Re: [Declude.JunkMail] Error 183 in Declude Virus and double processing in Declude JunkMail during heavy load

2005-04-18 Thread Matt




Markus et. al,

This is my first full day on SP1, but I have seen double processing
before in D files stranded in the spool going back maybe a year or more
and on Win2K as well.  I was only able to nail this down to a load
issue because the 1:30 a.m. mailing is a daily occurrence and I see
errors in my logs every time since adding this customer.

I have one external application that is erroring on heavy load, but
that would also happen before SP1.  I did however note that my CPU
utilization peaked at 39% today on hourly averages with SP1 whereas on
Friday pre-SP1, they peaked at 30% (and Mondays are generally slow). 
I'm not sure what has caused this, but it could be something as simple
as a dictionary attack.  Aside from the increased CPU utilization which
may or may not be related to SP1 and this one application throwing
errors under heavy load, I have yet to see any of these other errors
with queue manager or Declude.

FYI, immediately after upping to SP1 I found that my address validation
software was incompatible and needed to be patched to work with SP1 so
my server ran at 100% for about 1 hour and the only bad effect in the
core processes was a few of these errors with Virus and I suspect
double processing as they always seem to happen together.

Matt



Gufler Markus wrote:

  FYI: I've running v1.82 on a Win2003 server and since SP1 is installed I've
had problems multiple times with the queue manager and also popup messages
for declude.exe. One problem could be the new SP1 application execution
protection.

This problem appears only some days but can also happen multiple times a
day. I've removed SP1 and will watch now if it will solve the problem.

Markus



  
  
-Original Message-
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]] On Behalf Of 
Darrell ([EMAIL PROTECTED])
Sent: Monday, April 18, 2005 11:12 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Error 183 in Declude Virus 
and double processing in Declude JunkMail during heavy load

I submitted a support ticket this morning about problems I 
seen under 2.0.6 with high load.  This weekend while doing 
some maintenance I ran into some load issues when I brought 
one of the servers down I maintain.  When I bring one of the 
servers offline I know the other server will start dropping 
messages into the overflow directory and it did this.  
However, after a short period of time I started to see 
application pop up messages "Declude.exe - Application error: 
The application failed to initialize properly (0xc142)".  
I ended up having to reboot the box.  I thought this was a 
fluke, but when I did the maintenance on the other server I 
seen the same problem again on the other mail server. 

The odd thing about both situations is that I seen hundreds 
of declude.exe processes when the max under 2.0.6 by default is 25. 

Again this could be something unique to my servers. 

Darrell
 
--
--
Check out http://www.invariantsystems.com for utilities for 
Declude And Imail.  IMail/Declude Overflow Queue Monitoring, 
SURBL/URI integration, MRTG Integration, and Log Parsers. 

 

Andy Schmidt writes: 



  Hi Matt:
 
While I was beta testing 2.0.6, I was also suffering from 
  

some distributed


  dictionary attacks - and I was scrutinizing the log files 
  

much more closely


  (to look for possible beta errors).
 
I don't know WHICH of these three factors were critical 
  

(2.x vs. load vs.


  level of attention) - but I had detected what sounds like 
  

your situation.  I


  noticed Spam and Virus log entries that refererred to file 
  

i/o errors and


  upon closer examination of individual cases, I noticed that 
  

apparently the


  same Q/D files were processed more than once.  The 
  

developers added log


  information that tracked the process-id to determine if the 
  

problem was a


  loop in one process or the launching of multiple processed 
  

(they were indeed


  different.)
 
About the same time, they also introduced the new 
  

Declude.cfg file that


  allowed me to manage/limit the number of concurrent Declude 
  

processes.


   
After installing new builds AND limiting the number of 
  

Declude processes I


  no longer noticed these errors in the log files.
 
So - I can state that this problem was worked on and even 
  

that some code


  changes were made. But I can't promise with certainty that 
  

the problem was


  fixed with the code changes, or due to the new Declude.cfg 
  

option - or if my

RE: [Declude.JunkMail] Error 183 in Declude Virus and double processing in Declude JunkMail during heavy load

2005-04-18 Thread Gufler Markus
FYI: I've running v1.82 on a Win2003 server and since SP1 is installed I've
had problems multiple times with the queue manager and also popup messages
for declude.exe. One problem could be the new SP1 application execution
protection.

This problem appears only some days but can also happen multiple times a
day. I've removed SP1 and will watch now if it will solve the problem.

Markus



> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Darrell ([EMAIL PROTECTED])
> Sent: Monday, April 18, 2005 11:12 PM
> To: Declude.JunkMail@declude.com
> Subject: Re: [Declude.JunkMail] Error 183 in Declude Virus 
> and double processing in Declude JunkMail during heavy load
> 
> I submitted a support ticket this morning about problems I 
> seen under 2.0.6 with high load.  This weekend while doing 
> some maintenance I ran into some load issues when I brought 
> one of the servers down I maintain.  When I bring one of the 
> servers offline I know the other server will start dropping 
> messages into the overflow directory and it did this.  
> However, after a short period of time I started to see 
> application pop up messages "Declude.exe - Application error: 
> The application failed to initialize properly (0xc142)".  
> I ended up having to reboot the box.  I thought this was a 
> fluke, but when I did the maintenance on the other server I 
> seen the same problem again on the other mail server. 
> 
> The odd thing about both situations is that I seen hundreds 
> of declude.exe processes when the max under 2.0.6 by default is 25. 
> 
> Again this could be something unique to my servers. 
> 
> Darrell
>  
> --
> --
> Check out http://www.invariantsystems.com for utilities for 
> Declude And Imail.  IMail/Declude Overflow Queue Monitoring, 
> SURBL/URI integration, MRTG Integration, and Log Parsers. 
> 
>  
> 
> Andy Schmidt writes: 
> 
> > Hi Matt:
> >  
> > While I was beta testing 2.0.6, I was also suffering from 
> some distributed
> > dictionary attacks - and I was scrutinizing the log files 
> much more closely
> > (to look for possible beta errors).
> >  
> > I don't know WHICH of these three factors were critical 
> (2.x vs. load vs.
> > level of attention) - but I had detected what sounds like 
> your situation.  I
> > noticed Spam and Virus log entries that refererred to file 
> i/o errors and
> > upon closer examination of individual cases, I noticed that 
> apparently the
> > same Q/D files were processed more than once.  The 
> developers added log
> > information that tracked the process-id to determine if the 
> problem was a
> > loop in one process or the launching of multiple processed 
> (they were indeed
> > different.)
> >  
> > About the same time, they also introduced the new 
> Declude.cfg file that
> > allowed me to manage/limit the number of concurrent Declude 
> processes.
> >  
> > After installing new builds AND limiting the number of 
> Declude processes I
> > no longer noticed these errors in the log files.
> >  
> > So - I can state that this problem was worked on and even 
> that some code
> > changes were made. But I can't promise with certainty that 
> the problem was
> > fixed with the code changes, or due to the new Declude.cfg 
> option - or if my
> > workload mix simply was sufficiently different.
> >  
> > Since then I have been able to block those distributed 
> dictionary attacks in
> > my IIS gateways, so that this factor has been eliminated 
> altogether. 
> > 
> > 
> > Best Regards
> > Andy Schmidt 
> > 
> > Phone:  +1 201 934-3414 x20 (Business)
> > Fax:+1 201 934-9206  
> > 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Matt
> > Sent: Monday, April 18, 2005 04:10 PM
> > To: Declude.JunkMail@declude.com
> > Cc: [EMAIL PROTECTED]
> > Subject: [Declude.JunkMail] Error 183 in Declude Virus and 
> double processing
> > in Declude JunkMail during heavy load 
> > 
> > 
> > This is primarily meant for Declude's support, but I am 
> sending it to the
> > list in the event that the broader scrutiny might be beneficial. 
> > 
> > I'm currently running Declude 1.82 and Windows 2003 SP1.  
> It appears that
> > under heavy load I am seeing errors from both Declude Virus 
> and Declude
> > JunkMail, and it seems possible that while the errors are 
> triggered by the
> &g

RE: [Declude.JunkMail] Error 183 in Declude Virus and double processing in Declude JunkMail during heavy load

2005-04-18 Thread Keith Johnson



Matt,
    I had this same exact issue, with exact same 
symptoms (Win 2000 SP4) and I called Declude on it a few weeks ago.  
Eventually, I just copied in a new Declude 1.82.exe file and reinstalled my 
scanners and the issue went away.  I saw the same Error starting scanner 
and the Error 183.  I went on the assumption that my scanners got corrupted 
and thus deinstalled them and reinstalled them.  I thought it was just my 
server, but it seems it could be a broader issue.
 
Keith 
Johnson



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
MattSent: Monday, April 18, 2005 4:10 PMTo: 
Declude.JunkMail@declude.comCc: 
[EMAIL PROTECTED]Subject: [Declude.JunkMail] Error 183 in Declude 
Virus and double processing in Declude JunkMail during heavy 
load
This is primarily meant for Declude's support, but I am sending it to 
the list in the event that the broader scrutiny might be beneficial.I'm 
currently running Declude 1.82 and Windows 2003 SP1.  It appears that under 
heavy load I am seeing errors from both Declude Virus and Declude JunkMail, and 
it seems possible that while the errors are triggered by the heavy load, the 
conditions created might be avoidable.  It seems likely that either IMail 
or Declude is producing the problem.I have a client that has a Web 
server that pumps out about 350 E-mails every night in rapid succession from 
their Web server.  This has been causing issues pretty much every 
night.  Declude Virus throws about a half dozen or so errors during this 
blast saying "Error 183 creating temp directory [path]", and when this happens, 
it seems to always do this multiple times for the same file name.  Declude 
JunkMail seems to also double, tipple, quadruple, etc., process the same files 
when this happens, which is noted in both the logs as well as the headers that 
it inserts in the E-mail.  I sometimes find these multiple-processed files 
stranded in my spool without a Q file.  I'm not sure what conditions 
associated with the load are causing this, but this can also happen at other 
times outside of this nightly blast when the CPU's are being pegged.I'm 
sharing the associated headers and log file entries in the hopes of helping to 
identify the source of the issue and also potentially resolving it.  Here 
is a copy of each for one such 
message:HEADERS==Received: 
from mx1.mailpure.com [208.7.179.200] by mail.mailpure.com with ESMTP  
(SMTPD32-8.15) id A039545F00E0; Thu, 14 Apr 2005 01:31:37 -0400Received: 
from DH04 ([###.###.###.###]) by mx1.mailpure.com with Microsoft 
SMTPSVC(6.0.3790.211);     Thu, 14 Apr 2005 01:31:34 
-0400Received: from mail pickup service by DH04 with Microsoft 
SMTPSVC;     Thu, 14 Apr 2005 01:30:49 -0400From: <[EMAIL PROTECTED]>To: 
<[EMAIL PROTECTED]>Subject: 
Nightly Email update from [Company Name]Date: Thu, 14 Apr 2005 01:30:49 
-0400Message-ID: 
<[EMAIL PROTECTED]>MIME-Version: 
1.0Content-Type: multipart/alternative;    
boundary="=_NextPart_000_0001_01C54091.8C5A7060"X-Mailer: Microsoft CDO 
for Windows 2000Thread-Index: 
AcVAsxNWnH6Lzk2RRyizH9lhpqD3BQ==Content-Class: 
urn:content-classes:messageX-MimeOLE: Produced By Microsoft MimeOLE 
V6.00.2800.1441X-OriginalArrivalTime: 14 Apr 2005 05:30:49.0363 (UTC) 
FILETIME=[1DD32E30:01C540B3]Return-Path: [EMAIL PROTECTED]X-MailPure: 
X-MailPure: 
FORGEDFROM: Message failed FORGEDFROM test (weight 2).X-MailPure: 
X-MailPure: 
Spam Score: 2X-MailPure: Scan Time: 14 Apr 2005 at 01:34:15 
-0400X-MailPure: Spool File: D0039545f00e0819a.SMDX-MailPure: Server 
Name: DH04X-MailPure: SMTP Sender: [EMAIL PROTECTED]X-MailPure: 
Received From: customer-webserver.example.com [###.###.###.###]X-MailPure: 
Country Chain: UNITED STATES->destinationX-MailPure: 
X-MailPure: 
Spam and virus blocking services provided by MailPure.comX-MailPure: 
X-MailPure: 
X-MailPure: 
FORGEDFROM: Message failed FORGEDFROM test (weight 2).X-MailPure: 
X-MailPure: 
Spam Score: 2X-MailPure: Scan Time: 14 Apr 2005 at 01:34:15 
-0400X-MailPure: Spool File: D0039545f00e0819a.SMDX-MailPure: Server 
Name: DH04X-MailPure: SMTP Sender: [EMAIL PROTECTED]X-MailPure: 
Received From: customer-webserver.example.com [###.###.###.###]X-MailPure: 
Country Chain: UNITED STATES->destinationX-MailPure: 
X-MailPure: 
Spam and virus blocking services provided by MailPure.comX-MailPure: 
X-MailPure: 
X-MailPure

Re: [Declude.JunkMail] Error 183 in Declude Virus and double processing in Declude JunkMail during heavy load

2005-04-18 Thread Darrell \([EMAIL PROTECTED])
I submitted a support ticket this morning about problems I seen under 2.0.6
with high load.  This weekend while doing some maintenance I ran into some
load issues when I brought one of the servers down I maintain.  When I bring
one of the servers offline I know the other server will start dropping
messages into the overflow directory and it did this.  However, after a
short period of time I started to see application pop up messages
âDeclude.exe â Application error: The application failed to initialize
properly (0xc142)â.  I ended up having to reboot the box.  I thought
this was a fluke, but when I did the maintenance on the other server I seen
the same problem again on the other mail server.
The odd thing about both situations is that I seen hundreds of declude.exe
processes when the max under 2.0.6 by default is 25.
Again this could be something unique to my servers.
Darrell

Check out http://www.invariantsystems.com for utilities for Declude And
Imail.  IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and Log Parsers.

Andy Schmidt writes:
Hi Matt:
While I was beta testing 2.0.6, I was also suffering from some distributed
dictionary attacks - and I was scrutinizing the log files much more closely
(to look for possible beta errors).
I don't know WHICH of these three factors were critical (2.x vs. load vs.
level of attention) - but I had detected what sounds like your situation.  I
noticed Spam and Virus log entries that refererred to file i/o errors and
upon closer examination of individual cases, I noticed that apparently the
same Q/D files were processed more than once.  The developers added log
information that tracked the process-id to determine if the problem was a
loop in one process or the launching of multiple processed (they were indeed
different.)
About the same time, they also introduced the new Declude.cfg file that
allowed me to manage/limit the number of concurrent Declude processes.
After installing new builds AND limiting the number of Declude processes I
no longer noticed these errors in the log files.
So - I can state that this problem was worked on and even that some code
changes were made. But I can't promise with certainty that the problem was
fixed with the code changes, or due to the new Declude.cfg option - or if my
workload mix simply was sufficiently different.
Since then I have been able to block those distributed dictionary attacks in
my IIS gateways, so that this factor has been eliminated altogether.
Best Regards
Andy Schmidt
Phone:  +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
Sent: Monday, April 18, 2005 04:10 PM
To: Declude.JunkMail@declude.com
Cc: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Error 183 in Declude Virus and double processing
in Declude JunkMail during heavy load
This is primarily meant for Declude's support, but I am sending it to the
list in the event that the broader scrutiny might be beneficial.
I'm currently running Declude 1.82 and Windows 2003 SP1.  It appears that
under heavy load I am seeing errors from both Declude Virus and Declude
JunkMail, and it seems possible that while the errors are triggered by the
heavy load, the conditions created might be avoidable.  It seems likely that
either IMail or Declude is producing the problem.
I have a client that has a Web server that pumps out about 350 E-mails every
night in rapid succession from their Web server.  This has been causing
issues pretty much every night.  Declude Virus throws about a half dozen or
so errors during this blast saying "Error 183 creating temp directory
[path]", and when this happens, it seems to always do this multiple times
for the same file name.  Declude JunkMail seems to also double, tipple,
quadruple, etc., process the same files when this happens, which is noted in
both the logs as well as the headers that it inserts in the E-mail.  I
sometimes find these multiple-processed files stranded in my spool without a
Q file.  I'm not sure what conditions associated with the load are causing
this, but this can also happen at other times outside of this nightly blast
when the CPU's are being pegged.
I'm sharing the associated headers and log file entries in the hopes of
helping to identify the source of the issue and also potentially resolving
it.  Here is a copy of each for one such message:
HEADERS
==
Received: from mx1.mailpure.com [208.7.179.200] by mail.mailpure.com with
ESMTP
  (SMTPD32-8.15) id A039545F00E0; Thu, 14 Apr 2005 01:31:37 -0400
Received: from DH04 ([###.###.###.###]) by mx1.mailpure.com with Microsoft
SMTPSVC(6.0.3790.211);
 Thu, 14 Apr 2005 01:31:34 -0400
Received: from mail pickup service by DH04 with Microsoft SMTPSVC;
 Thu, 14 Apr 2005 01:30:49 -0400
From:  

Re: [Declude.JunkMail] Error 183 in Declude Virus and double processing in Declude JunkMail during heavy load

2005-04-18 Thread Matt
Title: Message




Andy,

Thanks for the information.  There is no doubt that you could limit the
processes and never reach this overloaded condition and that would mask
the issue, and gateway validation should also prevent overloaded
conditions if you were formerly being bombarded.  What I'm curious
about however is whether or not Declude corrected the issue (if it was
theirs), or if they just simply masked it by allowing for these limits.

Personally, I'm a little concerned about controlling things with a
limit that is only associated with a process count since there are
certainly many times on my box that it needs to handle bursty traffic
and I don't want to back things up if I can help it.  I already know
that depending on whether or not something is whitelisted, has an
attachment, or how big the attachment or body of the message is, my box
will respond very differently.  I would hate to put a limit on things
that might cap my server at 50% utilization in some cases, but might be
too high to matter in others.

Thanks,

Matt



Andy Schmidt wrote:

  
  
  
  Hi Matt:
   
  While I was beta testing 2.0.6, I was also
suffering from some distributed dictionary attacks - and I was
scrutinizing the log files much more closely (to look for possible beta
errors).
   
  I don't know WHICH of these three factors
were critical (2.x vs. load vs. level of attention) - but I had
detected what sounds like your situation.  I noticed Spam and Virus log
entries that refererred to file i/o errors and upon closer examination
of individual cases, I noticed that apparently the same Q/D files were
processed more than once.  The developers added log information that
tracked the process-id to determine if the problem was a loop in one
process or the launching of multiple processed (they were indeed
different.)
   
  About the same time, they also introduced
the new Declude.cfg file that allowed me to manage/limit the number of
concurrent Declude processes.
   
  After installing new builds AND limiting
the number of Declude processes I no longer noticed these errors in the
log files.
   
  So - I can state that this problem was
worked on and even that some code changes were made. But
I can't promise with certainty that the problem was fixed with the code
changes, or due to the new Declude.cfg option - or if my workload mix
simply was sufficiently different.
   
  Since then I have been able to block those
distributed dictionary attacks in my IIS gateways, so that this factor
has been eliminated altogether.
  
  Best Regards
  Andy Schmidt
  
  Phone:  +1 201 934-3414 x20
(Business)
Fax:    +1 201 934-9206 
  
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Matt
Sent: Monday, April 18, 2005 04:10 PM
To: Declude.JunkMail@declude.com
Cc: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Error 183 in Declude Virus and
double processing in Declude JunkMail during heavy load


This is primarily meant for Declude's support, but I am sending it to
the list in the event that the broader scrutiny might be beneficial.

I'm currently running Declude 1.82 and Windows 2003 SP1.  It appears
that under heavy load I am seeing errors from both Declude Virus and
Declude JunkMail, and it seems possible that while the errors are
triggered by the heavy load, the conditions created might be
avoidable.  It seems likely that either IMail or Declude is producing
the problem.

I have a client that has a Web server that pumps out about 350 E-mails
every night in rapid succession from their Web server.  This has been
causing issues pretty much every night.  Declude Virus throws about a
half dozen or so errors during this blast saying "Error 183 creating
temp directory [path]", and when this happens, it seems to always do
this multiple times for the same file name.  Declude JunkMail seems to
also double, tipple, quadruple, etc., process the same files when this
happens, which is noted in both the logs as well as the headers that it
inserts in the E-mail.  I sometimes find these multiple-processed files
stranded in my spool without a Q file.  I'm not sure what conditions
associated with the load are causing this, but this can also happen at
other times outside of this nightly blast when the CPU's are being
pegged.

I'm sharing the associated headers and log file entries in the hopes of
helping to identify the source of the issue and also potentially
resolving it.  Here is a copy of each for one such message:


HEADERS
==
Received: from mx1.mailpure.com [208.7.179.200] by
mail.mailpure.com with ESMTP
  (SMTPD32-8.15) id A039545F00E0; Thu, 14 Apr 2005 01:31:37 -0400
Received: from DH04 ([###.###.###.###]) by mx1.mailpure.com with
Microsoft SMTPSVC(6.0.3790.211);
     Thu, 14 Apr 2005 01:31:34 -0400
Received: from mail pickup service by DH04 with Microsoft SMTPSVC;
     Thu, 14 Apr 2005 01:30:49 -0400
F

RE: [Declude.JunkMail] Error 183 in Declude Virus and double processing in Declude JunkMail during heavy load

2005-04-18 Thread Andy Schmidt
Title: Message



Hi 
Matt:
 
While 
I was beta testing 2.0.6, I was also suffering from some distributed dictionary 
attacks - and I was scrutinizing the log files much more closely (to look for 
possible beta errors).
 
I 
don't know WHICH of these three factors were critical (2.x vs. load vs. level of 
attention) - but I had detected what sounds like your situation.  I noticed 
Spam and Virus log entries that refererred to file i/o errors and upon closer 
examination of individual cases, I noticed that apparently the same Q/D files 
were processed more than once.  The developers added log information that 
tracked the process-id to determine if the problem was a loop in one process or 
the launching of multiple processed (they were indeed 
different.)
 
About 
the same time, they also introduced the new Declude.cfg file that allowed me to 
manage/limit the number of concurrent Declude processes.
 
After 
installing new builds AND limiting the number of Declude processes I no longer 
noticed these errors in the log files.
 
So - I 
can state that this problem was worked on and even that some code changes were 
made. But I can't promise with certainty that the problem was 
fixed with the code changes, or due to the new Declude.cfg option - or 
if my workload mix simply was sufficiently different.
 
Since 
then I have been able to block those distributed dictionary attacks in my 
IIS gateways, so that this factor has been eliminated 
altogether.
Best 
RegardsAndy SchmidtPhone:  +1 201 934-3414 x20 
(Business)Fax:    +1 201 934-9206 

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of MattSent: Monday, April 18, 2005 04:10 
  PMTo: Declude.JunkMail@declude.comCc: 
  [EMAIL PROTECTED]Subject: [Declude.JunkMail] Error 183 in Declude 
  Virus and double processing in Declude JunkMail during heavy 
  loadThis is primarily meant for Declude's support, but I 
  am sending it to the list in the event that the broader scrutiny might be 
  beneficial.I'm currently running Declude 1.82 and Windows 2003 
  SP1.  It appears that under heavy load I am seeing errors from both 
  Declude Virus and Declude JunkMail, and it seems possible that while the 
  errors are triggered by the heavy load, the conditions created might be 
  avoidable.  It seems likely that either IMail or Declude is producing the 
  problem.I have a client that has a Web server that pumps out about 350 
  E-mails every night in rapid succession from their Web server.  This has 
  been causing issues pretty much every night.  Declude Virus throws about 
  a half dozen or so errors during this blast saying "Error 183 creating temp 
  directory [path]", and when this happens, it seems to always do this multiple 
  times for the same file name.  Declude JunkMail seems to also double, 
  tipple, quadruple, etc., process the same files when this happens, which is 
  noted in both the logs as well as the headers that it inserts in the 
  E-mail.  I sometimes find these multiple-processed files stranded in my 
  spool without a Q file.  I'm not sure what conditions associated with the 
  load are causing this, but this can also happen at other times outside of this 
  nightly blast when the CPU's are being pegged.I'm sharing the 
  associated headers and log file entries in the hopes of helping to identify 
  the source of the issue and also potentially resolving it.  Here is a 
  copy of each for one such 
  message:HEADERS==Received: 
  from mx1.mailpure.com [208.7.179.200] by mail.mailpure.com with 
  ESMTP  (SMTPD32-8.15) id A039545F00E0; Thu, 14 Apr 2005 01:31:37 
  -0400Received: from DH04 ([###.###.###.###]) by mx1.mailpure.com with 
  Microsoft SMTPSVC(6.0.3790.211);     Thu, 14 Apr 2005 
  01:31:34 -0400Received: from mail pickup service by DH04 with Microsoft 
  SMTPSVC;     Thu, 14 Apr 2005 01:30:49 -0400From: 
  <[EMAIL PROTECTED]>To: 
  <[EMAIL PROTECTED]>Subject: 
  Nightly Email update from [Company Name]Date: Thu, 14 Apr 2005 01:30:49 
  -0400Message-ID: 
  <[EMAIL PROTECTED]>MIME-Version: 
  1.0Content-Type: multipart/alternative;    
  boundary="=_NextPart_000_0001_01C54091.8C5A7060"X-Mailer: Microsoft 
  CDO for Windows 2000Thread-Index: 
  AcVAsxNWnH6Lzk2RRyizH9lhpqD3BQ==Content-Class: 
  urn:content-classes:messageX-MimeOLE: Produced By Microsoft MimeOLE 
  V6.00.2800.1441X-OriginalArrivalTime: 14 Apr 2005 05:30:49.0363 (UTC) 
  FILETIME=[1DD32E30:01C540B3]Return-Path: [EMAIL PROTECTED]X-MailPure: 
  X-MailPure: 
  FORGEDFROM: Message failed FORGEDFROM test (weight 2).X-MailPure: 
  X-MailPure: 
  Spam Score: 2X-MailPure: Scan Time: 14 Apr 2005 at 01:34:15 
  -0400X-MailPure: Spool File: D0039545f00e0819a.SMDX-MailPure: Server 
  Name: DH04X-MailPure: SMTP Sender: [EMAIL PROTECTED]X-MailPure: 
  Re