Spam detection delaying email over a half hour


#1

All,

I have a support ticket open on this as well, but I thought I would see if anyone else is having this issue. Here are some headers (email address munged by me) from a test mail that I sent to myself:


Received: from enforcer.dreamhost.com (enforcer.dreamhost.com [66.33.220.4])
by hannibal.dreamhost.com (Postfix) with ESMTP id A22861752C0
for xxxxx@scorpionsoftware.com; Thu, 6 Jan 2005 07:42:12 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
by enforcer.dreamhost.com (Postfix) with ESMTP id 8A38517D360
for xxxxx@scorpionsoftware.com; Thu, 6 Jan 2005 07:42:12 -0800 (PST)
Received: from enforcer.dreamhost.com ([127.0.0.1])
by localhost (enforcer [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 08144-10 for xxxxx@scorpionsoftware.com;
Thu, 6 Jan 2005 07:42:12 -0800 (PST)
Received: from mta10.srv.hcvlny.cv.net (mta10.srv.hcvlny.cv.net
[167.206.5.85])
by enforcer.dreamhost.com (Postfix) with ESMTP id E1B9717D804
for xxxxx@scorpionsoftware.com; Thu, 6 Jan 2005 07:04:27 -0800 (PST)
Received: from [192.168.0.100] (ool-44c44e9a.dyn.optonline.net
[68.196.78.154])
by mta10.srv.hcvlny.cv.net
(iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004))
with ESMTP id 0I9W00DBEHUZ6I@mta10.srv.hcvlny.cv.net for
xxxxx@scorpionsoftware.com; Thu, 06 Jan 2005 10:04:11 -0500 (EST)

If you look this over, you will see that enforcer.dreamhost.com is taking over a half an hour to process emails to my account. I really don’t want to turn off the spam system, as I really like how it works and I get alot of spam. Anyone else see this?

Ed


#2

Yes, I’m seeing SpamAssassin-related delays of anywhere from 30 minutes to 3 hours over the last 36 hours.


#3

Yep, same here.
I’ve actually turned off the junk filter for the time being, because it was actually missing almost as much spam as itg was catching.

Something is clearly amiss.

If anyone gets a response from support, please report it here.

Cheers

Neil Atwood
Sydney, Oz


#4

[quote]I’ve actually turned off the junk filter for the time being, because it was
actually missing almost as much spam as itg was catching.

[/quote]

Same here.

[quote]Something is clearly amiss.

[/quote]

I found it was an incompatibility with forwarding - the junk filter misses all spam forwarded from another DH domain. But not from a non-DH domain.


#5

Thanks for the confirmation Chris.

So, I wonder if DH are planning a fix for this? I might put a support ticket and see what they say…

Neil Atwood
Sydney, Oz


#6

All,

Thanks for chiming in. Glad I am not the only one experiencing this… I don’t think it would hurt for others to open tickets on this. Might get it fixed faster!


#7

[quote]I found it was an incompatibility with forwarding - the junk filter misses all spam forwarded from another DH domain. But not from a non-DH domain.

[/quote]

In answer to a support request during the beta period, Nathaniel acknowledged a bug in SA filtering for mail from within DreamHost accounts. His answer to my question was more detailed, but the bottom line was this:

  1. If the smtp server for the sending domain is configured to deliver mail for the receiving domain, the email is NOT filtered.

  2. Since they use several different mail clusters, this results in SOME mail between DreamHost-ed domains being filtered and some not.

  3. Because DreamHost has an aggressive spam policy, this isn’t a big concern. If you ever get spam and it’s from a DreamHost customer, let them know, and they will deal with the person immediately.


#8

[quote]1) If the smtp server for the sending domain is configured to deliver mail for
the receiving domain, the email is NOT filtered.

[/quote]

Hmm… so the filter can overlook spam from other Dreamhosters?

[quote]3) Because DreamHost has an aggressive spam policy, this isn’t a big concern.
If you ever get spam and it’s from a DreamHost customer, let them know
and they will deal with the person immediately.

[/quote]

Immediately being /after/ the attack? And after a few hours of DH’s support response time?
Hardly satisfactory. I’ve already suffered one maibox DoS attack that took advantage
of a security loophole in the DH mailsystem and denied me mailservice, and found that
(unlike the Panel filters) the Junk Filters are the only line of defence.

Plus DH are hadly going to “deal with” a persons whose mail is spam by my Junk Filter
config but not by the DH definition, are they?


#9

[quote]I wonder if DH are planning a fix for this?

[/quote]

Not imminently, it seems from Support’s

[quote]our junk filter is sort of on the outside of our network, catching/rejecting spam and
viruses before it comes in. Once it’s in, if mail is forwarded to another
domain in our network, it basically doesn’t go back through the filter at
all, even if the domain does have the filter turned on. Sorry… that’s how it’s set up![/quote]


#10

[quote]our junk filter is sort of on the outside of our network, catching/rejecting spam and
viruses before it comes in. Once it’s in, if mail is forwarded to another
domain in our network, it basically doesn’t go back through the filter at
all, even if the domain does have the filter turned on. Sorry… that’s how it’s set up!

[/quote]

Actually I don’t have a great problem with that situation… it’s the fact that very obvious junk is being missed AND the often very lengthy delay that the junk porcessing appears to add to inbound mail…

Neil Atwood
Sydney, Oz


#11

Seeing the same. Unacceptable. I like Dreamhost, but they need to do a better job informing sysadmins, so that we can at least mitigate problems sooner.

This also seems to correlate with the webmail2 interface hanging.


#12

All,

Reply from Tech Support:


Hello,

Yes, unfortunately, these delays are due to the spam software server.
We’ve added another machine, so it should be better now. If you notice
this again, please let me know asap.

Thanks!
Brian

It does seem a little better now.


#13

I’ve just posted a detailed support ticket on this.

Certainly the mail delay times seem to have improved, but I’ve mentioned the obvious spam being missed, and the inability (for me) to turn the filter off for my main domain.

Will report back in due course…

Neil Atwood
Sydney, Oz


#14

So you’ve verified that the missed junk is from without the DH network?


#15

I can tell everyone that as of today, Monday, 4:22 pm Central, the problem is not fixed. We have incoming emails that are at least 1.25 hours old (maybe much older) that have not shown up yet. I’ve put in a support ticket. I encourage the rest of you affected in this thread to do the same.


#16

If you mean that the junk is not originally addressed to another DH-hosted domain and being forwarded within DH, yep.
It’s just plain junk mail…

I have a support ticket in, but no response yet.

Neil Atwood
Sydney, Oz


#17

No, I mean that the junk mail is not from within the DH system. If, as Support says, the junk filter operates only where mail arrives at the DH system from outside, it will never catch junk originating from within the DH system e.g. from another DH user.


#18

We do whitelist our own IP ranges, so mail “from inside” shouldn’t be caught - but it’s not true that mail sent from inside always bypasses the junk filter.

We are aware of the delays, and we have a new filter machine ready to go, which should help a little. We may also need to tweak some configuration options.

That said, some occasional delays are a risk of this type of service. Doing content filtering on mail is pretty “expensive” compuationally, and adds extra complexity to the way mail is handled, adding more bottlenecks and more places things can go wrong.

We’ll be able to make some tweaks to help reduce some of the bottlenecks and improve performance as more users begin to use the junk filter.


#19

Hi Will,

Was wondering if you could update us as to when the new equipment will be installed?

I would love to re-enable our spam filtering (I love its ability to catch a lot of viruses), but I will not again risk my boss yelling at me, saying things like “you turned the spam filter back on, NOT knowing if it was fixed yet?”

As you say, occasional delays may be expected with this type of thing. But what we were experiencing was daily, up-to-4-hour delays from about noon thru closing. Repetitive, up-to-4-hour email delays for our small business are bad.

Please let us know when you get the new equipment on line, so we can try the spam filter again. If I should contact someone else about this matter through a different channel, please let me know that as well.

Thank you