Well, I'm late to the party! I love Sandy's idea, it's a great way to "stem the tide".
Matt, absolutely, the problem with the "dir" based delete commands is reading through the tree that NTFS creates, which on a busy disk will be literally all over the hard drive. This would then be complicated because (I think) your SMTP service was still online, and adding new stuff. I noted that you're most of the way done, but putting together 4 great suggestions: - Use Sandy's method to keep the disk clear, at least while you're pulling out the weeds. - Do this for a handy workaround: net stop smtpsvc ren badmail badmail.bad md badmail net start smtpsvc rd /s /q badmail.bad Removing the whole directory with the /s (subdirectories) and /q (quiet) is far, far, far faster than using the del command. Really. You'll likely want to do a disk defrag as soon as you can spare the disk time. I use a VBS script that somebody else posted, and was linked on the Declude Tools webpage. I use it to delete all the files over 7 days old, and I use the AT command to run it every night. I like the AT command because the job runs as SYSTEM, so I don't have to worry about embedding an account and a password (which will expire) like I would have to do with the Scheduled Tasks GUI. Andrew 8) p.s. I now have 2 IP addresses in my IMail SMTP filter; a virus on a workstation on the MCI network has sent us 14,000 copies of PE_ZAFI.B ... it has no chance at succeeding, but our SMTP and Declude just don't need to deal with it again and again and again! -----Original Message----- From: Matt [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 07, 2004 9:36 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OT: How to delete a mass of files on a Windows drive That is definitely "very Sandy" :) I consider the issue to be temporary pending a fix for a bigger problem so I'm going to avoid that work around for now. Simply put, Badmail should never occur if I am correct about how it works (NDR's only). Nick and I are working on a log parser that identifies the IP's of dictionary attacks in ORF, imports them into a zone file, and then ORF uses that zone file to give a temporarily unavailable response which should protect from mistakes if made while effectively blocking a dictionary attack since they won't retry. Nick did the heavy lifting of the log parsing already which we will schedule to run regularly, and I'm going to write something to parse the list of IP's into a DNS zone, remove expired listings, and reload the zone. There are only two small pieces that need to be figured out, one is how to best detect a dictionary attack, we're 90% there but I think we can lower the threshold for listing an IP by tracking other aspects besides just simply frequency. The other one is how to use the Windows 2000 Resource Kit tool to "reload" a DNS zone from within a VBS file, although I might have learned enough about scripting since I last looked at this to make this work. I suppose that one could even just update the HOSTS file as long as the list is short and you have the 'anything but' empty zone located on a real server...hey, I kind of like that idea as a quick fix, but the real zone is better for a distributed system. BTW, the batch file deletion routine is working well, though it still has 2/3 of the 48 strings to go. Matt Sanford Whiteman wrote: >Matt, > >Here is a very "Sandy" way to get what you want (no Badmail at >all). > >1) Use MetaEdit to change the Badmail directory to >C:\Inetpub\Mailroot\Badmail\NUL and restart SMTPSVC. > >2) The above step will trigger event ID 428 "Badmail is suspended" >events in the event log for every SMTP session. This isn't such a big >deal IMO, but you can just turn off these errors with this utility: > >http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/exctrls t-o.asp > >--Sandy > > >------------------------------------ >Sanford Whiteman, Chief Technologist >Broadleaf Systems, a division of >Cypress Integrated Systems, Inc. >e-mail: [EMAIL PROTECTED] > >SpamAssassin plugs into Declude! > http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release / > >Defuse Dictionary Attacks: Turn Exchange Addresses into IMail Aliases! > http://www.mailmage.com/products/software/freeutils/exchange2aliases/downloa d/release/ > >--- >[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.JunkMail". The archives can be found >at http://www.mail-archive.com. > > > > -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
