Ultimately the only solution I could find was to use IMGate between the outside world and our IMail box. To this very day, I estimate that on a slow day, we probably get about eighty to ninety thousand dictionary attacks per day, though I haven't seen the volume that we had a year ago. -- A. Clausen --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude Woes
- Original Message - From: Dave Beckstrom [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, July 29, 2005 16:32 Subject: RE: [Declude.JunkMail] Declude Woes That won't work. They come from thousands of different IP addresses. Our mail server is under continual bombardment all day long every day from these dictionary attacks. I have blackice set up to automatically block the IP address after 3 attempts at non-existing email accounts. The IP is blocked for 1 hour and then the block goes away. The reason we went with Postfix was twofold: 1. It can continue to receive email and hold it even if your mail server goes down. Big plus when I'm doing maintenenance! 2. If, at some point, we decide to migrate away from IMail, Postfix is, on its own, a damn good mail server. We're running to Postfix boxes; one a classic 233mhz Pentium MMX with 128mb of RAM and the other a 266mhz Pentium 2 with 384mb of RAM. The only reason for the Pentium II is redundancy, but I have both set to equal priority in their MX records, so I also get a bit of load balancing. The solution has been working flawlessly for a year. Linux/Postfix is just simply more capable, even on hardware only a fraction as powerful as your IMail Windows box, of handling large numbers of connections. -- A. Clausen -- A. Clausen --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Virus Getting Through AV and FProt
We're getting a virus coming through and its causing some strange results in Declude AV. The file itself is a zip file called 2.zip which contains the file 02_05_2005.exe. In the Declude AV log we're seeing lines like this: 05/31/2005 09:07:28 Q8bbf2a5f00800b96 MIME file: 8.zip [base64; Length=18205 Checksum=2348990] 05/31/2005 09:07:38 Q8bbf2a5f00800b96 Could not find parse string Infection in report.txt 05/31/2005 09:07:38 Q8bbf2a5f00800b96 Error 8 in virus scanner 1. 05/31/2005 09:07:38 Q8bbf2a5f00800b96 Scanned: Error in virus scanner. [MIME: 2 18323] Is FProt just behind in updating its definitions or is there something nasty happening? -- Aaron Clausen --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Forwarding
This is probably a fairly stupid question, but I was wondering whether or not if you forwarded a local user to another external address (ie. Yahoo or AOL) would Declude still catch spam via the accounts's junkmail file? -- A. Clausen --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MS-Exchange, Store and Forward and Declude
Alright, I've run a few tests, and much of it seems to be working. However, when I look at the headers, it says X-Note: This E-mail was scanned by Declude JunkMail for spam. but I'm not seeing X-Spam-Tests-Failed or any of the other headers. I do have a directory set up in the declude directory with a $default$.junkmail file, but I'm fairly certain that Declude is not using that file at all, and is likely defaulting to the global.cfg settings. -- A. Clausen --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MS-Exchange, Store and Forward and Declude
Darrell ([EMAIL PROTECTED]) wrote: Is this for a local domain or a store and forward domain. If its for a store and forward domain did you create the domain folder for it under Declude? Darrell It's a store-and-forward domain, and I did create a domain folder under the Declude directory. So far as I can tell, Declude is not using that directory to scan the incoming mail. -- A. Clausen --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MS-Exchange, Store and Forward and Declude
David Barker wrote: If you are forwarding mail to another server in other words using Declude for OUTBOUND scanning the Actions are defined in the global.cfg also consider it will be using the xoutheaders in your global.cfg. Okay, I'm a little confused here, but if what you say is right, then it makes sense. We're not scanning outbound mail, except for antivirus, which explains why the message has a header saying Scanned by declude. The question then is how do I set things up so that Declude Junkmail scans this message? -- A. Clausen --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MS-Exchange, Store and Forward and Declude
A. Clausen wrote: David Barker wrote: If you are forwarding mail to another server in other words using Declude for OUTBOUND scanning the Actions are defined in the global.cfg also consider it will be using the xoutheaders in your global.cfg. Okay, I'm a little confused here, but if what you say is right, then it makes sense. We're not scanning outbound mail, except for antivirus, which explains why the message has a header saying Scanned by declude. The question then is how do I set things up so that Declude Junkmail scans this message? I should make myself clearer. We're only doing antivirus scanning on the outbound, and no junkmail scanning. However, it's pretty clear that we're going to have to turn it on, and I was wondering if this could be done on a domain-specific basis. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MS-Exchange, Store and Forward and Declude
Darrell ([EMAIL PROTECTED]) wrote: For the domains we store and forward for all we did is the following. 1.) Create a folder for the domain under the declude folder. example: domain.com 2.) Drop in a $default$.junkmail file. In the logs you will see this (under log level high). 04/12/2005 01:22:59 Q5AEE30FF023260B2 Using [incoming] CFG file e:\IMail\Declude\domain.com\$default$.junkmail. Are you scanning outgoing mail as well? -- A. Clausen --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MS-Exchange, Store and Forward and Declude
Colbeck, Andrew wrote: Back in the day, fetching mail for your enterprise via POP was viable. It had everything to do with weak SMTP support and expensive dial on demand style connectivity. Now we have cheap pervasive broadband to the Internet and a heroin-like dependency on email. I didn't think anybody was still using POP this way, unless it was to fetch a few mailboxes from a 3rd party domain to remove a burden on users (or keeping the users firewalled). Incidentally, I've only seen ETRN used once, and that was an Exchange 5.5 server that had dial on demand ISDN and little traffic. It looks like ETRN is what we'll be using. I'm having a bit of trouble with that as well, but that's a question for the IMail list. -- A. Clausen --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] MS-Exchange, Store and Forward and Declude
We have a customer that is setting up an Exchange server, and wants all their mail redirected to it. They have shown some interest in keeping our antivirus and spam control services. Is there a way to do store and forward with Declude spam and virus scanning? -- A. Clausen --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude development strategy
- Original Message - From: Barry Simpson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 27, 2004 08:23 Subject: [Declude.JunkMail] Declude development strategy We have been asked to be more explicit as to our future strategy but like every well managed software company we are reluctant to set expectations we cannot meet, so with every caveat imaginable in mind here is the outline of the plan. Downloadable Windows based version - In design with three options on the table; MS SMTP, Listening on Port 25, or alternative mail server. Each of these choices has pluses and minuses and we will shortly make a decision as to the first roll out choice. This does not preclude us from offering all of these options over time. Linux based appliance - obviously using Linux and either Postfix or QMail. The final choice has not been made. All options will have Message Sniffer and additional third party applications available. With the recent announcement and the flurry of activity on the mailing lists we are watching and reading and we are committed to reaching decisions that will make at least some of the people happy all of the time. We certainly would look at a product involving Postfix. -- A. Clausen[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF issue
- Original Message - From: Imail Admin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 30, 2004 11:47 Subject: Re: [Declude.JunkMail] SPF issue I've been just begging for motivation to upgrade from 7.15 to 8.x, and so far, the only good reason I've found is the WHITELIST AUTH feature. Otherwise, it's hard to see any reason for upgrading, especially when I've got a stable, trouble-free mail server now, and an upgrade could introduce any number of new problems. Now if someone could just convince Ipswitch to do something significant with IMail (better calendaring, improved list server, support for ASP in web pages, better handling of IMAP, and so on), I'd jump to the upgrade in a snap. In the meanwhile, I'm with David: we sit at 7.15 and just work around the absence of WHITELIST AUTH. It may be painful, but it seems likely that I'm going to have to split up my DNS using Bind 9 views, which means groan two zone files for each domain we host, an internal one with an SPF record that permits sending from all our IPs, and an external one that only permits the MTAs to do it. I'm not terribly happy about this, as it's going to make my DNS config very perplexing just a few months after I had finished a major cleanup. It would be better if Declude would just simply have some way of whitelisting IP addresses to prevent SPF testing. We aren't going to spend money on an upgrade path just for WHITELIST AUTH, that's for certain. -- A. Clausen [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPF Envelope Rewriting
We've implemented SPF for all the domains we do mail hosting for, and have enabled SPF checking on Declude. Only one thing remains, and that is the issue of message envelopes. The big thing that busts SPF is a message forwarding, and the only way around this is to rewrite the envelope. I know IMail has no support for this, and I have my doubts it ever will. I was wondering if there are any plans for this in Declude, which does seem to have some ability to add headers. My only alternative is turn this task over to my Postfix relay server (guarding the IMail server for distributed dictionary attacks), but I'm hoping for something simpler because, well, I'm just plain lazy. -- A. Clausen [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.