Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Member List  Search  FAQ  Ticket List  Log Out

 

Directory Harvesting deleting legitimate emails!!

  		Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [Web & Mail Security] >> GFI MailEssentials >> Directory Harvesting deleting legitimate emails!! Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
Directory Harvesting deleting legitimate emails!! - 29.Sep.2008 7:49:37 AM   
Kremlar

 

Posts: 22
Joined: 25.May2007
Status: offline
OK, I posted here a week or 2 ago:

 
After enabling logging on the Directory Harvesting module, I've found that it IS the Directory Harvesting module that is deleting my emails. 

Running Exchange 2000 and latest build of GFI 12 (on a separate Windows 2003 box).
 
Basically, this AM I once again found no email coming in.  Messages were being queued up on my Exchange server, and the SMTP service was hung. 
 
I tried stopping/restarting the SMTP service, but got nowhere so I had to reboot the server.  After rebooting, all queued emails were delivered.  I tried sending a couple of test emails in, but they never made it to the mailbox.  I checked the Directory Harvesting logs, and sure enough they were being deleted.  I opened the GFI Configuration, and did a "Test" on the Directory Harvesting module, and it said the email address was valid!  I then again sent a test email in, it never made it, and verified the module log said it was deleted.

I rebooted the GFI box, and now incoming emails seem to be making it through.
 
So, I guess I have 2 issues going on:
 1 - why is my Exchange's SMTP service hanging up?
 2 - why is the Directory Harvesting module tagging legitimate emails?
 
What is going on, exactly?  Any suggestions??
Post #: 1
RE: Directory Harvesting deleting legitimate emails!! - 29.Sep.2008 8:09:22 AM   
RSP

 

Posts: 1447
Joined: 31.Oct.2006
From: The East Riding of Yorkshire, UK
Status: offline 		First check your inbound domains is correct on the properties of General.

Your previous post said build 20071203, which is not the latest. Have you upgraded since?

(in reply to Kremlar)
Post #: 2
RE: Directory Harvesting deleting legitimate emails!! - 29.Sep.2008 8:19:33 AM   
Kremlar

 

Posts: 22
Joined: 25.May2007
Status: offline 		I just double-checked, and the general tab shows my domain correctly.

Yes, I upgaded to build 20080623 after my last post.

Now that I've rebooted my GFI server, emails are correctly passing through the Directory Harvesting module.

I have disabled that module for now.

(in reply to RSP)
Post #: 3
RE: Directory Harvesting deleting legitimate emails!! - 29.Sep.2008 9:11:43 AM   
RSP

 

Posts: 1447
Joined: 31.Oct.2006
From: The East Riding of Yorkshire, UK
Status: offline 		Out of interest, does it show your domain in capital letters or lower-case letters?

The reason I'm asking is because there is a patch (although it applies to whitelisting) that specifically mentions this capitalisation.

(in reply to Kremlar)
Post #: 4
RE: Directory Harvesting deleting legitimate emails!! - 29.Sep.2008 9:14:04 AM   
Kremlar

 

Posts: 22
Joined: 25.May2007
Status: offline 		Capital letters.

(in reply to RSP)
Post #: 5
RE: Directory Harvesting deleting legitimate emails!! - 29.Sep.2008 9:17:11 AM   
RSP

 

Posts: 1447
Joined: 31.Oct.2006
From: The East Riding of Yorkshire, UK
Status: offline 		Ok, that's probably not related then; my installs are using capitals.

Do you have debugging enabled? If so, can you paste the appropriate parts of the ase.gfi_log.txt, as this should provide clues as to why the emails were blocked.

(in reply to Kremlar)
Post #: 6
RE: Directory Harvesting deleting legitimate emails!! - 29.Sep.2008 9:28:48 AM   
Kremlar

 

Posts: 22
Joined: 25.May2007
Status: offline 		That log only seems to contain the last few minutes worth of events.  The problem is not occuring right now (since I rebooted the gateway machine).  Is there something I'm missing?

(in reply to RSP)
Post #: 7
RE: Directory Harvesting deleting legitimate emails!! - 29.Sep.2008 9:38:14 AM   
RSP

 

Posts: 1447
Joined: 31.Oct.2006
From: The East Riding of Yorkshire, UK
Status: offline 		No, that's the correct log. I don't know how much data it should retain though. Mine has 4hr's worth, plus another 12hr in the .bak file.

I'm guessing you don't want to replicate the problem

(in reply to Kremlar)
Post #: 8
RE: Directory Harvesting deleting legitimate emails!! - 29.Sep.2008 9:42:17 AM   
John Letourneau

 

Posts: 1669
Joined: 28.Apr.2008
Status: offline 		Kremlar,

If the problem does come back please post the log requested by RSP as we should be able to view what is happening to these messages and make a determination as to what is going on.

_____________________________

John Letourneau
GFI Software
Blog-Twitter-YouTube-Facebook

(in reply to RSP)
Post #: 9
RE: Directory Harvesting deleting legitimate emails!! - 29.Sep.2008 9:46:33 AM   
Kremlar

 

Posts: 22
Joined: 25.May2007
Status: offline
quote:

If the problem does come back please post the log requested by RSP as we should be able to view what is happening to these messages and make a determination as to what is going on.


That log only seems to have the past few minutes of information on my server.  So, if the problem occurs again, while it's occuring grab a copy of that file?

Thanks

(in reply to John Letourneau)
Post #: 10
RE: Directory Harvesting deleting legitimate emails!! - 30.Sep.2008 10:59:57 AM   
Bill Roland

 

Posts: 155
Joined: 19.Mar.2004
From: Ocala, FL
Status: offline 		Its a problem with MailEssentials, I've had the same problem occur twice. 

(in reply to Kremlar)
Post #: 11
RE: Directory Harvesting deleting legitimate emails!! - 3.Oct.2008 10:12:20 AM   
jcelis

 

Posts: 7
Joined: 3.Oct.2008
Status: offline 		Good morning, somebody could help me, I have a similar problem.

I have disabled that module Directory Harvesting for now.
 
Please help me!!!   

(in reply to Bill Roland)
Post #: 12
RE: Directory Harvesting deleting legitimate emails!! - 3.Oct.2008 10:15:57 AM   
RSP

 

Posts: 1447
Joined: 31.Oct.2006
From: The East Riding of Yorkshire, UK
Status: offline
quote:

ORIGINAL: jcelis

Good morning, somebody could help me, I have a similar problem.

I have disabled that module Directory Harvesting for now.
 
Please help me!!!   


Do you have debugging enabled? If so, can you paste the appropriate parts of the ase.gfi_log.txt, as this should provide clues as to why the emails were blocked.

(in reply to jcelis)
Post #: 13
RE: Directory Harvesting deleting legitimate emails!! - 3.Oct.2008 10:30:42 AM   
jcelis

 

Posts: 7
Joined: 3.Oct.2008
Status: offline 		HOW COULD I MAKE IT?

THANKS YOU

(in reply to RSP)
Post #: 14
RE: Directory Harvesting deleting legitimate emails!! - 3.Oct.2008 10:32:12 AM   
RSP

 

Posts: 1447
Joined: 31.Oct.2006
From: The East Riding of Yorkshire, UK
Status: offline 		http://kbase.gfi.com/showarticle.asp?id=KBID001835

(in reply to jcelis)
Post #: 15
Page:   [1] 2   next >   >>
All Forums >> [Web & Mail Security] >> GFI MailEssentials >> Directory Harvesting deleting legitimate emails!! Page: [1] 2   next >   >>
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts