James,
If you are using the latest beta (1.79), you can use the filters in the hidden beta section of my site:
http://www.mailpure.com/software/decludefilters/beta/
These make use of several new enhancements that can cut the processor utilization of these filters by probably 90% (primarily from the SKIPIFWEIGHT setting). They also simplify the convoluted ANTI filters by doing everything within one single file.
You can also gain a benefit from WHITELIST AUTH in your Global.cfg which whitelists all authenticated users (latest Declude beta and IMail 8.x required).
It seems from the stats that you posted that there is excessive incoming traffic, possibly related to a dictionary attack. If you have domains configured for the nobody alias, try as hard as you can to get rid of them. This can result in every dictionary attack message being scanned, and just in case you are wondering, no, spammers don't care if your server accepts every last message or not, they just keep the dictionary attack running, and recently there has been a rise in full-on dictionary attacks using tens of thousands of addresses or more. These can come from a single IP, or they can be distributed. You should be able to tell if something is happening by just looking at the size of your logs.
Matt
James Nelson wrote:
R. Scott Perry wrote:
I've got it going now, that's probably something I missed last time. With this done and the JM filters disabled, it seems to be running a lot better, but I'm going to watch it and see how it does. I might try enabling the scanners a few at a time after a bit.
I am using F-Prot for virus scanning. Everytime I've tried using the fpcmd.exe scanner it fails to detect anything. I'll try this again. My current scanfile line is as follows:
SCANFILE D:\Progra~1\FSI\F-Prot\F-Prot.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOFLOPPY /NOBOOT /DUMB /REPORT=report.txt
If you change "F-Prot.exe" to "fpcmd.exe" and remove the "/NOFLOPPY", you'll be all set.
One idea that we've been kicking around is seperating the declude functions onto a seperate server that receives all the email for our domains, scans it, and passes it on. Does anyone have some documentation describing this specifically or alternative suggestions?
::James Nelson
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
