Spam Filtering Stops...no warning, no errors

Spam Filtering Stops...no warning, no errors (Full Version)

All Forums >> [Web & Mail Security] >> GFI MailEssentials

Message

Ytsejamer1 -> Spam Filtering Stops...no warning, no errors (1.Jul.2009 9:07:39 PM)
For about the third time in as many months, GFI ME has stopped filtering email messages and spam has come through unimpeded. The "fix" has always been a reboot. The server hums along just fine for a month or so...maybe more...and then all of a sudden it fails to process anymore spam emails. I'm not sure if it's a module failing, a module setting (I do use Directory harvesting to block at the SMTP level), or if one of my mail filter scripts might be causing the issue after so many days,months,emails processed, etc. I have two scripts running at the SMTP OnArrival sink (RSP knows very well each of them)...one to remove read receipts from coming into our organization, and one to filter email from certain addresses and redirect them to another email address. This problem has been happening on and off for the last several months, but now its getting annoying. I can't see any errors in any GFI logs, nothing in the event viewer, etc...Any ideas on where to start troubleshooting this? I can start to remove some of the sink scripts from running...but then I have to wait awhile before GFI pukes again. Thanks all! Edit Now that I think of it...I think i've had more GFI problems when I began using SMTP level directory harvesting. But it is nice to not have to capture ALL of that crap email in my archive each month.

RSP -> RE: Spam Filtering Stops...no warning, no errors (3.Jul.2009 8:15:57 AM)
Uh-oh. Doesn't sound good. I forget your exact setup, so... If your ME is on your Exchange server, unless you use the list server (which needs additional tweaking), use Exchange's recipient filtering instead of SMTP-level Directory Harvesting. It works much better and follows the RFCs in my opinion whereas ME doesn't, and helps to sort out your "now that I think of it" bit :)

Ytsejamer1 -> RE: Spam Filtering Stops...no warning, no errors (6.Jul.2009 9:37:51 AM)
Hey RSP, Yeah, GFI is on a perimeter SMTP server, no exchange... I'm thinking of checking out ORF to work alongside GFI...seems like that might be a decent second option. I am going to mess around with it on my lab box to get familiar with it, but am unsure if I should have ORF first in line, or have it back up GFI in case GFI bites the dust again. It's based on SMTP sink priority...but unfortunately I don't see any sink events that tie to GFI...so i'm not 100 sure of the priority GFI's scanning uses.

RSP -> RE: Spam Filtering Stops...no warning, no errors (6.Jul.2009 9:47:56 AM)
I'd be interested to know how you get on. Mail me off-forum, as this may not be the place to divulge your findings. Given their feature claims, you'll probably end up with ORF first in line.

Page: [1]