| Show all Answers |
| Close all answers |
| ¡@ |
| 1.1General |
| Q1.1-1. |
What is NOPAM? |
| A. NOPAM is a software to filter and intercept email spam, which has the following advantages: |
|
|
|
- Easy Installation (no necessary on setting white/black lists)
|
- No language differentiation problems.
|
| On future extensibilities, Nopam could archive the processed emails and therefore provide advance functions on emails backup, search, important document protection, data mining, and even knowledge management. |
|
| Q1.1-2. |
What's the license of Nopam? |
| A. Nopam is developed for public welfare. If there is incoming profit because Nopam has achieved solid contributions to the society on its outstanding technique, all income would be the fund for further system development, maintenance, and non-profit pupose. |
| Education institutes, academic research centers and non-profit organizations, all are authorized to use Nopam free. |
| Commercial cooperation such as technique authorization, cooperative development, or sales delegation,, would be depending on agreement through business contact. |
|
| Q1.1-3. |
What are the hardware and software requirements of Nopam? |
| A. The hardware requirements to run Nopam vary with the amount of mails to be processed daily. For hardware, we suggest: 2.0 Ghz Pentium IV processor (and above), 512 MB RAM, and 40 GB disk space. For software, FreeBSD 4.8 (and above), 5.x (and above) are supported. |
| Note: FreeBSD 5.x must be installed with FreeBSD 4.x compatible library. (/usr/lib/compat/libc.so.4)
Note**: Nopam prior to v2.0 does NOT support FreeBSD 6.x. |
|
| Q1.1-4. |
Where is the SCU (Spam Checking User Interface) installed in NOPAM 1.0 package? |
A. SCU module is not yet available in the current NOPAM 1.0/1.1/1.2 package. We will keep use posted if it's ready in the near future.
On current stage, since SCU is not installed, Nopam would not retain spam on the server. User can mark spam by adding specific prefix to emails subject, and classify them into different folder from their favorite mail readers. |
|
| Q1.1-5. |
How to manage the intercepted spam through SCU? |
| A. If you choose to activate SCU during Nopam installation, you can browse and manage spam through SCU. User can login into SCU by using email address as ID and the password from http://server:port/scu. If you find normal mails in SCU, you can click on the link ¡§This Is Not Spam¡¨ on top of the screen, and the mail will be sent back to you immediately. |
|
| Q1.1-6. |
How to turn on Nopam's advanced debug messages? |
| A. Advanced debug message can be used for deeply tracking program execution. If advanced debug message is enabled, it will be place under the "log/" directory and stored as a log file in the disk. |
| Nopam can produce these debug messages: |
| Debug message type |
Description |
| Plug-in |
Nopam may lookup external resources (ex. RBL or DCC) while detecting spam. When these external resources are used, the returned information can be outputted as debug message. |
| Abstract |
To facilitate the lookup of specific content of processed mails, Nopam can extract some attributes from these mails and dump them as debug messages. |
| Normalized mail |
Internet mails are encoded before delivery, Nopam will decode them during the filtering. If "normalized mail" debug message is turned on, except binary attachments, Nopam saves all decoded contents into debug message. |
|
| By default, these advanced debug message are turned off. If you understand what contained in these messages and want to join Nopam's Collaborative Users Program, you are welcome to submit these debug messages to us. With these advanced debug messages, it's possible for Nopam development team to elevate Spam mail detection rate for your organization. These advanced debug messages can be turned on by following procedures (after Nopam v1.2): |
| Debug message type |
Procedures to activate |
| Plug-in |
Modify the variable "LOG_PLUGIN" in "conf/lsd.conf":
LOG_PLUGIN=plugin.%Y%m%d
If the variable doesn't exist, please add it into "conf/lsd.conf".
* Filename format and location: logs/plugin.yyyymmdd |
| Abstract |
Modify the variables "LOG_DEBUG" and "LSD_DEBUG_INFO" in "conf/lsd.conf":
LOG_DEBUG=lsd_stdout.%Y%m%d
LSD_DEBUG_INFO=1
If the variables don't exist, please add them into "conf/lsd.conf".
* Filename format and location: logs/lsd_stdout.yyyymmdd |
| Normalized mail |
Modify the variables "NORM_MAIL_ARCHIVE" in "conf/lsd.conf":
NORM_MAIL_ARCHIVE=1
If the variable doesn't exist, please add it into "conf/lsd.conf".
* Filename format and location:
logs/ham_mail.norm.yyyymmdd
logs/spam_mail.norm.yyyymmdd |
|
|
| ¡@ |
| 1.2 Management |
| Q1.2-1. |
Please give a basic introduction of the Nopam directory layout after installation. |
| A. When installation is completed, Nopam directory layout should contain following sub-directories: |
| bin/¡@¡ö all the executive files are here. |
| conf/¡@¡ö all the configuration files are here. |
| data/¡@¡ö data about mail queue, spam spool |
| logs/¡@¡ö here stores log files and backup emails. |
| tmp/¡@¡ö here stores temporary files. |
|
| Q1.2-2. |
How to start or stop Nopam? |
| A. First, you have to switch user to the assigned one on Nopam's installation(“nopam”by default). |
| To start Nopam, change to the directory where Nopam installed, then execute following command under bin/: |
|
| And also you can manually start Nopam system under command line by the following scripts: |
| ¡@> ./switch_start.sh |
| ¡@> ./lsd_start.sh |
| ¡@> ./qs_agent.sh |
| To stop Nopam, execute this under bin/: |
|
| Or on the command line, execute the scripts below: |
| ¡@> killall bwd_qs |
| ¡@> killall bwd_lsd |
| ¡@> killall bwd_agent |
| Please note, to execute "./nopamctl start" and "./nopam ctl stop", you must change directory to "bin/" under the Nopam installed directory. |
| If Nopam is already running, to restart Nopam, except the stop-start command described above, you can also use: |
|
| When "./nopamctl restart" is used to restart Nopam, the TCP port listened by Nopam will be changed before LSD started. The TCP ports listed by LSD will switch between 10025~10029. |
|
| Q1.2-3. |
What should I do if there is an error message "Init_ID_socket: bind fail port" during Nopam startup? |
A. Possible reasons as follows:
£»The assigned port had already been occupied by other programs in OS.
£»The assigned port is under 1024, you have to switch to "root" before starting Nopam.
£»If the messages appears because of restarting Nopam, it is possible that the OS has not yet totally release resources of the last-executed Nopam program. You can wait awhile and try again. |
| Regarding the last case, if you wait for a long while and the port bound by last-executed process still not released, you can execute the following command under "bin/" directory of the Nopam installed directory, to force Nopam to change LSD port, then retart Nopam: |
| ¡@> ./nopamctl restart¡@¡ö restart Noapm system |
|
| Q1.2-4. |
How do I know that Nopam is running normally? |
| A. First, check the existence of following processes: |
| ¡@ bwd_qs, bwd_lsd, bwd_agent |
| ¡@ |
| Second, look into file "qs.YYYYMMDD" (YYYYMMDD means the date mails come) under "logs/" of the Nopam installed directory. If there are incoming mails, it's recorded in the log. For instance: |
20050810 17:29:55 Client arrival from mail04.ccu.edu.tw
20050810 17:29:56 Get 1th mail 47B922F7 (2373B) from mail04.ccu.edu.tw
ID:j7A9TnWS072463;
20050810 17:29:56 Send mail 47B922F7 to LSD 127.0.0.1:10026 ok (0 sec)
20050810 17:29:56 Client disconnect mail04.ccu.edu.tw
with 1 mails delivered [0:0:0.0000] |
|
| ¡@ |
| Besides, the delivering result of processed emails are logged at "lsd.YYYYMMDD". For instance: |
20050810 17:31:21 process_mail: fork pid=65918 (2/20, 15/240)
20050810 17:31:21 process_mail: materialize mail 47B92344 into
/usr/local/NOPAM/data/lsd_async/4/#qs_47B92344
20050810 17:31:21 process_mail: begin 47B92344, flag_fork=65918)
20050810 17:31:21 deliver SPAM 47B92344 to *140.123.5.113:10024 in 0s,
(250 2.0.0 j7A9VKTs078572 Message accepted for delivery) |
|
| So that if you can see incoming emails, and after filtering, SPAM and HAM could be delivered to the assigned MTA hosts, then Nopam is running normally. |
|
| Q1.2-5. |
How to trace mails processed by Nopam through /var/log/maillog? |
| A. Nopam will log the serial number of all processed mails onto /var/log/maillog, the log looks like: |
Aug 10 17:35:35 NOPAM LSD: lsd 1203315708,47B923FC; j7A9XrVh079096;;
250 2.0.0 j7A9ZYrX072829 Message accepted for delivery
Aug 10 17:35:36 NOPAM LSD: lsd 1203315703,47B923F7; j7A9XrVf079096;;
250 2.0.0 j7A9ZaSs093097 Message accepted for delivery
Aug 10 17:35:37 NOPAM LSD: lsd 1203315726,47B9240E; j7A9ZNe8093052;
250 2.0.0 j7A9ZaTb076338 Message accepted for delivery |
|
| The red text represents the mail serial number in Nopam. |
| The blue text represents the serial number (usually there is one) declared by incoming MTA. |
| And the green text is the message replied by external MTA which Noapm deliver mails to. |
| Log in "/var/log/maillog" is the serial numbers, it is useful in tracking mails, and helpful in recording the processing history. |
|
| Q1.2-6. |
How to locate the emails I want from the backed-up emails? |
| A. If you had chose "backup all processed mail" in Nopam installation, you can find all of the incoming mails in Nopam's backed emails. |
| Please look at the files "all_mail.YYYYMMDD" (means the date of recorded emails) under "logs/" of the Nopam installed directory, which log all the mails processed by Nopam. Logged mails are separated with each other by a single line string, "QS_MAIl". |
|
| Q1.2-7. |
I have activated the Nopam backup function, how to locate the backup and send it back to the recipient? |
| A. You have to locate the backup files in the first place. Please refer to Q4.2-6 "How to locate the emails I want from the backed-up emails?".) |
| If the email you are looking for is received on Oct. 30, 2005, please try to locate the file: "logs/all_mail.20051030" (If you worried at time delay, you could also set the date at one day before and after.) |
| All mails in backup file are separated with other by a single line string "QS_MaIl". You can copy the required email into a text editor, save as another file. Besides copy it manually, you could also use following program: "bin/qs_get_mail" to screen out the email. |
bin> ./qs_get_mail
QuantumSwitch Get Mail v1.0 (C)Copyright 2005 by Monkia
* Extract qs_mail from qs_mbox file
./qs_get_mail qs_mbox from_# to_# [pattern]
|
|
| If you want to extract the first 200 backup emails containing keyword "honey@my_hear.com", please do it in this way: |
bin> ./qs_get_mail ../logs/all_mail.20051030 1 200 'honey@my_hear.com' >
mail.dat
|
|
| After that, you could run the the program "bin/qs_player" to send this email file to the outgoing MTA host via standard SMTP protocol. The usage of "bin/qs_player" is as follows: |
bin> ./qs_player
QuantumSwitch Traffic Player v1.0 (C)Copyright 2005 by Monkia
* qs_player sends mails in qs_mbox files to smtp server
./qs_player host:port qs_mbox mode timeout verbose [max_rate] [fork_rate]
host:port is the destination to direct mail to.
If 'host:port' = 'auto', the mails will be directed
to the SMTP server specified in RCPT TO.
qs_mbox: can be a hashed dir or a single QS mailbox
mode = 1: one time scan, keep delivered mailbox
2: one time scan, remove delivered mailbox
3: continuously scan, remove delivered mailbox
timeout: the MAX seconds allowed to deliver a mail
set timeout 0 to tunr it off.
verbose: set skt_debug value. 1=on, 0=off
max_rate = X: inject no more than X mails
into simulated system per minutes.
fork_rate = Y: fork no more than Y process per minute.
set Y=0 to stop fork
|
|
| Suppose the intended emails are saved in file "mail.dat", the IP address of the outgoing MTA is 127.0.0.1, and the MTA server listens on port 10023. Then, the "qs_player" command to delivery the file can be like this: |
bin> ./qs_player 127.0.0.1:10023 mail.dat 1 0 0
|
|
| If you are familiar with SMTP protocol, and would like to inspect the dialog between "qs_player" and outgoing MTA server, please use this command instead of previous one: |
bin> ./qs_player 127.0.0.1:10023 mail.dat 1 0 1
|
|
|
| Q1.2-8. |
How to cancel or start the mail backup function? |
| A. Please look at the file "lsd.conf" under "config/" of the Nopam installed directory, in which there's a variable LOG_ALL which looks like this: |
| ¡@LOG_ALL=all_mail.%Y%m%d |
| Add "#" to make this line a comment, then the mails-backup function is canceled. Mails would be backed up to the variable-assigned file if no "#" ahead of this line. |
|
| Q1.2-9. |
By what ways can we deal with mails recognized as spam or with virus? |
| A. In the file "lsd.conf" under Nopam installed directory "config/", there is a variable named SPAM_DELIVERY_ACT. This variable is used to define how Nopam should deal with spam. You can assign one of the values below: |
| values |
description |
modify mail header |
modify mail subject |
| send |
Send spams as normal mails to receiver through MTA or specific mail server. |
Y |
N |
| submodify |
Send spams as normal mails to receiver through MTA or specific mail server. |
Y |
Y |
| drop |
Drop the spam directly. The spams would not be sent to MTA nor reciever. |
¡@ |
¡@ |
|
| As to those mails distinguished as virus infected, similar to how Nopam deal with spam, another variable VIRUS_DELIVERY_ACT can be set to "send", "submodify" , or "drop". |
|
| Q1.2-10. |
How to modify the subject of spam and virus mails? |
| A. Look at "lsd.conf" under Nopam installed directory "config/", there's a variable SPAM_SUBJECT, which looks like: |
| ¡@SPAM_SUBJECT= ***Spam*** |
| You can change its value to modify the subject prefix of spam mails. It works only when another variable SPAM_ DELIVERY_ACT is set to be "submodify". |
| Similarly, variable VIRUS_DELIVERY_ACT can be set to add prefix to the subject of virus mails, and also you have to set the value of VIRUS_DELIVERY_ACT to "submodify" to make it work. |
|
| Q1.2-11. |
What is the default subject prefix that Noapm adds to spam and virus mails? |
| A. On Nopam's default setting, "***Nopam***" is added to the subject of spam, and "***Virus***" is added to the subject of virus mails. |
|
| Q1.2-12. |
Can I activate Nopam without doing any filtering on mails? |
| A. Under certain circumstances, you may intend to firstly integrate Nopam with the existing mail system before start the filtering function. |
| To suspend the spam filtering, set the value of the variable BYPASS_CHECK to "1" in "lsd.conf" under Nopam installed direictory "config/", like this: |
| ¡@BYPASS_CHECK=1 |
|
| Q1.2-13. |
Nopam opens a lot of connections to pass mails to my mail server, but my mail server can not deal with such a large number of connections. What should I do? |
| A. Nopam has good performance in processing mails, can efficiently check large amount of mails, and delivery the processed mails in very short time. But sometimes the rear-end (outgoing) MTA server, probably due to hardware constraints, can not take such a heavy traffic. Under such a circumstance, you should control the speed of mail flow by limiting the concurrent connections from Nopam. |
| To limit Nopam's concurrent outgoing connections, please refer to FAQ "How to limit the outgoing mail departure rate of Nopam?" on section "Advanced Management and Setting". |
|
| Q1.2-14. |
I¡¦ve modified Nopam config files, how to make those new settings work? |
|
| Q1.2-15. |
If I restart or stop Nopam when it is processing mails, would it cause mail loss? |
| A. No, it would not. Nopam uses some kind of transaction mechanism while processing mails. A mail is deleted only when it has been properly processed. As to those mails not yet been processed, Nopam keeps them on host computer until Nopam is restarted and continue to process those mails. No mails loss could occur. |
| But be alert, because the un-processed mails are stored in hard disk of the host computer, if the hard disk fails or is full, and Nopam is terminated unexpectedly when it is processing new-coming mails, those incompletely processed mails may loss for not being able to be stored on hard disk. |
|
| Q1.2-16. |
What is SPDB? Why should we need to update SPDB? |
| A. SPDB is the abbreviation of Spam Pattern DataBase, which stores data to help Nopam to recognize spam. |
| Because the behavior and characteristics of spam vary with time, update SPDB timely can make Nopam have better judgments on new type of spam. |
|
| Q1.2-17. |
How to update SPDB? |
A. You could modify the variable SPDB_URL in "lsd.conf" file located in "conf/" subdirectory under installed directory. For example: Set SPDB_URL=http://spdb.nopam.ccu.edu.tw/
It will update SPDB and restart LSD. If you left its value empty, Nopam will not do the update.
|
SPDB is updated once every morning between 2:00~4:00, this setting will be saved in crontab of the default user assigned during installation. |
|
| Q1.2-18. |
Can I manually update SPDB? |
| A. Yes, you can |
| Please execute "bin/spdb_reload.sh" file under Nopam installed directory. As soon as you complete updating, LSD will automatically restart for SPDB to take effect. |
|
| Q1.2-19. |
If the downloaded SPDB is damaged due to network or hard disk problems, will this lead to any trouble? |
| A. Nopam will check for integrity of SPDB as soon as the download process has finished. If there are damaged files in SPDB, Nopam will adapt the old version instead of the damaged new version. |
| But if the hard disk problem did damages to the SPDB of both new and old version, Nopam would not function normally, and could produce the problems like emails being misjudged, spam leaking through, or behave abnormally. If you run into this situation, replace the hard disk is a first priority, and you should also check operation system integrity to make sure it is running correctly. |
|
| Q1.2-20. |
Could Nopam lists the log messages on console synchronously? |
| A. Yes, and you will receive a lot of messages on console.
You could modify the variable VERBOSE in "lsd.conf" and "qs.conf" located in "conf/" subdirectory. Change the value from "0" to "1", then you could have the log messages from LSD and QS listed on the console synchronously.
|
|
| Q1.2-21. |
Can I add sender whitelist to my own email server? |
Yes, you could build your own sender whitelist. |
There is a file from.whitelist located in "conf/" subdirectory. It stands for whitelist of senders. |
It's a text file in the format of one email address per line. You could add your own list here, and following formats are acceptable: |
| John <john@asd.zxc.com> |
| john@asd.zxc.com |
| <john@asd.zxc.com> |
The whitelist will take effect for all users in Nopam system, not intended for certain users only. |
|
| Q1.2-22. |
I receive the following error message when I start Nopam:
|
| ¡@ |
¡@>bw_open_log_file: unable to open [../logs/YYYYMMDD.bwd] |
|
¡@Warning: Unable to open log file, disable logging service.
After that, Nopam fails to start. |
A. Please check the permission of the file mentioned in the error message, it has to be writable by the current user. |
When you install Nopam system, it will ask you to create a user account. Usually, the administrator start Nopam by user "root", that's why reported files are owned by the user "root". Please use the account you created during installation to start Nopam. |
|
| Q1.2-23. |
If I have troubles not mentioned in the manuals and FAQ, and the trouble related to the email setting on Nopam, what should I do if I would like to report the trouble or get some help? |
A. First of all, please prepare the following data: |
1. logs/YYYYMMDD.bwd |
2. logs/lsd.YYYYMMDD |
3. logs/qs_agent.YYYYMMDD |
4. logs/qs.YYYYMMDD |
5. conf/* |
6. Execute bin/qsq_manager INFO > /tmp/queue_info.txt |
¡@File /tmp/queue_info.txt |
| 7. /var/log/maillog |
* The "YYYYMMDD" in the files above means the date of mail record. |
To report the email setting problem, please email us above files with following descriptions: |
| ¡@A. your operation system and version |
| ¡@B. your MTA system and version |
| ¡@C. your Nopam installation mode |
| ¡@D. description of your problem |
|
| Q1.2-24. |
I found there were some misjudged emails, how should I report this? |
A. There are two kinds of types of misjudged emails, ie a HAM incorrectly classified as SPAM and a SPAM been leaking through. |
For the time being we only accept the report of a HAM incorrectly classified as SPAM. If you encounter this problem, and would like to report it, please forward or bounce the email to: |
¡@notspam@nopam.ccu.edu.tw |
Thanks for the report. With this we can make Nopam better and better in the coming future. |
|
| Q1.2-25. |
In ASP installation mode, how to avoid unfiltered mails which spammers deliver to user mailbox directly without going through Nopam pointed by DNS MX? |
A. Some spammers don't send emails to the server where DNS MX pointed to.
Instead of that, they send mails directly to your backend MTA server. Such behavior results in spam mail going to user mailbox without any filtering. Normal mail (HAM) won¡¦t behave like that.
The figure below illustrates this issue in more details. In ASP mode, HAM mails take steps 1~5 to reach user mailbox in blue lines. This is standard flow of mail delivery. However, some spammers send emails to user mailbox directly as the flow marked in red dashed lines. In real world, it somehow likes a person who spread flyers by inserting flyers to your doorway mailbox blindly without considering postal address is valid or not. |
| It's easy to recognize such unfiltered emails by checking mail header for Nopam status messages. Mails without Nopam header are considered as abnormal in ASP mode.
You can choose one of listed solutions to protect you mail server:
1.Except Nopam ASP, use firewall to block all TCP connections on port 25.
2.Configure MTA (sendmail/postfix) to only accept incoming mail from Nopam ASP server.
3.Block all emails which has no Nopam status message in mail header.
Performance-wise, the recommended priority for above solutions is: 1 > 2 > 3 |
 |
|
|
| Q1.2-26. |
We provide a server for STMP relay service to internal users. The
server coexists with Nopam on the same host. The relayed mail will
be fed into Nopam before its outgoing to external world.
Some of the mails are marked as SPAM. How to solve this?
|
|
There are 2 solutions.
Please separate Nopam from the SMTP relay server.
They should not be installed on the same host.
This is the best solution.
Modify the configuration of sendmail/postfix. Let
the relayed mail pass through withount routing through Nopam.
You can configure sendmail/postfix to do that according to
your IT policy. But be careful, a deficient configuration
will expose your SMTP server to be leveraged by spammers.
|
|
| ¡@ |
| 1.3 Mail Queue |
| Q1.3-1. |
What is the Nopam mail queue? |
| A. Mail queue are disk directories where Nopam stores the unprocessed or undelivered emails. |
| Those emails will be saved as files in mail queue directories. Though it's similar with Sendmail who stores emails waiting for delivery in the "/var/spool/mqueue", Nopam does have its own queue management policy which is different with Sendmail. |
|
| Q1.3-2. |
How are the mail queues working in NOPAM? |
| A.There are several mail queue directories on Nopam, the description are as follows: |
| Mail queue directory |
for which Module |
Description |
| data/lsd_async |
QS, LSD |
This directory is shared by QS and LSD. All the emails received by QS and have not yet processed by LSD are stored here. |
| data/lsd_ham |
LSD |
Those emails have been detected by LSD as HAM mails and not been sent out yet are here. |
| data/lsd_spam |
LSD |
Those emails have been detected by LSD as SPAM and not been sent out yet are here. |
| data/lsd_suspend |
LSD |
Those emails that LSD had redelivered more than once but still have not yet completed are here. |
| data/lsd_dead |
LSD |
Those emails redelivered by LSD have reached the maximum retry time but still not yet completed are here. |
| data/qs_external |
QS |
If QS has been configured as a SMTP server to accept mail relay, for those outbound emails whose recipients' address are not within the range of MY_DESTINATION (according to the setting in "conf/qs.conf" file), they will be stored here before delivery. |
|
| The logic structure of mail queues is as bellow: |
 |
|
| Q1.3-3. |
How to browse the emails in mail queues? |
| A. The email will be saved as text files under mail queue directories. They are named by the series number issued by Nopam. These files can be viewed in the text editor. |
| Nopam will add some specific data in front of the emails. There is a line with a keyword "DATA" separating them. The information before the "DATA" line is inserted by Nopam, the content after this line is the original mail. |
| Nopam provides a tool for administrator to browse emails abstract without opening emails in queue one by one. To invoke this program, you have to switch to directory "bin/" where Nopam is installed. Example as following: |
bin>./qsq_manager NUM
SPOOL_IN = 10 (#3) in /usr/local/NOPAM/data/lsd_async
SPOOL_HAM = 5 (#1) in /usr/local/NOPAM/data/lsd_ham
SPOOL_SPAM = 2 (#2) in /usr/local/NOPAM/data/lsd_spam
SPOOL_SUSPEND = 4 (#0) in /usr/local/NOPAM/data/lsd_suspend
bin> |
|
| Referring to the example above, for each line, the text before the equal-sign is the name of queue. The first figure after the equal-sign indicates the number of emails in mail queue, and the number in ( ) is the total number of emails on delivery. In order to manage the speed of email flow, Nopam will send the emails gradually according to the throttle settings in "conf/lsd.conf" instead of attempting to deliver all of them immediately. |
| To check the abstract of emails in some major mail queues, please execute the command below: |
bin>./qsq_manager INFO
!1. /usr/local/NOPAM/data/lsd_suspend/0/qs_47B9A580.11 (1K),
delay 8h35m
From: ‹erika@kiss-and-kiss.com> via mail04.ccu.edu.tw
To : ‹u85120xx@ccu.edu.tw> (total 1 receivers)
Info: 553 5.1.8 ‹erika@kiss-and-kiss.com>...
Domain of sender address
erika@kiss-and-kiss.com does not exist
!2. /usr/local/NOPAM/data/lsd_suspend/E/qs_47B9717E.37 (73K),
delay 11h53m
From: ‹root@mail07.ccu.edu.tw> via mail07
To : ‹root@mail07.ccu.edu.tw> (total 1 receivers)
Info: TIMEOUT: bw_connect_remote 140.123.19.99:10024
#3. /usr/local/NOPAM/data/lsd_async/5/#qs_47BA0265 (29K), delay 9s
From: ‹gary516xx@ms81.url.com.tw> via mail01.ccu.edu.tw
To : ‹asttsm@ccu.edu.tw> (total 1 receivers)
4. /usr/local/NOPAM/data/lsd_async/A/#qs_47BA022A (1K), delay 27s
From: ‹Antony_abjecting@purinmail.com> via mail02.ccu.edu.tw
To : ‹g87360xx@ccunix.ccu.edu.tw> (total 1 receivers)
bin> |
|
| This command will list following information of each email: the physical location, how many times it been delivered, email size, queuing time, the sender and recipients (including the amount of recipients), and why it got queued here. |
| In this example, the first mail reveals following information: |
- This email located in /usr/local/NOPAM/data/lsd_suspend/0/qs_47B9A580.11
|
- It has been delivered 11 times and has not yet been successful. a see the ".11" attached to the file.
|
- The email has size 1K (byte).
|
- The email has duration up to 8 hours 35 minutes since Nopam received it.
|
- The sender is erika@kiss-and-kiss.com
|
- The MTA server which sent this email is mail04.ccu.edu.tw
|
- The first recipient is u85120xx@ccu.edu.tw , and there is no other recipient.
|
- The outgoing MTA server failed in attempting to locate the recipient's domain, kiss-and-kiss.com. This is the latest reason for deliver failure and why it still got queued here.
|
| ¡@ |
| The signs placing in front of the label number represent various meaning: |
| ¡@"#": means the email is on delivering |
| ¡@"!": means a seriously permanent error occurred during mail delivery |
| Without sign¡Gthe email is saved in queue directory, not yet for delivery |
|
| Q1.3-4. |
How to force Nopam to do immediate delivery of the emails in mail queues? |
| A. We discourage you from doing this because Nopam has its delivery schedule. It's not necessary to force Nopam to do immediate delivery. |
| Should you really have a good reason, you could invoke the "qsq_cleaner" program, which listed in the subdirectory "bin/" under the Nopam installed directory, example following: |
| bin> ./qsq_cleaner ../conf/lsd.conf 1 ../data/lsd_dead 1 48 200 1 ../data/lsd_suspend |
|
| The last parameter "../data/lsd_suspend" asks Nopam to do immediate delivery of the emails listed in "../data/lsd_suspend" directory. This directory name could be changed to other location as long as there are emails waiting for processing. |
| There are many configurable parameters for the program "qsq_cleaner", such as the longest waiting time, retry times, and simultaneously connection numbers etc., please refer to the help message for further details: |
bin>./qsq_cleaner
QuantumSwitch Queue Cleaner v1.0 (C)Copyright 2005 by Monkia
./qsq_cleaner host:port rename del inc max timeout verbose q_dir_file
host:port = the server:port to relay.
= replace this with a file path to lsd.conf to
use auto switched relay by looking up HOP_MAP
rename: =0/1, rename before delivery
del: =0/1, delete after successful delivery
=dir_name, move delivered file to this dir
inc: =0/1, add retry count after failed delivery
max: =X, drop this mail if retry count > X
timeout:=0/1, the MAX seconds allowed to deliver a mail
verbose:=0/1, set skt_debug value |
|
|
| Q1.3-5. |
How to delete the emails in mail queue? |
| A. If you are sure to delete all of the emails, even the detection process is not yet completed, you could give a command such as the following: |
| bin> ./qsq_manager RESET_ALL |
|
| Should you just want to delete the emails in a certain queue instead of in all queues, or just want to remove the emails from a certain MTA server, please refer to the help message of qsq_manager: |
bin>./qsq_manager
QuantumSwitch Queue Manager v1.0 (C)Copyright 2005 by Monkia
./qsq_manager cmd [lsd.conf] [lsd_milter.conf]
RESET = delete undelivered mails
RESET_SUSPEND = delete suspended mails
RESET_SPAM = delete undelivered spam
RESET_ALL = delete all mails
RESET:RMTA_DN = delete undelivered mails from RMTA_DN
NUM = show queued mail number
INFO = show mail queue info
FLUSH = send suspended mails immediately
* default lsd.conf assumed to be ../conf/lsd.conf
* default lsd_milter.conf assumed to be ../conf/lsd_milter.conf
bin>
? |
|
|
| Q1.3-6. |
I found there is a lot of emails in "data/lsd_async" (SPOOL IN), and I think these unprocessed emails need not to go on spam-detection by Nopam. Is it possible to deliver them all as HAM mails? |
| A. Yes, it could be done by the "qsq_manager" command mentioned above. |
| If you invoke the BYPASS parameter of "qsq_manager", all emails listed in "data/lsd_async" (SPOOL IN) will be moved to "data/lsd_ham" (SPOOL HAM), and will be delivered as HAM mails. |
|
| Q1.3-7. |
Can I use the 'rm' command to delete the emails in mail queue? |
| A. We do not recommend you do this while Nopam is running, though you probably could get through it if you are lucky enough. |
|
| Q1.3-8. |
How to set up the retry times for email delivery of Nopam? |
| A. The maximum retry time of Nopam is controlled by the program: "qsq_cleaner". Administrator could edit the parameter "max" in "qsq_cleaner" to limit the maximum number of retry. |
bin>./qsq_cleaner
QuantumSwitch Queue Cleaner v1.0 (C)Copyright 2005 by Monkia
./qsq_cleaner host:port rename del inc max timeout verbose q_dir_file
host:port = the server:port to relay.
= replace this with a file path to lsd.conf to
use auto switched relay by looking up HOP_MAP
rename: =0/1, rename before delivery
del: =0/1, delete after successful delivery
=dir_name, move delivered file to this dir
inc: =0/1, add retry count after failed delivery
max: =X, drop this mail if retry count > X
timeout:=0/1, the MAX seconds allowed to deliver a mail
verbose:=0/1, set skt_debug value |
|
| If Nopam still failed to deliver the email when the retry time reaches the value X, the email will be move to the directory "lsd_dead", no further attempts will be made. |
| You could modify the variable SUSPEND_Q_CLEANER in "lsd.conf" file under "conf/" directory, the value of the variable is used to invoke "qaq_cleaner". You could modify this setting by change the value of the parameter "max". |
|
| Q1.3-9. |
Where will the email go when the maximum retry time is exceeded? |
| A. It will be moved to lsd_dead directory. |
|
| Q1.3-10. |
How long does it take for Nopam to deliver the email again if there was a delivery failure due to some reason? |
| For those the emails are in "lsd_ham" or "lsd_spam" directory, Nopam will try to deliver them every CLEANUP_PERIOD second, until the maximum MAX_RETRY_CNT time. If MAX_RETRY_CNT retry is reached, mails will be moved to "lsd_suspend" directory. |
| For the emails in "lsd_suspend" directory, Nopam will try to deliver them every SUSPEND_Q_C_PERIOD seconds, until the maximum time which defined by "qsq_cleaner", the mail will be moved "lsd_dead" directory. |
| You could edit these parameters in the lsd.conf file under conf/ directory: CLEANUP_PERIOD, MAX_RETRY_CNT, and SUSPEND_Q_C_PERIOD |
|
| Q1.3-11. |
Should I pay attention to those emails in the mail queue? |
| A. Administrator can check number of mails in mail queues by using "qsq_manager" (described before). Here is a generic example which some number are replaced by symbols: |
bin>./qsq_manager NUM
SPOOL_IN = A (#a) in /usr/local/NOPAM/data/lsd_async
SPOOL_HAM = B (#b) in /usr/local/NOPAM/data/lsd_ham
SPOOL_SPAM = C (#c) in /usr/local/NOPAM/data/lsd_spam
SPOOL_SUSPEND = D (#d) in /usr/local/NOPAM/data/lsd_suspend
bin> |
|
| Feature #1, if number "A" is an extremely large value, while B and C are very small (the gap between them might be over ten or hundred times for example) |
- LSD could run down or not available, please start LSD.
|
- Probably the hardware could not accommodate burst traffic of incoming emails arrived at Nopam, please refer to "Q4.4-4. How to limit the incoming mail arrival rate to Nopam?" for setting the average incoming mail arrival rate.
|
| Feature #2, if number "A" is an extremely small value, while B and C are very large (the gap between them might be over ten or hundred times for example) |
- Your MTA server could run down or offline, please check your network connection.
|
- Probably the hardware of outgoing MTA could not accommodate burst traffic of outgoing mail departured from Nopam, please refer to "Q4.4-5. How to limit the outgoing mail departure rate of Nopam?".
|
| Feature #3, if number B and C are small values, while D is very large (the gap between them might be over ten or hundred times for example) |
- Your MTA server could run down or offline, and this have been for a long time, please check your MTA server hardware or the network connection.
|
|
| ¡@ |
| 1.4 Advanced Management and Setting |
| Q1.4-1. |
Is it possible to limit Nopam to receive only emails from some certain IP addresses of MTA server? |
| A. Yes, and we strongly recommend you do this. |
You could change following two variables in "qs.conf" which located under "conf/" directory:
MY_NETWORK and BAD_NETWORK
to limit remote MTA servers which are allowed to access. |
| These two variables are described bellow: |
| Parameter |
Description |
| MY_NETWORK |
Nopam accept only those emails which come from the IP address range specified by this variable.
Note: If this is left blank, Nopam is free to receive emails from all IPs. |
| BAD_NETWORK |
Nopam will reject those emails sent from those MTA servers whose address is listed in one of the BAD_NETWORK. |
|
| MY_NETWORK and BAD_NETWORK could be written on many separate lines. They could show up more than once, and the value could be in the form of IP-address or CIDR notation. |
| For example: (Only for reference, do not put this into your "qs.conf") |
MY_NETWORK=140.123.5.120, 127.0.0.1
MY_NETWORK=140.123.5.111/24, 140.123.19.99 |
|
| *Note: The value of MY_NETWORK or BAD_NETWORK should be IP-address, host name and domain name are not allowed. |
|
| Q1.4-2. |
Can I use Nopam as SMTP server for mail relay? |
| A. Yes. |
You could change following variables in the "qs.conf" file which located under "conf/" directory:
MY_DESTINATION, MY_NETWORK, and BAD_NETWORK
to alter the SMTP mail relay. |
| Brief descriptions for each variable follows: |
| Parameter |
Description |
| MY_DESTINATION |
Nopam accept these emails whose recipient's address is within MY_DESTINATION, otherwise, Nopam will forward it according to the other settings.
Note: If this is left blank, Nopam assumes that all emails¡¦ addresses are in MY_DESTINATION. |
| MY_NETWORK |
Nopam will accept mail relay, if connection cones from the IP range specified by MY_NETWORK regardless of whether the recipient's or sender¡¦s address within MY_DESTINATION.
If both the address of recipient and sender are neither in the listed MY_DESTINATION servers, nor within the IP address in MY_NETWORK, the relay will be rejected.
Note: By Leaving this variable empty, Nopam will receive all emails regardless of their IP addresses. |
| BAD_NETWORK |
No matter the recipient's or sender's address is within MY_NETWORK or not, as long as it is from the IP address specified by BAD_NETWORK, the connection is rejected. |
|
| ¡@ |
| [CASE 1: with MY_DESTINATION setting] |
| For example: |
MY_DESTINATION= ccu.edu.tw, mail.ccu.edu.tw
MY_NETWORK= 140.123.5.0/24, 192.168.0.0/24
BAD_NETWORK=192.168.1.0/24, 10.0.0.0/8 |
|
| Referring to the example above, Nopam only receives emails sent to ccu.edu.tw, and their IP address have to be in the range of 140.123.5.0/24 or 192.168.0.0/24. Those connections from 192.168.1.0/24 and 10.0.0.0/8 will be rejected. |
| In the case of mail relay, if the destination of incoming emails are neither to ccu.edu.tw nor to mail.ccu.edu.tw, the variable SEP_EXT_MAIL in the "qs.conf" will be used to control how to process these emails. |
| If SEP_EXT_MAIL=1, it means Nopam will directly send the emails to their destination instead of sending it to LSD for spam detection. |
| If SEP_EXT_MAIL=0, it means Nopam will send the email to LSD for spam detection. The subsequent delivery depends on how LSD is configured for the detection: |
- If the mail is a HAM, and the setting of LSD is "send the HAM to MTA server", then outgoing MTA is responsible for the subsequent process.
|
- If the mail is a SPAM, and the setting of LSD is "send the SPAM to MTA server", then outgoing MTA is responsible for the rest of process.
|
- If the mail is a SPAM, and the setting of LSD is "abandon SPAM", then the mail will be dropped, of course, never reach its destination.
|
| ¡@ |
| [CASE 2: with no MY_DESTINATION setting] |
| For example: |
MY_DESTINATION=
MY_NETWORK= 140.123.5.0/24, 192.168.0.0/24
BAD_NETWORK=192.168.1.0/24, 10.0.0.0/8 |
|
| Referring to the example above, Nopam receives all emails within 140.123.5.0/24 and 192.168.0.0/24, and reject those from 192.168.1.0/24 and 10.0.0.0/8. |
| Nopam will send emails to LSD for spam detection. As about whether the mails are delivered, it depends on how LSD is configured for the detection: |
- If the mail is a HAM, and the setting of LSD is "send the HAM to MTA server", then MTA is responsible for the subsequent process.
|
- If the mail is a SPAM, and the setting of LSD is "send the SPAM to MTA server", then MTA is responsible for the rest of process.
|
- If the mail is a SPAM or virus mail, and the setting of LSD is ¡§abandon SPAM and virus mail¡¨, then the mail will never reach its destination.
|
| ¡@ |
| [Mail relay conclusion] |
| It is not necessary to use Nopam server as a SMTP mail relay, unless there is a special demand like: unable to install Postfix or Sendmail for sending emails. If Nopam is only used for spam detection, you can switch off the mail relay function by changing the value of variable: SEP_EXT_MAIL to 0, and let the outgoing MTA servers responsible for the rest of delivery. |
|
| Q1.4-3. |
How to integrate Nopam with anti-virus software? |
A. Nopam supports for ClamAV filter (http://www.clamav.net/ ) at this moment.
If you want to setup ClamAV in scanning the emails through Nopam, ClamAV has to be installed and configured to receive job request from Internet domain socket. The default setting for ClamAV doesn't take the scan request from Internet domain socket, this setting could be altered by modifying following parameters in the clamd.conf file: TCPSocket , TCPAddr and LocalSocket. You could refer to the ClamAV documentation for details.
For example: |
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
#LocalSocket /var/run/clamav/clamd <--Place a # sign in front of the line, make it as a note.
# TCP port address.
# Default: disabled
TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: disabled
TCPAddr 127.0.0.1 |
|
| If you run ClamAV on a standalone server with IP: a.b.c.d, and have its daemon listening on port X, you could change two variables CHECK_VIRUS and AV_SERVO in the "lsd.conf" file to: |
¡@CHECK_VIRUS=1 |
¡@AV_SERVO=a.b.c.d:X |
If you install ClamAV with Nopam on the same machine, AV_SERVO example as below:
"AV_SERVO=127.0.0.1:3310" |
| If a virus is found by ClamAV, Nopam add identifier into mail header which might look like this: |
| ¡@ X-NOPAM-Status: Virus detected. Found virus XXXXX.XXXX |
| XXXX means virus name. |
|
| Q1.4-4. |
How to limit the incoming mail arrival rate to Nopam? |
| A. QS is responsible for receiving incoming emails to Nopam. Should you want to control the average mail arrival interval, you have to edit following variables in the "qs.conf" file located in "conf/" subdirectory: MAX_FORK_PER_SEC and MAX_FORK_PER_20_SEC. Descriptions for each parameter follows: |
| Variable |
Description |
| MAX_FORK_PER_SEC |
The maximum number of new process that QS could create per second. As QS receives an email, a new process will be forked. |
| MAX_FORK_PER_20_SEC |
The maximum number of new process that QS could fork every 20 seconds |
|
If you set MAX_FORK_PER_SEC=0,
QS will not create any new process while delivering emails. It would process another mail only after previous one was completely received by LSD. It is a highly effective method to prevent hardware from overloaded. |
| If you set the value of MAX_FORK_PER_SEC larger than the value of MAX_FORK_PER_20_SEC, Nopam can accommodate burst traffic of incoming mail arrival rate MAX_FORK_PER_SEC if and only if the average incoming mail arrival rate within MAX_FORK_PER_20_SEC. |
|
| Q1.4-5. |
How to limit the outgoing mail departure rate of Nopam? |
| A. LSD is responsible for delivering outgoing emails. Should you want to change the average mail departure interval, you have to edit following variables in the "lsd.conf" file: FORK_BEFORE_CHECK, MAX_FORK_PER_SEC, MAX_LSD_PROC_NO, and MAX_FORK_PER_20_SEC. They are described bellow: |
| Variable |
Description |
| FORK_BEFORE_CHECK |
Whenever LSD receives an email, will there be a new process forked? |
| MAX_FORK_PER_SEC |
The maximum number of new process that LSD could create per second. |
| MAX_FORK_PER_20_SEC |
The maximum number of new process which LSD could create very 20 seconds. |
| MAX_LSD_PROC_NO |
The maximum number of active LSD process in the system. |
|
| Regarding the variables of MAX_FORK_PER_SEC and MAX_FORK_PER_20_SEC,
you could refer to the previous description of ¡§Q1.4-4
How to limit the incoming mail arrival rate to Nopam?¡¨,
please note that they are active only on FORK_BEFORE_CHECK being
enable. You could control the maximum number that simultaneously
connected to Nopam by altering these two variables to limit
the flow and speed. |
| Since LSD is responsible for SPAM detection and delivery, that's why it takes longer processing time than QS for each incoming mail. To prevent LSD from consuming too much memory, administrator could limit the total number of active LSD process by altering MAX_LSD_PROC_NO variable but the inactive LSD processes are not included. |
|
| Q1.4-6. |
Can NOPAM be organized for load balancing? |
A. Yes, Nopam can. |
NOPAM consists of four modules: QS, LSD, SCU, and GSD. Each one of them could be installed separately on different machines as well as put them together. |
The LSD module consumes most computational resource for SPAM detection and delivery. It takes longer processing time than QS for each incoming mail. |
NOPAM is designed to support server clustering for load balancing. It's capable of supporting multiple LSD modules which located on different servers. If there are millions of emails to be processed per day, such capacity can satisfy the demand of heavy traffic. |
Should you want to employ multiple LSD, you have to edit the QS setting in the "conf/qs.conf" file. For example, if there are three LSD servers (IP: a1.a2.a3.a4, b1.b2.b3.b4, c1.c2.c3.c4) all listened on port 10025. Find the variable LSD_SERVO, add following lines to the "qs.conf": |
¡@LSD_SERVO= a1.a2.a3.a4:10025 |
¡@LSD_SERVO= b1.b2.b3.b4:10025 |
¡@LSD_SERVO= c1.c2.c3.c4:10025 |
There is another varialbe LSD_POLICY in the "qs.conf", it's value is defined as follows: |
| LSD_POLICY |
Description |
| 1 |
QS sends emails to all LSD servers in a round-robin style. |
| 2 |
QS sends emails to the primary LSD, and will redeliver emails to the second LSD if there is an error occurred or no response from the primary one. |
|
| Meanwhile, you have to NFS mount the "lsd_async" directory on all three LSDs onto "lsd_async" directory on QS. |
|
| Q1.4-7. |
Can NOPAM support multiple MTA servers? |
A. Yes, NOPAM supports multiple MTA servers. |
| If there are multiple MTA servers responsible for receiving incoming mails for a certain domain, NOPAM is also available for this model to balance traffic across multiple MTA servers. |
| The following description is based on the incoming and outgoing MTA both reside on the same server. |
| If one of the mail servers fails to response or network failures, NOPAM will automatically skip the failed server and deliver emails to the other hosts. Nopam will switch back again to the skipped server as soon as the host resume its function. |
To configure multiple MTA servers, you have to edit the LSD setting in the "conf/lsd.conf". For example, if there are three MTA servers (Sendmail or Postfix) listened on following ports and IP addresses:
Port 10024, IP a1.a2.a3.a4
Port 10025, IP b1.b2.b3.b4
Port 10025, IP c1.c2.c3.c4
Change the variable HOP_MAP to (Please merge the 2-line example into a single line, don't split them): |
HOP_MAP= a1.a2.a3.a4,b1.b2.b3.b4,c1.c2.c3.c4;
a1.a2.a3.a4:10024,b1.b2.b3.b4:10025,c1.c2.c3.c4:10025 |
|
| This setting means, after LSD received incoming emails from IP: a1.a2.a3.a4, b1.b2.b3.b4, and c1.c2.c3.c4, based on the purpose of load-balancing, NOPAM will randomly deliver emails to a1.a2.a3.a4:10024, b1.b2.b3.b4:10025, and c1.c2.c3.c4:10025, and avoid a malfunctioned host. |
| After this is setup, find the other two variables: NO_HOP_MAP_FOR_HAM and NO_HOP_MAP_FOR_SPAM. |
| Set NO_HOP_MAP_FOR_HAM=0, incoming emails that classified as HAM, will be automatically delivered to one of the MTA servers covered by HOP_MAP.
Set NO_HOP_MAP_FOR_HAM=1, incoming emails that classified as HAM will be delivered directly to the MTA host specified by HAM_SERVO, no matter what the original MTA is. |
Likewise,
by setting NO_HOP_MAP_FOR_SPAM=0, incoming emails that classified as SPAM, will be automatically delivered to one of the MTA servers covered by HOP_MAP.
Set NO_HOP_MAP_FOR_SPAM=1, incoming emails that classified as SPAM by LSD will be delivered directly to the MTA specified by HAM_SERVO, no matter what the original MTA is.
|
|
| Q1.4-8. |
Can NOPAM check emails but leave mail header unchanged? |
A. Yes, but are you sure you want to do that? |
All you have to do is change the variable NO_QS_HEADER in the "conf/lsd.conf" to value 0. By doing so, NOPAM will not add anything to the header, following messages will be skipped: |
| ¡@1. X-NOPAM-status |
| ¡@2. Email subject remains the same no matter whether it's a virus-mail or spams. |
| ¡@3. Display the message like: "Received from xxxxx by NOPAM...". |
All you have to do is change the parameter ¡§NO_QS_HEADER¡¨ in the conf/lsd.conf file to a value 0. |
|
| Q1.4-9. |
I configure to backup all emails and block the spams, but result in lack of spams on the backup list. May I ask how to backup spams by the way? |
A. If you set up to backup all emails and not to deliver spams, the related variables in the "conf/lsd.conf" include: |
| ¡@MAIL_ARCHIVE=1 |
| ¡@SPAM_DELIVERY_ACT=drop |
By default, the setting MAIL_ARCHIVE=1 will not backup spams. If you want spams on the backup list, change following variables in the "lsd.conf" as below: |
| ¡@MAIL_ARCHIVE=1 |
| ¡@SPAM_DELIVERY_ACT=deliver |
| ¡@SPAM_SERVO=0.0.0.0:10040 |
| ¡@NO_HOP_MAP_FOR_SPAM=1 |
| * The 10040 could be any number (an integer between 10000~20000). |
It will backup spasm, and block them from being delivered to user's mailbox and MTA servers. |
|
| Q1.4-.10 |
I used FreeBSD 5.x as server OS, and Sendmail is used for MTA server. What should I do if there are I/O error messages in the Sendmail log? |
A. We found there is a compatible problem between FreeBSD 5.x and NOPAM. The NOPAM would function normally, but error messages remains. If the server OS is FreeBSD 5.x, we recommend you to deploy Postfix on MTA server as an alternative solution. |
|
| Q1.4-11. |
I've used Dcc for my system, ever since I installed NOPAM, I've got the following messages every now and then, what do they mean? |
¡@ |
no answer from dcc2.dcc-servers.net (198.137.254.147,6277) after 14023 ms |
¡@ |
continue not asking DCC 16 seconds after failure |
¡@ |
continue not asking DCC 16 seconds after failure |
| A. These are warning messages from Dcc. |
Dcc will inquire the public Dcc servers around the world about spam info via network. If there is a disconnection between them, the warning messages may appear. For further detail please refer to the Dcc user manual: http://www.rhyolite.com/anti-spam/dcc/ |
|
| Q1.4-12. |
How should I do if there is always a heavy email load on our email server? It happens that Clamd consume much CPU time (e.g. high load cased by ClamAV lasts for a few minutes). |
A. In the case of email server under extremely heavy load, Clamav probably could not work properly due to overload, for example, Clamd could possible run out of CPU resource, it is better to terminate ClamAV (kill process "clamd") and restart it. |
Please try to upgrade the Clamav to the latest version. If problems persist, you could regularly restart Clamav by crontab. The period of restarting depends on the server load and how Clamav works. Generally, it is safe to restart Clamav once every hour even though there is a heavy email load on the server. |
|
| Q1.4-13. |
There were a lot of emails from some certain MTA server been detected as spam. But I am quite sure that they are from legitimate server, and most of them should be HAM. What's the problem? |
A. Even though some of email servers behavior well for the moment, it might be regarded as a spammer and listed in blacklists of foreign anti-spam organization in the past. The emails from those servers are not only being marked as spam locally, they are also possibly detect-as-spam by other email servers. |
Unfortunately, we could not remove your email server from the blacklist of foreign anti-spam organization for you. If such trouble is the case, and you are using NOPAM ASP service, please contact our ASP service provider. After your innocent status is confirmed, we can manually pass those mails without marking them as spams. |
|
| Q1.4-14. |
I employ the Loop Around model. If the incoming MTA host (running Sendmail) is installed on the same machine with Nopam, what should I do if "nopamctl" generates the error message: "Error:Switch to the user specified duing installation before starting NOPAM". |
| A. Please use the account you created during the installation. You have to switch to this specific user before starting LSD. Do not activate LSD by user "root". |
|
| ¡@ |
| 1.5 Others |
| Q1.5-1. |
Will Nopam run on other OS besides FreeBSD? |
|
| Q1.5-2. |
If I have an installation or usage problem, whom should I ask for help? |
A. Please email us at: nopam_dev@ccu.edu.tw. Be sure to read the "Q1.2-23" first which describes in detail how to submit a useful bug report. |
|
| Q1.5-3. |
I have found a bug, where should I report it? |
|
| Q1.5-4. |
Does NOPAM offer any “professional service”? |
A. Due to insufficient manpower, we probably could not meet every demand in the short term. However, we welcome your email to nopam_dev@ccu.edu.tw. We will try our best to solve the problems. |
|
| ¡@ |
| 1.6¡@New Functions After Nopam v1.2 |
| Q1.6-1. |
What is Web Management Console on Nopam? |
| A. Nopam has a built-in web server, named Web Management Console (WMC). It allows administrator to do basic management via a web browser, and check instant messages. |
| WMC is tuned off by default. To enable Web Management Console, you have to change the varialbe "WMC_ACTIVATE" in "conf/qs.conf" to value "1". |
| While WMC is enabled, Nopam supports SMTP and HTTP over a single TCP port at the same time. |
| The function of WMC is very limited in the mean time, we will try to expand its functionalities in the future. |
|
| Q1.6-2. |
Is it able to limit the IP range allowed to connect to Web Management Console? |
| A. Yes. If you have enabled WMC, we recommend that you should limit the IP range allowed to connect. |
| Instead of user account and password, WMC limits the access via IP address. To manage the IP range, you can modify the variable "WMC_NETWORK" in "conf/qs.conf". |
| The syntax of this variable is the same with "MY_NETWORK" in the "conf/qs.conf". Please refer to "Q4.4-1: Is it possible to limit Nopam to receive only emails from some certain IP addresses of MTA server" for more details. |
| Following example limits that WMC can only accept the connection within 192.168.0.*. |
WMC_NETWORK=192.168.0.0/24
|
|
| If the "WDM_NETWORK" value is left blank, WMC will not accept any connection. |
|
| Q1.6-3. |
Can I tell how many emails could Nopam process per day including tha ratio of HAM and SPAM? |
| A. Yes. You have to open Web Management Console (WMC), and set the variable "MRTG_STATISTICS" to value "1" in "conf/lsd.conf" file. |
| If QS module listens on 192.168.0.200 with TCP port 10024, and your browser IP address is within the range specified by "WDM_NETWORK", you could view this URL via your browser: http://192.168.0.200:10024/lsd_statistics_html |
| Web browser will present you a table like this: |
| |
LSD |
Ham |
Spam |
Virus |
| 1 |
127.0.0.1:10027 |
7550 (11.67%),
1514.5M (73.7%) |
57123 (88.33%),
611.0M (26.3%) |
0 (0.0%),
0.0M (0.0%) |
| * |
Total |
7550 (11.67%),
1514.5M (73.7%) |
57123 (88.33%),
611.0M (26.3%) |
0 (0.0%),
0.0M (0.0%) |
|
| The table displays emails statistics that Nopam had processed since activated last time. The statistics will be reset if LSD is restarted. |
| Remember that there is a configuration of multiple LSD modules for load balancing mentioned in "Q4.4-6. Can NOPAM be organized for load balancing?". The table will display the statistic results of all configured LSDs. The last row is the sum of all above values. In this example, it indicates that there is only one LSD, and its virus-detection function service has been turned off. (That's why the sum of virus mail has zero value.) |
| We will keep improving this function, for example, this service could integrate with MRTG (http://mrtg.hdl.com/) for producing visualized real-time statistics chart. |
|
| Q1.6-4. |
What is the Site Report? Can I turn this service off? |
| A. Site report is the feedback sent by installed Nopam, it contains the number of processed HAM and SPAM. The feedback is the same with "lsd_statistics_html" function in WMC. |
| If you want to turn this service off, please change the "SITE_REPORT" variable in "conf/lsd.conf" to SITE_REPORT=0 |
On the contrary, if you want to turn it on, just change both following parameters to:
SITE_REPORT=1
MRTG_STATISTICS=1 |
|
| Q1.6-5. |
Can Nopam update the ClamAV virus database for me? |
| A. No. You have to do the update by yourself. |
| You can regularly invoke the ClamAV built-in program, "freshclam", to update the virus database. It will ensure you always have the latest version. For further details please refer to ClamAV user's manual (http://www.clamav.net/). |
|
| Q1.6-6. |
How much time will Nopam spend in processing each email? Will processing time be altered? |
| A. In most cases, whenever there is a incoming email arrived at Nopam, it usually takes less than one second to go through the whole process including spam-detection and LSD delivering. |
| But there are special conditions which could make the process more time-consuming: |
| 1. |
Oversized emails, it may take a lot of time in network transmission. |
| 2. |
Email has to go through ClamAV for virus checking. If the quantity, size, or compress -ratio of attachments are extremely large, it could take longer time during virus checking phase. |
| 3. |
Nopam take advantage of DCC for spam detection. DCC connection has to be established to find the remote public DCC server. |
| 4. |
Nopam may use RBLCheck in spam detection. RBLCheck has to make a blacklist comparison with other blacklists of anti-spam server located at foreign organization. |
| 5. |
Poor network connection will cause Internet access slow. |
| You could alter the maximum process time* by modifying following variables in "conf/lsd.conf": |
| Variables |
Description (Unit of time: second) |
| MAX_WAIT_SEC |
The whole processing time may not exceed MAX_WAIT_SEC seconds. The whole processing time includes core processing, virus scanning, DCC checking, and RBL comparison. But network transmission time and queuing time are excluded. |
| MAX_MILTER_EXEC_SEC |
The core processing time of Nopam will not exceed MAX_WAIT_SEC seconds. It should be a part of the whole process time length. |
| EXT_WAIT_SEC_PER_MB |
If the email is over 1MB in size, the whole process time is allowed to extend with EXT_WAIT_SEC_PER_MB seconds per Mbytes. |
| MAX_VIRUS_SCAN_SEC |
The maximum time length for ClamAV in virus checking |
|
| Note*: If there are emails not yet been processed at the maximum process time allowance, all the checking on this stage will be skipped. |
| Note**: Unless your hosts or network system are under special conditions, it is usually not necessary to modify the default maximum processing time. |
|
| Q1.6-7. |
Besides using "qsq_cleaner", If there any alternative solution to flush Nopam mail queue? |
| A. Yes. |
| You can use "bin/qsq_manager". Its usage has been described in previous section. After Nopam version 1.2, "qsq_manager" can flush or reset specific mail queue. |
| Following help message shows the general usage of "qsq_manager": |
> cd bin
bin> ./qsq_manager
QuantumSwitch Queue Manager v1.2 (C)Copyright 2005 by Monkia
./qsq_manager cmd [lsd.conf] [lsd_milter.conf]
BYPASS = deliver unchecked mails as HAM (in->ham)
RESET_HAM = delete undelivered ham (ham)
RESET_SPAM = delete undelivered spam (spam)
RESET_SUSPEND = delete suspended mails (suspend)
RESET = delete undelivered mails (ham+spam+suspend)
RESET_ALL = delete all mails (in+ham+spam+suspend)
RESET:RMTA_DN = delete undelivered mails from RMTA_DN
NUM = show queued mail number
INFO = show mail queue info
FLUSH_HAM = send ham mails immediately (ham)
FLUSH_SPAM = send spam mails immediately (spam)
FLUSH = send suspended mails immediately (suspend)
FLUSH_ALL = send undelivered mails (ham+spam+suspend)
* default lsd.conf assumed to be ../conf/lsd.conf
* default lsd_milter.conf assumed to be ../conf/lsd_milter.conf
|
|
</ |
