RE: Upgrade to 3.2.3 introduced severe slowness
Thomas Check you've done an sa-update after you installed 3.2.3. There's a nasty bug with completewhois lookups in the default 3.2.3. Running sa-update turns off those rules. If you want those rules working then install the patch found in bug id 5589. But easiest 'fix' is run sa-update ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -Original Message- From: Thomas Ledbetter [mailto:[EMAIL PROTECTED] Sent: 20 December 2007 19:17 To: users@spamassassin.apache.org Subject: Upgrade to 3.2.3 introduced severe slowness Hi. I recently tried upgrading our anti-spam servers to run v 3.2.3. Previously we were using 3.1.7. When I tried to do this, performance took a bit hit - messages take more than double the time to scan in 3.2.3 as compared to 3.1.7. As an example, one particular test spam message takes an average of 2 seconds with 3.1.7, but 5.4 seconds with 3.2.3. Turning off network tests helps, but there is still a slight (~20%) increase in scan time even without network tests between the 2 versions. I tried the 'use bytes' hack with Message.pm and I verified that 'use bytes' is the default on most of the plugins. I tried disabling just some of the network tests by setting their scores to '0', and that didnt seem to affect scan time at all?!? Can someone shed any light as to what might be the problem here? I want to retain the network tests that we were using in 3.1.7. Is there a way to revert to the exact same network tests from 3.1.7 while using 3.2.3.? -- View this message in context: http://www.nabble.com/Upgrade-to-3.2.3- introduced-severe-slowness-tp14443024p14443024.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com. ** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom **
Will DKIM reduce the spam score
Hi there, I am looking into DKIM in order to make it more easy for e-mail providers to verify my server adress and therefore get a trustworthy spam score like ALL_TRUSTED, or BAYES_00. Do you believe that adding DKIM support for postfix will help? I looked into the postfix help on how to achieve that: http://www.postfix.org/MILTER_README.html Unfortunatelly that would meen that I would have to upgrade from 2.2.1 which I would rather like to not touch. I am not even sure if it would help. My situation is, that I am running a community page that sends for example opt-in registration emails to verify e-mail adresses on sign-ups. Some e-mail providers seem to mark that as untrusted, or even spam with a score of 0-3.5. I would like to make sure all e-mail got delivered and do search therefore for ways to add signatures or similar to set myself apart from spammers. Thank you for any hint on how to proceed from here. Best regards, Merlin -- Merlin [EMAIL PROTECTED] -- http://www.fastmail.fm - Email service worth paying for. Try it for free
RE: Get HAM's from Exchange / Outlook
On Thursday, December 20, 2007 5:49 PM Steven Stern wrote: Jason Holbrook wrote: Hello all, anyone have an idea of how to get HAM's from an exchange / Outlook environment back to SA? I've posted a howto at http://sstern.ccim.com/2006/07/14/training-sitewide-spam-filters/ Steven, Would you mind elaborating on the spamiam.fetchmailrc script? What interpreter are you using and what packages are prerequisites? Jason A. Bertoch Network Administrator [EMAIL PROTECTED] Electronet Broadband Communications 3411 Capital Medical Blvd. Tallahassee, FL 32308 (V) 850.222.0229 (F) 850.222.8771
Re: StupidFilter
Kenneth Porter wrote: A teammate called my attention to this interesting project: http://stupidfilter.org/main/index.php?n=Main.About The solution we're creating is simple: an open-source filter software that can detect rampant stupidity in written English. This will be accomplished with weighted Bayesian or similar analysis and some rules-based processing, similar to spam detection engines. The primary challenge inherent in our task is that stupidity is not a binary distinction, but rather a matter of degree. To this end, we're collecting a ranked corpus of stupid text, gleaned from user comments on public websites and ranked on a five-point scale. Might make a good SA plugin. What would be the difference in assuming that everything is stupid, then create a smartness filter that only allows good ideas through. I mean, it would be closer to reality that way. Speaking of that, what ever happened to the idea that someone had a few months ago? It was a new approach to filter email. The main idea was to assume that everything was spam, then build your filter based on good mail qualities. Seeing as how my spam/ham ratio is about 100/1, it seems more applicable. -Aubrey
Re: Get HAM's from Exchange / Outlook
Jason Bertoch wrote: On Thursday, December 20, 2007 5:49 PM Steven Stern wrote: Jason Holbrook wrote: Hello all, anyone have an idea of how to get HAM's from an exchange / Outlook environment back to SA? I've posted a howto at http://sstern.ccim.com/2006/07/14/training-sitewide-spam-filters/ Steven, Would you mind elaborating on the spamiam.fetchmailrc script? What interpreter are you using and what packages are prerequisites? All you need is fetchmail, and it's probably already installed in your distro. spamiam.fetchmailrc is read by fetchmail, giving it the necessary instructions to fetch mail from a public folder on the Exchange server. ||
Re: Rise up bayes tests
Matus UHLAR - fantomas writes: Paolo De Marco schrieb: Sometimes only bayes tests hit mails, so i recieve mail whit only bayes point (for exemple: X-Spam-Status: No, score=3.5 tagged_above=-999 required=5 tests=[BAYES_99=3.5]) Does anyone raise up the score of bayesan test? Is it safe? Matthias Haegele writes: afaik it is not recommended to raise the Bayes Score You could do it but keep in mind if bayes is misguided your higher score hits. (With a well trained bayes it seems reasonable to me) Perhaps you could find some additional rules/network tests ... (sare-rules, razor, dcc, pyzor etc (watch licenses if you could use them)). On new few lines text spam i often get bayes_00 so it is not always useful. On 20.12.07 11:53, Justin Mason wrote: Actually, that's not quite right -- it's perfectly fine to raise the BAYES_99 score, if you feel you've trained it well enough. IIUC the main problem with higher score is that many people don't know how to train bayes properly, and then often treat unwanted messages (e.g. from mailing lists they have subscribed to) as spam. Yes, it's important that you must be confident in your training before you do this. however the scores 3.5 for BAYES_99 and -2.6 for BAYES_00 are often treated as too low and I've seen many requests to make them higher (in absolute value). The problem with adjusting scores is that when someone starts doing it, many things can happen... --j.
Re: Get HAM's from Exchange / Outlook
On 20.12.07 17:41, Jason Holbrook wrote: Hello all, anyone have an idea of how to get HAM's from an exchange / Outlook environment back to SA? My incoming is scanned by a SA gateway but outgoing goes straight from exchange to the cloud. I would be carefull doing that... Outlook and even more Exchange are known for modifying message headers which could affect score in both ways... -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Holmes, what kind of school did you study to be a detective? - Elementary, Watson.
Re: Will DKIM reduce the spam score
Merlin: I have a couple of -very- old Postfix 2.1.5 mail servers up and running with DKIM signing support. How did I achieve that? by means of Amavisd-new and DKIM-Proxy. Basically, I route every mail originated at my server (e.g, via webmail, OR TLS-authenticated users) to a different Amavis stanza, and then I make DKIM-Proxy sign outgoing messages. You can find more info at Amavis site and DKIM Proxy (http://home.messiah.edu/~jlong/dkimproxy/) sites. If you want more info, I have written a HOWTO, but is in Spanish, tough the main concepts can be easily grabbed. Luis 2007/12/21, Merlin [EMAIL PROTECTED]: Hi there, I am looking into DKIM in order to make it more easy for e-mail providers to verify my server adress and therefore get a trustworthy spam score like ALL_TRUSTED, or BAYES_00. Do you believe that adding DKIM support for postfix will help? I looked into the postfix help on how to achieve that: http://www.postfix.org/MILTER_README.html Unfortunatelly that would meen that I would have to upgrade from 2.2.1 which I would rather like to not touch. I am not even sure if it would help. My situation is, that I am running a community page that sends for example opt-in registration emails to verify e-mail adresses on sign-ups. Some e-mail providers seem to mark that as untrusted, or even spam with a score of 0-3.5. I would like to make sure all e-mail got delivered and do search therefore for ways to add signatures or similar to set myself apart from spammers. Thank you for any hint on how to proceed from here. Best regards, Merlin -- Merlin [EMAIL PROTECTED] -- http://www.fastmail.fm - Email service worth paying for. Try it for free -- - GNU-GPL: May The Source Be With You... Linux Registered User #448382. When I grow up, I wanna be like Theo... -
Re: Rise up bayes tests
Paolo De Marco schrieb: Sometimes only bayes tests hit mails, so i recieve mail whit only bayes point (for exemple: X-Spam-Status: No, score=3.5 tagged_above=-999 required=5 tests=[BAYES_99=3.5]) Does anyone raise up the score of bayesan test? Is it safe? Matthias Haegele writes: afaik it is not recommended to raise the Bayes Score You could do it but keep in mind if bayes is misguided your higher score hits. (With a well trained bayes it seems reasonable to me) Perhaps you could find some additional rules/network tests ... (sare-rules, razor, dcc, pyzor etc (watch licenses if you could use them)). On new few lines text spam i often get bayes_00 so it is not always useful. On 20.12.07 11:53, Justin Mason wrote: Actually, that's not quite right -- it's perfectly fine to raise the BAYES_99 score, if you feel you've trained it well enough. IIUC the main problem with higher score is that many people don't know how to train bayes properly, and then often treat unwanted messages (e.g. from mailing lists they have subscribed to) as spam. however the scores 3.5 for BAYES_99 and -2.6 for BAYES_00 are often treated as too low and I've seen many requests to make them higher (in absolute value). The problem with adjusting scores is that when someone starts doing it, many things can happen... -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email to 100 your friends - let them see what an idiot you are
spamc/spamd failure
I'm running 3.2.3. I'm noticing that spamc/spamd fails when it's presented large messages containing rather large mime attachments (like more than a megabyte or so). When I run the messages through spamc by hand, it returns immediately with a not-spam result with headers like this: X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: When I run other messages through spamc, it muches on it for a while before much more normal headers like: X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on charm.networkguild.org X-Spam-Level: ... Anyone else seen this? Anyone have a fix? By the way, for those running snertsoft's milter-spamc, this shows up in the log as 'SPAMD status line failure' Michael Grant
Re: spamc/spamd failure
Michael Grant wrote: I'm running 3.2.3. I'm noticing that spamc/spamd fails when it's presented large messages containing rather large mime attachments (like more than a megabyte or so). When I run the messages through spamc by hand, it returns immediately with a not-spam result with headers like this: X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: When I run other messages through spamc, it muches on it for a while before much more normal headers like: X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on charm.networkguild.org X-Spam-Level: ... Anyone else seen this? Anyone have a fix? By the way, for those running snertsoft's milter-spamc, this shows up in the log as 'SPAMD status line failure' Michael Grant Hi, spamd doesn't scan messages over 256k by default. Might be what you are seeing. Regards, Rick
Re: spamc/spamd failure
On Fri, Dec 21, 2007 at 04:58:44PM +0100, Michael Grant wrote: I'm running 3.2.3. I'm noticing that spamc/spamd fails when it's presented large messages containing rather large mime attachments It doesn't fail in as much as it doesn't send it to spamd, as per its design. Anyone else seen this? Anyone have a fix? man spamd It's suggested to not send messages to spamd that are 250K in size. -- Randomly Selected Tagline: I'm a lesbian trapped in a man's body. - W. Smith pgpegYHo77fuF.pgp Description: PGP signature
RE: Get HAM's from Exchange / Outlook
Steven Stern wrote: Jason Holbrook wrote: Hello all, anyone have an idea of how to get HAM’s from an exchange / Outlook environment back to SA? My incoming is scanned by a SA gateway but outgoing goes straight from exchange to the cloud. Best Regards, Jason Holbrook Chief Technology Integrator / Partner Empower Information Systems [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] weblog.empoweris.com http://weblog.empoweris.com/ www.empoweris.com http://www.empoweris.com Skype: holbrook.jason Gtalk: jaholbrook 757-320-2667 (Direct) 757-273-9399 (office) 757-715-1944 (cell) 866-477-1544 (toll free) I've posted a howto at http://sstern.ccim.com/2006/07/14/training-sitewide-spam-filters/ This relies on users (or worse, admins) putting mail in PFs. I used a similar scheme, and it was cumbersome. I've found that Maia Mailguard is a useful tool that wraps itself around SpamAssassin, and presents the users with a web page with which they can classify/rescue inbound emails, along with reminder emails to the users, etc. http://www.maiamailguard.com Incredibly spiffy. Kurt
Re: Bounce notification
dvesely wrote: My server manager tells me that my Windows version of SpamAssasin cannot reject email at the SMTP level. This is only possibble in the Unix version. True or False? False but for a different reason. False because the Unix version of SpamAssassin can't reject at the SMTP level either. SpamAssassin is not an MTA and does not transfer mail with SMTP. An MTA (mail transfer agent) such as the classic old Sendmail or the newer Postfix and Exim programs use SMTP to transfer mail from host to host. These could be MS-Windows but are usually Unix or GNU server machines. Usually on MS-Windows the MS-Exchange program is used. Only those programs can reject at the SMTP level. If the address is to an invalid address then the MTA has the capability to know immediately if the message should be rejected. It can't deliver it and therefore it should not accept the message. This has nothing to do with spam. This only has to do with valid addresses and being able to successfully deliver the message. If the message can't be delivered then it needs to be rejected. In the old days (and sadly today on some large organization site) border machines would receive the message and route the mail through multiple hops to a final destination machine. At the final destination it might be undeliverable. In that case a bounce message is generated and returned to the specified from address. This has been used by spammers in the past to bounce their spam to their victims. They create a known invalid address as the recipient at a site known to create bounce messages after having accepted them. They forge a victim address as the from address. The message can't be delivered and the bounce message then carries the spam payload message as a bounce reply to the forged victim from address as backscatter. Also known as a joe-job. As an additional (newish) capability people want to be able to reject spam immediately at SMTP time too. In order to do that many people have added plugins to the MTA (aka milters [mail filter]) to examine the message at the time of transfer and make an immediate decision before the SMTP accept as to whether the message is to be accepted or rejected. If the message is classified as spam by the plugin then the MTA can reject the message at that time. Using virus scanners and SpamAssassin as a plugin to the MTA to do this is quite popular. But SpamAssassin itself is not doing any of the bouncing. It is solely the responsibility of the MTA, perhaps based upon input from these plugins. If you don't have control over your MTA then you do not have the option of doing this. In which case you should only silently quarantine or silently discard messages classified as spam. Bob
Re: Bounce notification
On Fri, 21 Dec 2007, Bob Proulx wrote: dvesely wrote: My server manager tells me that my Windows version of SpamAssasin cannot reject email at the SMTP level. This is only possibble in the Unix version. True or False? False but for a different reason. False because the Unix version of SpamAssassin can't reject at the SMTP level either. SpamAssassin is [deleted] In the old days (and sadly today on some large organization site) border machines would receive the message and route the mail through multiple hops to a final destination machine. At the final destination it might be undeliverable. In that case a bounce message is generated and returned to the specified from address. This has been used by spammers in the past to bounce their spam to their victims. They create a known invalid address as the recipient at a site known to create bounce messages after having accepted them. They forge a victim address as the from address. The message can't be delivered and the bounce message then carries the spam payload message as a bounce reply to the forged victim from address as backscatter. Also known as a joe-job. This is a bit off topic, but I've noticed that a lot of backscatter arriving at my site has email addresses that are obviously forged to be incorrect, as in [EMAIL PROTECTED], where the same address without the _qq is a valid email address. Its not a dictionary attack because the addresses are all different, but each is a slight modification of a valid address, and I've always assumed that the spammers using this technique don't want the bounced messages delivered in order to cover their tracks. However, that doesn't make much sense since any messages that did get delivered (i.e. didn't get bounced) would have the same routing info so why not use a valid bounce address to improve the odds that the spam will get delivered somewhere. Has anyone else encountered forged from addresses that are obviously meant to be incorrect, and does anyone have any idea why a spammer might choose to do that, rather than forge a correct address and double the odds that the spam will get through. - rick
Re: Bounce notification
I am running a windows server with Smartermail and SpamAssasin. While I understand what you are telling me below I would really appreciate a suggestion or reccomendation on how to setup a system that will control spam and notify users who's email is blocked in error. Any suggestions or examples you can give would be appreciated. Dan Bob Proulx wrote: dvesely wrote: My server manager tells me that my Windows version of SpamAssasin cannot reject email at the SMTP level. This is only possibble in the Unix version. True or False? False but for a different reason. False because the Unix version of SpamAssassin can't reject at the SMTP level either. SpamAssassin is not an MTA and does not transfer mail with SMTP. An MTA (mail transfer agent) such as the classic old Sendmail or the newer Postfix and Exim programs use SMTP to transfer mail from host to host. These could be MS-Windows but are usually Unix or GNU server machines. Usually on MS-Windows the MS-Exchange program is used. Only those programs can reject at the SMTP level. If the address is to an invalid address then the MTA has the capability to know immediately if the message should be rejected. It can't deliver it and therefore it should not accept the message. This has nothing to do with spam. This only has to do with valid addresses and being able to successfully deliver the message. If the message can't be delivered then it needs to be rejected. In the old days (and sadly today on some large organization site) border machines would receive the message and route the mail through multiple hops to a final destination machine. At the final destination it might be undeliverable. In that case a bounce message is generated and returned to the specified from address. This has been used by spammers in the past to bounce their spam to their victims. They create a known invalid address as the recipient at a site known to create bounce messages after having accepted them. They forge a victim address as the from address. The message can't be delivered and the bounce message then carries the spam payload message as a bounce reply to the forged victim from address as backscatter. Also known as a joe-job. As an additional (newish) capability people want to be able to reject spam immediately at SMTP time too. In order to do that many people have added plugins to the MTA (aka milters [mail filter]) to examine the message at the time of transfer and make an immediate decision before the SMTP accept as to whether the message is to be accepted or rejected. If the message is classified as spam by the plugin then the MTA can reject the message at that time. Using virus scanners and SpamAssassin as a plugin to the MTA to do this is quite popular. But SpamAssassin itself is not doing any of the bouncing. It is solely the responsibility of the MTA, perhaps based upon input from these plugins. If you don't have control over your MTA then you do not have the option of doing this. In which case you should only silently quarantine or silently discard messages classified as spam. Bob -- View this message in context: http://www.nabble.com/Bounce-notification-tp14432035p14462333.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Bounce notification
On 21.12.07 13:01, dvesely wrote: I am running a windows server with Smartermail and SpamAssasin. While I understand what you are telling me below I would really appreciate a suggestion or reccomendation on how to setup a system that will control spam and notify users who's email is blocked in error. notify who about what? If you reject at SMTP level, notifications to senders are up to the sending SMTP servers. You even don't want to notify receivers - if you users don't want be abused by the spam, they surely don't want to be abused by the notifications about each spam blocked. Just configure rejection with score high enough (I use 10) and you won't have to take care about notifications. (scores above 7 may appear in some hams, sent by lame mailer from users who don't know about that) -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. M$ Win's are shit, do not use it !
Problem starting/stoping spamassasin
Hello, sorry for posting a similar question (saw a post like this, but I did not see a solution that I can understand). I have just inherited this configuration and was not part of the installation process and that is why I cannot find a solution. The server where the spamassasin is running is just a mail proxy. It was running just fine up until few days ago. At the moment, I have 13389 email messages in the /var/spool/postfix/active/ folder and that number is growing. In the past (since the person who configured this left) I would solve this by executing # spamassasin stop # spamassasin start. However, now I am getting this message when I try to stop the spamassasin # spamassassin stop [17194] warn: archive-iterator: unable to open status: No such file or directory Now, I think 2 relevant updates from crontab are /usr/bin/yum -y -e 0 update /usr/bin/sa-update --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com --channel updates.spamassassin.org So seems like what had happened is that some libraries have been updated but now I cannot find which ones. It looks to me that Perl have been updated but to this point I am still trying to find where the problem is. If anyone knows some solution to this or at least a pointer on how to solve this it would be very appreciated. Thanks, Dejan
Re: Problem starting/stoping spamassasin
- Original Message - From: Theo Van Dinter [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Saturday, December 22, 2007 1:13 AM Subject: Re: Problem starting/stoping spamassasin spamassasin stop Negative. There is no such command as spamassasin. Must be a home build script or command. The filter command is spamassassin, not spamassasin. Anyway, calling spamassassin stop gives this as response: [27187] warn: archive-iterator: unable to open stop: No such file or directory
Re: Problem starting/stoping spamassasin
On Fri, Dec 21, 2007 at 03:26:55PM -0600, Dejan Jovanovic wrote: # spamassasin stop # spamassasin start. However, now I am getting this message when I try to stop the spamassasin # spamassassin stop [17194] warn: archive-iterator: unable to open status: No such file or directory spamassassin is a script that filters mail. It does not start or stop a service. Perhaps you want /etc/init.d/spamassassin, or service spamassassin, or whatever is appropriate for your OS. -- Randomly Selected Tagline: ... now a branch instruction is like bringing a case of beer to the party ... - Prof. Michaelson pgp68f0uOmcyS.pgp Description: PGP signature
Re: Problem starting/stoping spamassasin
On RedHat systems, at least, the init.d script that runs spamd is named spamassassin. So possibly what was meant here was service spamassassin start service spamassassin stop
Re: spamc/spamd failure
On Sat, Dec 22, 2007 at 01:32:57AM +0100, Michael Grant wrote: Anyone else seen this? Anyone have a fix? man spamd It's suggested to not send messages to spamd that are 250K in size. Actually, it doesn't say this in the spamd man page at all. However, spamc does have a limit and it states the maximum message size is Doh. Yeah, I meant spamc. Sorry. 256M, not 256K and defaults to 500K. I see one needs to set the -s It depends on your SA version. It used to be 256k, but apparently 3.2 upped it to 500k. not be an issue. These messages are well below 256M. milter-spamc only sends down the first 64K of the message in fact. Wow, that would be pretty broken IMO. Furthermore, if spamd is rejecting the message because of message size, it would be really good if it returned an error like message spamd doesn't care about message size, it'll scan whatever it gets. -- Randomly Selected Tagline: I could nail your head to the table, set fire to it, and feed the charred remains to the pak-mara. But we can't always get what we want. - Sheridan on Babylon 5 pgpIx7vtn9Nmd.pgp Description: PGP signature
Re: Problem starting/stoping spamassasin
All of you are correct of course. First of all I misspelled the spamassassin as 'spamassasin' but also, it was a home built script. Once I did service spamassassin stop and then service spamassassin start everything worked like a charm, and number of active mail is now getting smaller. Thanks a lot Dejan